Tech News

Earlier this year, Cloudflare launched its 1.1.1.1 DNS service as a resolver to make DNS queries faster and more secure that anyone could use free of charge. The day before yesterday, they announced the launch of 1.1.1.1 mobile app for iOS and Android. DNS services are used by internet service providers to interpret a domain name like “Google.com” into an IP address that routers and switches can understand. However, DNS servers provided by ISPs are often slow and unreliable. Cloudflare claims to combat this issue with its 1.1.1.1 service. On a public internet connection, people can see what sites a user visits. This data can also be misused by an internet service provider. The 1.1.1.1 tool makes it easy to get a faster, more private, internet experience. Cloudflare’s 1.1.1.1 app will redirect all user apps to send DNS requests through a local resolver on their phone to its faster 1.1.1.1 server. The server will then encrypt the data to avoid any third person from spying on user data. Features of Cloudfare 1.1.1.1 mobile app The app is open source. The app uses VPN support to push mobile traffic towards the 1.1.1.1 DNS servers and improve speed. It prevents a user’s carrier from tracking their browsing history and misusing the same. Cloudflare has promised not to track 1.1.1.1 mobile app users or sell ads. The company has retained KPMG to perform an annual audit and publish a public report.  It also says most of the limited data collected is only stored for 24 hours. Cloudflare claims that 1.1.1.1 is the fastest public server, about “28 percent faster” than other public DNS resolvers. As compared to the desktop version, the mobile app is really easy to use and navigate. Head over to the Cloudflare Blog to know more about this announcement. You can download the app on iOS or Android to test the app for yourself. Cloudflare’s Workers enable containerless cloud computing powered by V8 Isolates and WebAssembly Cloudflare Workers KV, a distributed native key-value store for Cloudflare Workers Cloudflare’s decentralized vision of the web: InterPlanetary File System (IPFS) Gateway to create distributed websites

Last month, Nathan Egge, a Senior Research Engineer at Mozilla explained technical details behind AV1 in depth at the Mile High Video Workshop in Denver. AV1 is a new open source royalty-free video codec that promises to help companies and individuals transmit high-quality video over the internet efficiently. AV1 is developed by the Alliance for Open Media (AOMedia), an association of firms from the semiconductor industry, video on demand providers, and web browser developers, founded in 2015. Mozilla joined AOMedia as a founding member. AV1 was created for a broad set of industry use cases such as video on demand/streaming, video conferencing, screen sharing, video game streaming, and broadcast. It is widely supported and adopted and gives at least 30% better than current generation video codecs. The alliance was able to hit a key milestone with the release of AV1 1.0.0 specification earlier this year in June. The codec has seen increasing interest from various companies, for instance, YouTube launched AV1 Beta Playlist in September. The following diagram shows the various stages in the working of a video codec: Source: YouTube We will cover the tools and algorithm used in some of these stages. Let’s see some of its technical details from Egge’s talk: AV1 Profiles Profiles specify the bit depth and subsampling formats supported. In AV1 there are three profiles: Main, High, and Professional which differ in terms of their bit-depth and chroma subsampling. The following table shows their bit-depth and chroma subsampling: Main High Professional Bit depth 8-bit and 10-bit 8-bit and 10-bit 8-bit, 10-bit, and 12-bit Chroma subsampling 4:0:0, 4:2:0 4:0:0, 4:2:0, and 4:4:4 4:0:0, 4:2:0, 4:2:2, and 4:4:4 High-level syntax In VP9 there is a concept of superframes that at some point becomes complicated. Superframes allows you to consolidate multiple coded frames into one single chunk. AV1 comes with high-level syntax that includes: sequence header, frame header, tile group, and tiles. Sequence header starts a video stream, frame headers are at the beginning of a frame, a tile group is an independent group of tiles, and finally, we have tiles which can be independently decoded. Source: YouTube Multi-symbol entropy coder Unlike VP9, which uses a tree-based boolean non-adaptive binary arithmetic encoder to encode all syntax elements, AV1 uses a symbol-to-symbol adaptive multi-symbol arithmetic coder. Each of its syntax element is a member of a specific alphabet of N elements, and a context is a set of N probabilities together with a count to facilitate fast early adaptation. Transform types In addition to DCT and ADST transform types, AV1 introduces two other transforms called flipped ADST and identity transform as extended transform types. Identity transform enables you to effectively code residual blocks with edges and lines. AV1 thus comes with the advantage of a total of sixteen horizontal and vertical transform type combinations. Intra prediction modes Along with the 8 main directional modes from VP9, up to 56 more directions are added but not all of them are available at smaller sizes. The following are some of the prediction modes introduced in AV1: Smooth H + V modes allow you to smoothly interpolate between values in the left column and last value in the above row. Palette mode is introduced to the intra coder as a general extra coding tool. It will be especially useful for artificial videos like screen capture and games, where blocks can be approximated by a small number of unique colors. The palette predictor for each plane of a block is depicted by: A color palette, with 2 to 8 colors Color indices for all pixels in the block Chroma from Luma (CfL) is a chroma-only intra predictor that models chroma pixels as a linear function of coincident reconstructed luma pixels. Source: YouTube First, the reconstructed luma pixels are subsampled into the chroma resolution, and then the DC component is removed to form the AC contribution. In order to approximate chroma AC component from the AC contribution, instead of requiring the decoder to imply scaling parameters, CfL determines the parameters based on the original chroma pixels and signals them in the bitstream. As a result, this reduces decoder complexity and yields more precise predictions. As for the DC prediction, it is computed using intra DC mode, which is sufficient for most chroma content and has mature fast implementations. Constrained Directional Enhancement Filter (CDEF) CDEF is a detail-preserving deringing filter, which is designed to be applied after deblocking. It works by estimating edge directions followed by applying a non-separable non-linear low-pass directional filter of size 5×5 with 12 non-zero weights. In order to avoid extra signaling, the decoder uses a normative fast search algorithm to compute the direction per 8×8 block that minimizes the quadratic error from a perfect directional pattern. Film Grain Synthesis In AV1, film grain synthesis is a normative post-processing applied outside of the encoding/decoding loop. Film grain is abundant in TV and movie content, which needs to be preserved while encoding. But, its random nature makes it difficult to compress with traditional coding tools. In film grain synthesis, the grain is removed from the content before compression, its parameters are estimated and then sent in the AV1 bitstream. The grain is then synthesized based on the received parameters and added to the reconstructed video. For grainy content, film grain synthesis significantly reduces the bitrate necessary to reconstruct the grain with sufficient quality. You can watch Into the Depths The Technical Details behind AV1 by Nathan Egge on YouTube: https://www.youtube.com/watch?v=On9VOnIBSEs&t=463s Presenting dav1d, a new lightweight AV1 decoder, by VideoLAN and FFmpeg YouTube starts testing AV1 video codec format, launches AV1 Beta Playlist Opus 1.3, a popular FOSS audio codec with machine learning and VR support, is now generally available

According to some federal contracting documents, the US Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE) are placing an undisclosed number of covert surveillance cameras, reported Quartz on Saturday. The Federal Procurement Data System shows that DEA has paid roughly $22,000 to a company named Cowboy Streetlight Concealments LLC for “video recording and reproducing equipment” since June this year. The recent acquisitions from Cowboy Streetlight Cocealmets have been funded by ICE offices in Dallas, Houston, and San Antonio. In addition to streetlights, these surveillance cameras are also placed inside traffic barrels. Christie Crawford, who owns Cowboy Streetlight Concealments with her husband told Quartz that she can’t reveal the details about the company’s federal contracts: “We do streetlight concealments and camera enclosures. Basically, there are businesses out there that will build concealments for the government and that’s what we do. They specify what’s best for them, and we make it. And that’s about all I can probably say.” But she did add that: “I can tell you this—things are always being watched. It doesn’t matter if you’re driving down the street or visiting a friend, if government or law enforcement has a reason to set up surveillance, there’s great technology out there to do it.” Last week, a solicitation was issued by DEA for “concealments made to house network PTZ camera, cellular modem, cellular compression device”. The solicitation shows that they intended to give the contract to Obsidian Integration LLC  an Oregon company with a sizable number of federal law enforcement customers. Chad Marlow, a senior advocacy and policy counsel for the American Civil Liberties Union, told Quartz that efforts to put cameras in street lights have been proposed before by local law enforcement as part of a “smart” LED streetlight system: “It basically has the ability to turn every streetlight into a surveillance device, which is very Orwellian to say the least. In most jurisdictions, the local police or department of public works are authorized to make these decisions unilaterally and in secret. There’s no public debate or oversight.” To read the full report, head over to the Quartz website. Australia’s Facial recognition and identity system can have “chilling effect on freedoms of political discussion, the right to protest and the right to dissent”: The Guardian report Amazon tried to sell its facial recognition technology to ICE in June, emails reveal Four IBM facial recognition patents in 2018, we found intriguing

It has been a big year for GitHub. The code sharing platform has this year celebrated its 10th birthday, been bought by Microsoft for an impressive $7.5 billion, and has now reached an astonishing 100 million repositories. While there will be rumblings of discontent following the huge Microsoft acquisition, it doesn't look like threats to leave GitHub have come to fruition. True, it has only been a matter of weeks since Microsoft finally took over, but there are no signs that GitHub is losing favor with developers. 1 in 3 of all GitHub repositories were created in 2018 According to GitHub, 1 in 3 of the 100 million repositories were created in 2018. That demonstrates the astonishing growth of the platform, and just how embedded it is within the day to day life of software engineers. This is further underlined by more data in GitHub's Octoverse report, published in October. "We've seen more new accounts in 2018 so far than in the first six years of GitHub combined," the report states. Perhaps the new relationship with Microsoft has actually helped push GitHub from strength to strength - MicrosoftDocs/azure-docs is the fastest growing repository in 2018. Of course, some credit should probably go to Microsoft as well - the organization has done a lot to change its image and ethos, becoming much more friendly towards open source software. Meanwhile, at Packt, we've been delighted to play a small part in helping GitHub get to its 100 million milestone. Earlier this year we hit 2,000 project repos.

In a paper, published last week, a member from the US Air Force talks about a model for artificial general intelligence (AGI). The author of the paper, A Model for General Intelligence, is Paul Yaworsky, Information Directorate of the US Air Force Research Laboratory. There have been many efforts in the past to model intelligence in machines, but with little progress in terms of real cognitive intelligence like those of humans. What is artificial general intelligence? Currently, the way AI systems work is not understood completely. Also, AI systems are good at performing narrow tasks but not complex cognitive problems. Artificial general intelligence aims to covers the gap between lower level and higher level work in AI—to try and make sense of the abstract general nature of intelligence. Three basic aspects of artificial intelligence need to be understood to bridge this gap. To realize the general order and the nature of intelligence at a high level. Understand what these realizations mean with respect to the overall intelligence process. Describe these realizations as clearly as possible. The paper proposes a hierarchical model to help capture and exploit the order within intelligence. The underlying order contains patterns of signals that become organized, stored and then activated in space and time. The hierarchical model The paper portrays intelligence as an orderly, organized process using a simple hierarchy as shown: Source: A Model for General Intelligence The real world has order and organization. The human brain understands this and forms an internal model based on that understanding. This model enables learning, which further gives way to decision making, movement, and communication. The flow of input signals and learning within the shown model is bottom-up which is in contrast to the top-down of learned signal representations. The paper says that external order and organization can be modeled internally in the brain in the form of various hierarchies. The hierarchies discussed are temporal, spatial, and general. Impact and concerns When computers continue to improve and cooperation increases between humans and computers, people themselves will become more productive in information processing. A point to remember as the paper states is that computers work for humans. Yaworsky also talks about concerns with AI and it taking over the world. Problems like those are heard today due to sketchy predictions involving intelligence he says. It is difficult to make good scientific predictions in itself but when the predictions have to be done in intelligence it is almost impossible to get them right. This is because a proper understanding of intelligence itself is not good enough to be able to make accurate predictions. Do you buy this explanation or fear the US Air Force working on killer drones that may one day go rampant like in Terminator 2?! Either way, the conclusion is that intelligence involves multiple levels of abstraction. Human intelligence has high processing levels—abstract, general, etc. Majority of the work done in AI currently is at lower levels of abstraction. There is a lot needed for the current AI to become real AI. A high-level hierarchical model for artificial intelligence as explored in the paper addresses this. For more details, you can read the research paper. The ethical dilemmas developers working on Artificial Intelligence products must consider Technical and hidden debts in machine learning – Google engineers’ give their perspective Sex robots, artificial intelligence, and ethics: How desire shapes and is shaped by algorithms

Sweden is almost winning the race towards becoming the world's first completely cashless society. The Swedish retail payment market is also moving away from using cash. Last year in September BBC news reported that barely 1% of the value of all payments were made using coins or notes last year. On Saturday, Cecilia Skingsley, Deputy Governor, Central Bank of Sweden shared on the World Economic Forum blog ‘Why Sweden's cashless society is no longer a utopia’. Following are the highlights from the post. The potential consequences of going cashless Going cashless was a move against robberies and corruption. Also, it gives ease and convenience to people. The retailers, restaurants and other companies in Sweden refuse to accept cash, for instance by putting up a sign at the entrance. But all this has led to some concerns regarding the state’s role in the payment market as the private sector is getting more power. The Swedes might have to rely on the private sector for access to money and payment methods. There might be a situation where the general public no longer will have access to central bank money. Riksbank, the central bank of Sweden is investigating the potential consequences of this change. For Sweden, going cashless would mean choosing one of the following options: The general public no longer has access to central bank money E-krona - central bank issued money in a digital form, as a complement to cash and the money held in bank accounts What if the Swedes get a central bank digital currency? One solution to the problem is to issue central bank money in a digital form, as a complement to cash and the money held in bank accounts. This concept, known as E-krona, was named after the Swedish currency, krona. Though bank-issued digital currency is a new concept and a relatively unexplored possibility, it is still attracting a number of central banks. E-krona is not to be confused with cryptocurrencies as is not dependent on using blockchain technology. The basic concept behind e-krona is to have a 1-to-1 conversion with an ordinary krona held in an account at the Riksbank or stored locally, for example on a card or in a mobile phone app. The Riksbank will provide an infrastructure for E-krona transactions. The payment service providers can connect to it and can build payment services for end users. It would be interesting to see the impact on the financial system which would depend on the demand for the e-krona in different circumstances. Whether it will earn interest or not is another important question. If it offers zero interest, then it will be equivalent to cash. In contrast, an e-krona with interest could possibly become a new policy tool for the central bank. Swish- an easy payment system! Swedes were already happy to adapt to new technologies. In 2012, Swish, a mobile payment system in Sweden was launched by six large Swedish banks, in cooperation with the Central Bank of Sweden. It had 6.5 million users as of September 2018. Swish has been downloaded by more than half of the Swedish population. One just needs to connect a bank account (in any bank) with a mobile phone number. Swish has become a popular way to share a restaurant bill, collect money for a birthday gift at the office and to pay for goods at street markets and even to distribute pocket money to children. Though Swish has been the choice for many, still there’s a high possibility of E-krona being a powerful tool. Considering the fact that Central bank will have the control in its hand, the chances of safety might increase. But how open would people be to shift to E-krona would be an interesting take. Also, worth watching is how Sweden enables a safe, efficient and inclusive payment market irrespective of whichever route (payment regulation vs digital currency) it choose to take to usher its cashless society. To read more on this, check out the official blog of the World Economic Forum. UN on Web Summit 2018: How we can create a safe and beneficial digital future for all These 2 software skills subscription services will save you time – and cash Cash Flow Management

Yesterday, Alibaba’s Singles Day sale racked up $30 billion just in a span of 24 hours. Alibaba recorded about $1billion in 85 seconds and then $10 billion sales in the first hour past midnight. Singles' Day, also known as Double 11, is the world's biggest online sales event which managed to outpace the sales of U.S. shopping holidays Black Friday and Cyber Monday. The idea behind this event comes from the Singles Day, which is an informal holiday celebrated in China by the people who are not in relationships. The date November 11 is observed as Singles Day in China. In 2009, Alibaba started offering Singles Day discounts and since then has turned the day into a 24-hour bonanza of online shopping in China. Alibaba’s Southeast Asia subsidiary Lazada also offers Singles Day discounts in Singapore, Malaysia, Indonesia, Thailand, and Vietnam. This year the top three products in the early sale were Apple, Dyson and Xiaomi. In the first hour, the countries selling to China were Japan, US and South Korea. A glimpse of consumer sentiment was seen because of the tensions between US and China. Daniel Zhang, Alibaba CEO told reporters in Shanghai, “We can feel that merchants are fully embracing the internet and helping with consumption upgrade.” The China-US trade war likely to hamper Alibaba growth story China's economy is getting affected because of its trade war with the United States getting worse. According to BBC news, the US has imposed three rounds of tariffs on Chinese products this year, totaling $250 billion worth of goods. This war is going beyond and in future, if the US decides to work on the idea of import taxes, then all the China's exports to the US would be subject to duties. This year, China’s quarterly growth was the weakest marking just 6.5%. It’s already indicating a downfall. CNN reported in September 2018 that Jack Ma, the founder and executive chairman of Alibaba, said "It's going to last long, it's going to be a mess. The US-China trade war will last not for 20 months or 20 days, but "maybe 20 years." Despite the booming record, the annual sales growth rate fell from 39 percent to 27 percent in a year . It was the smallest in the event's 10-year history. It would be interesting to see Alibaba’s next move. To have a look at the highlights from the Singles Day, check out the official video. And to know more about this news, check CNN’s official website. Alibaba launches an AI chip company named ‘Ping-Tou-Ge’ to boost China’s semiconductor industry OpenSky is now a part of the Alibaba family Alibaba introduces AI copywriter

It was last Thursday when Google changed its policy of forced arbitration in case of sexual harassment. A day after that, Facebook announced that it is also changing its policy of forced arbitration that requires employees to settle sexual harassment claims in private, as per the Wall Street Journal. This means that employees can now take any of their sexual harassment complaints to a court of law. Following Google’s footsteps, Facebook has also made its arbitration policy optional. Anthony Harrison, corporate media relations director, Facebook, confirmed that Facebook has made arbitration optional. “Today, we are publishing our updated Workplace Relationships policy and amending our arbitration agreements to make arbitration a choice rather than a requirement in sexual harassment claims. Sexual harassment is something that we take very seriously, and there is no place for it at Facebook”, said Harrison. Moreover, Facebook also announced an updated “Relationships at work policy”. As per the updated policy, anyone who starts a relationship with anyone in the management chain must disclose it to the HR. Additionally, if you are a Director or above and you get into a relationship with someone at the company, it must be reported to the HR. Google decided to modify its policy after 20,000 Google employees along with Temps, Vendors, and Contractors walked out earlier this month to protest against the discrimination, racism, and sexual harassment present at Google’s workplace. Google made the arbitration process optional for individual sexual harassment and sexual assault claims. “Google has never required confidentiality in the arbitration process and it still may be the best path for a number of reasons (e.g. personal privacy), but, we recognize that the choice should be up to you”, mentioned Sundar Pichai, Google CEO, on the announcement page. Facebook is the latest tech company who has decided to change the forced arbitration policy. Other companies such as Uber and Microsoft have changed their arbitration policy in the recent past. Uber made arbitration optional, back in May, to bring “transparency, integrity, and accountability” to its handling of sexual harassment. Microsoft was one of the first major organizations who decided to completely eliminate forced arbitration clauses for sexual harassment, last December. It seems like Google Walkout managed to not only push Google to take a stand against sexual assault but also inspired other companies to take the right steps in case of sensitive issues. Facebook’s big music foray: New soundtracking feature for stories and its experiments with video music and live streaming karaoke Facebook is at it again. This time with Candidate Info where politicians can pitch on camera

The protocol called HTTP-over-QUIC will be officially renamed to  HTTP/3. In a discussion on IETF mail archive thread, Mark Nottingham, Chairman of the IETF HTTPBIS Working Group and W3C Web Services Addressing Working Group, triggered the confusion between QUIC-the-transport-protocol, and QUIC-the-HTTP-binding. QUIC, a TCP replacement done over UDP, was started as an effort by Google and then more of a "HTTP/2-encrypted-over-UDP" protocol. The QUIC Working Group in the IETF works on creating the QUIC transport protocol. According to Daniel Stenberg, lead developer of curl at Mozilla, “When the work took off in the IETF to standardize the protocol, it was split up in two layers: the transport and the HTTP parts. The idea being that this transport protocol can be used to transfer other data too and it’s not just done explicitly for HTTP or HTTP-like protocols. But the name was still QUIC.” People in the community have referred different versions of the protocol using informal names such as iQUIC and gQUIC to separate the QUIC protocols from IETF and Google. The protocol that sends HTTP over "iQUIC" was called "hq" (HTTP-over-QUIC) for a long time. Last week, on November 7, 2018, Dmitri Tikhonov, a programmer at Litespeed announced that his company and Facebook had successfully done the first interop ever between two HTTP/3 implementations. Here’s Mike Bihop's follow-up presentation at the HTTPbis session on the topic. https://www.youtube.com/watch?v=uVf_yyMfIPQ&feature=youtu.be&t=4956 Brute forcing HTTP applications and web applications using Nmap [Tutorial] Phoenix 1.4.0 is out with ‘Presence javascript API’, HTTP2 support, and more! Use App Metrics to analyze HTTP traffic, errors & network performance of a .NET Core app [Tutorial]

Saturday was the ninth anniversary of the day when the Go team open-sourced the initial sketch of Golang. On each anniversary they list what has happened over the past year for Go. Golang adoption indicated in surveys In 2018 Go users expressed in multiple surveys about their happiness with using Go. Many developers who do not use Golang currently also indicated their intent to learn Go before any other language. In the Stack Overflow 2018 Developer Survey, Golang was in the top 5 most loved and top 3 most wanted languages. This indicated that developers using Go like it, and developers not using Go want to. ActiveState’s 2018 Developer Survey had Go topping the charts with 36% of users responding with “Extremely Satisfied” using Go and 61% of the users responded with “Very Satisfied” or better. While the JetBrains’s 2018 Developer Survey awarded Go the “Most promising language” with 12% of respondents using Go today and 16% with the intention to use Go in the future. Also in the HackerRank 2018 Developer Survey, 38% developer responses indicated that were intending to learn Go next. The evolution of the Golang community The first Go conferences and Go meetups were held five years ago. Since then, there has been major growth in community leadership. Now there are more than 20 Go conferences and over 300 Go-related meetups across the world. There have also been hundreds of great talks in 2018. The Go code of conduct has been revised to better support inclusivity in the Go community. Go 2 After five years since Go 1, the Go core team is looking into changes to support the language at scale. A draft design for Go modules was published in August, which included ideas to better support error values, error handling, and generic programming. And the most recent release, Golang 1.11, included preliminary support for modules. Golang contributors There has been an increasing number of contributors for Go through the years. In Q2 2018, a milestone was hit when for the first time, the contributions from the community were more than that of the Go team. For more details, visit the Go Blog. Go 2 design drafts include plans for better error handling and generics Why Golang is the fastest growing language on GitHub Golang 1.11 is here with modules and experimental WebAssembly port among other updates

Cloudflare’s cloud computing platform Workers doesn’t use containers or virtual machines to deploy computing. Workers allows users to build serverless applications on Cloudflare's data centers. It provides a lightweight JavaScript execution environment to augment existing applications or create entirely new ones without having to configure or maintain infrastructure. Why did Cloudflare create workers? Cloudflare provided limited features and options that developers could build in-house. There was not much flexibility for customers to build features themselves. To enable users to write code on their servers deployed around the world, they had to allow untrusted code to run, with low overhead. This needed to process millions of requests per second and that too at a very fast speed. Customers couldn’t write their own code without the team’s supervision. It would be expensive to use traditional virtualization and container technologies like Kubernetes let alone run thousands of Kubernetes pod at 155 data centers of Cloudflare would be resource intensive. Enter Cloudflare’s ‘Workers’ to solve these issues. Features of Workers #1 ‘Isolates’- Run code from multiple customers ‘Isolates’ is a technology built by Google Chrome team to power the Javascript engine in that browser, V8: Isolates.  These are lightweight contexts that group variables, with the code allowed to mutate them. A single process can run hundreds or thousands of Isolates, while easily  switching between them. Thus, Isolates make it possible to run untrusted code from different customers within a single operating system process. They start real quick (Any given Isolate can start around a hundred times faster than a Node process on a machine) and do not allow one Isolate to access the memory of another. #2 Cold Starts Workers facilitate the concept of ‘cold start’ when a new copy of code has to be started on a machine. In the Lambda world, this means spinning up a new containerized process which can delay requests  for as much as ten seconds ending up in a terrible user experience. A Lambda can only process one single request at a time. A new Lambda has to be cold-started every time an additional concurrent request is recieved. If a Lambda doesn’t get a request soon enough, it will be shut down and it all starts again.  Since Workers don’t have to start a process, Isolates start in 5 milliseconds. It scales and deploys quickly, entirely upgrading existing Serverless technologies. #3 Context Switching A normal context switch performed by an OS can take as much as 100 microseconds. When multiplied by all the Node, Python or Go processes running on average Lambda servers, this leads to a heavy overhead. This splits the CPUs power between running the customer’s code and switching between processes. An Isolate-based system runs all of the code in a single process which means there are no expensive context switches. The machine can invest virtually all of its time running your code. #4 Memory The V8 was designed to be multi-tenant. It runs the code from the many tabs in a user’s browser in isolated environments within a single process. Since memory is often the highest cost of running a customer’s code, V8 lowers it and dramatically changes the cost economics. #5 Security It is not safe to run code from multiple customers within the same process. Testing, fuzzing, penetration testing, and bounties are required to build a truly secure system of that complexity. The open-source nature of V8 helps in creating aanisolation layer that helps Cloudflare take care of the security aspect. Cloudlfare’s Workers also allows users to build responses from multiple background service requests either to the Cloudflare cache, application origin, or third party APIs. They can build conditional responses for inbound requests to assess and subsequently block or reroute malicious or unauthorized requests. All of this at just a third of what AWS costs, remarked an astute Twitter observer. https://twitter.com/seldo/status/1061461318765555713 Running code through WebAssembly One of the disadvantages of using Workers is that, since it is an Isolate-based system, it cannot run arbitrary compiled code. Users have to either write their code in Javascript, or a language which targets WebAssembly (eg. Go or Rust). Also, if a user cannot recompile their processes, they won’t be able to run them in an Isolate. This has been nicely summarised in the above mentioned tweet. He notes that WebAssembly modules are already in the npm registry and it creates the potential for npm to become the dependency management solution for every programming language. He mentions that the “availability of open source libraries to achieve the task at hand is the primary reason people pick a programming language”. This leads us to the question of “How does software development change when you can use any library anytime?” You can head over to the Cloudflare blog to understand more about containerless cloud computing. Cloudflare Workers KV, a distributed native key-value store for Cloudflare Workers Cloudflare’s decentralized vision of the web: InterPlanetary File System (IPFS) Gateway to create distributed websites  

Last week, two security issues were reported in nginx HTTP/2 implementation, which can result in excessive memory consumption and CPU usage. Along with these, an issue was found in ngx_http_mp4_module, which can be exploited by an attacker to cause a DoS attack. The issues in the HTTP/2 implementation happen if ngnix is compiled with the ngx_http_v2_module and the http2 option of the listen directive is used in a configuration file. To exploit these two issues, attackers can send specially crafted HTTP/2 requests that can lead to excessive CPU usage and memory usage, eventually triggering a DoS state. These issues affected nginx 1.9.5 - 1.15.5 and are now fixed in nginx 1.15.6, 1.14.1. In addition to these, a security issue was also identified in the ngx_http_mp4_module, which might allow an attacker to cause an infinite loop in a worker process. This can result in crashing the worker process or disclose its memory by using a specially crafted mp4 file. This issue only affects nginx if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. The attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. This issue affects nginx 1.1.3+, 1.0.7+ and is now fixed in 1.15.6, 1.14.1. You can read more about these security issues in nginx at its official website. Meet Carlo, a web rendering surface for Node applications by the Google Chrome team Introducing Howler.js, a Javascript audio library with full cross-browser support

Yesterday, SAP announced that it is planning to acquire Qualtrics, that had been expected to go public this week, for a sum of $8 billion, in cash. Qualtrics is the global pioneer of the experience management (XM) software category that enables organizations to build a phenomenal employee culture and also to build iconic brands. SAP has secured financing in the amount of €7 billion to cover purchase price and acquisition-related costs, which the company said in a statement that is expected to close in the first half of 2019. Qualtrics would be SAP’s largest-ever purchase of a VC-backed enterprise software company, and the third-largest sale of any SaaS company. Post this acquisition the company will continue to be led by co-founder and CEO Ryan Smith and will retain its dual headquarters in Provo, Utah, and Seattle. SAP + Qualtrics: The benefits ahead SAP CEO, Bill McDermott said he was attracted to Qualtrics' culture and its software's ability to add customer sentiment and voice to the different applications SAP offers across its suite. Bringing together SAP’s experience data (X-Data) and Qualtrics’ Operational Data (O-Data) will help customers to better manage supply chains, networks, employees and core processes. McDermott, said “Together, SAP and Qualtrics represent a new paradigm, similar to market-making shifts in personal operating systems, smart devices and social networks. SAP already touches 77 percent of the world’s transactions. For Qualtrics, this introduces a dynamic new partner with the belief, passion and scale to bring experience management to millions of customers around the world.” SAP will enable Qualtrics to scale rapidly around the world with the help of SAP’s more than 413,000 customers and global sales force of around 15,000. “With this acquisition, Qualtrics expects full-year 2018 revenue to exceed US$400 million and projects a forward growth rate of greater than 40 percent, not including potential synergies of being part of SAP”, said SAP in their press release. Ryan Smith, CEO of Qualtrics, said “Our mission is to help organizations deliver the experiences that turn their customers into fanatics, employees into ambassadors, products into obsessions and brands into religions. Supported by a global team of over 95,000, SAP will help us scale faster and achieve our mission on a broader stage. This will put the XM Platform everywhere overnight. We could not be more excited to join forces with Bill and the SAP team in this once-in-a-generation opportunity to power the experience economy.” To know more about this news in detail, head over to SAP official website. Discussing SAP: Past, present and future with Rehan Zaidi, senior SAP ABAP consultant [Interview] Microsoft, Adobe and SAP announce Open Data Initiative, a joint vision to reimagine customer experience, at Ignite 2018 SAP creates AI ethics guidelines and forms an advisory panel

British researchers have successfully built the world’s first standalone quantum compass, which will act as a replacement for GPS as it allows highly accurate navigation without the need for satellites. This quantum compass was built by researchers from Imperial College London and Glasgow-based laser firm M Squared. The project received funding from the UK Ministry of Defence (MoD) under the UK National Quantum Technologies Programme. The device is completely self-contained and transportable and measures how an object's velocity changes over time, by using the starting point of an object and measuring how an object's velocity changes. Thereby, it overcomes issues of traditional GPS systems, such as blockages from tall buildings or signal jamming. High precision and accuracy are achieved by measuring properties of super-cool atoms, which means any loss in accuracy is "immeasurably small". Dr. Joseph Cotter, from the Centre for Cold Matter at Imperial, said: “When the atoms are ultra-cold we have to use quantum mechanics to describe how they move, and this allows us to make what we call an atom interferometer. As the atoms fall, their wave properties are affected by the acceleration of the vehicle. Using an ‘optical ruler’, the accelerometer is able to measure these minute changes very accurately.” The first real-world application for the device could be seen in the shipping industry, The size currently is suitable for large ships or aircraft. However, researchers are already working on a miniature version that could eventually fit in a smartphone. The team is also working on using the principle behind the quantum compass for research in dark energy and gravitational waves. Dr. Graeme Malcolm, founder, and CEO of M Squared said: “This commercially viable quantum device, the accelerometer, will put the UK at the heart of the coming quantum age. The collaborative efforts to realize the potential of quantum navigation illustrate Britain’s unique strength in bringing together industry and academia – building on advancements at the frontier of science, out of the laboratory to create real-world applications for the betterment of society.” Read the press release on the Imperial College blog. Quantum computing – Trick or treat? D-Wave launches Leap, a free and real-time Quantum Cloud Service Did quantum computing just take a quantum leap? A two-qubit chip by UK researchers makes controlled quantum entanglements possible

On the 9th of November, at 4.30 am US/Pacific time,  the Google Kubernetes Engine faced a service disruption. It was questionable whether or not a user would be able to launch a node pool through Cloud Console UI. The team responded to the issue saying that they would get back to users with more information by Friday, 9th November 04:45 am US/Pacific time. However, this was not solved by the given time. Another status update was posted by the team assuring users that mitigation work was underway by the Engineering Team. Users were to be posted with another update by 06:00 pm US/Pacific with current details. In the meantime, affected customers were advised to use gcloud command to create new Node Pools. An update for the issue being finally resolved was posted on Sunday, the 11th of November, stating that services were restored on Friday at 14:30 US/Pacific time.  . However, no proper explanation has been provided regarding what led to the service disruption. They did mention that an internal investigation of the issue will be done and appropriate improvements to the systems will be implemented to help prevent or minimize future recurrence of the issue. According to a user’s summary on Hacker News, “Some users here are reporting that other GCP services not mentioned by Google's blog are experiencing problems. Some users here are reporting that they have received no response from GCP support, even over a time span of 40+ hours since the support request was submitted.” According to another user, “When everything works, GCP is the best. Stable, fast, simple, reliable. When things stop working, GCP is the worst. They require way too much work before escalating issues or attempting to find a solution”. We can’t help but agree looking at the timeline of the service downtime. Users have also expressed disappointment over how the outage was managed. Source:Hacker News With users demanding a root cause analysis of the situation, it is only fitting that Google provides one so users can trust the company better. You can check out Google Cloud’s blog post detailing the timeline of the downtime. Machine Learning as a Service (MLaaS): How Google Cloud Platform, Microsoft Azure, and AWS are democratizing Artificial Intelligence Google’s Cloud Robotics platform, to be launched in 2019, will combine the power of AI, robotics and the cloud Build Hadoop clusters using Google Cloud Platform [Tutorial]