Tech News

The D Language front-end got finally merged into GNU Compiler Collection (GCC) 9, yesterday, as reported by Phoronix. The D language front-end is written in C++ and it supports the D 2.0 run-time and shared libraries. Iain Buclaw in his e-mail thread titled ‘Submission of D Front End’ says,  "The front-end is split into two parts. First being a standalone D language implementation that does the source file lexing, parsing and semantic analysis. Second being the binding layer that sits between GCC and the DMD front-end, doing the actual code generation.” Approval on the plan for merging D language front-end into GCC 9 According to a report by Phoronix, last year in June, the GCC Steering Committee had approved the plan of adding the D front-end. However, it took the project more than a year as a set of 13 patches of code, which is nearly 800k lines of code was worked upon and which had undergone revisions for getting the code in adequate shape for merging. Iain Buclaw from the GDC project took the initiative of posting these patches after carefully cleaning them up and also addressing the feedback he had received before. The patch series is available on GCC-patches. Updates on the future plan As per a report by Phoronix, Richard Biener of SUSE announced on 17th October that GCC's "stage 1" development will shift to "stage 3" on 11 November. It’s clear that the open feature development is over and the focus is now on bug-fixing. 6 January 2019 is the tentative date, to begin with the fixes. GCC 9.1, the initial GCC9 stable compiler release with GDC support is expected to be out around the end of the first quarter of 2019. Read more about this news on the official site of Phoronix. GCC 8.1 Standards released! What is a micro frontend? Frontend development with Bootstrap 4

Yesterday, Google announced that Chrome 70 now supports WebAssembly threads. The WebAssembly Community Group has been working to bring the support for threads to the web and this is a step towards that effort. Google’s open source JavaScript and WebAssembly engine, V8 has implemented all the necessary support for WebAssembly threads. Why the support for WebAssembly threads is needed? Earlier, parallelism in browsers was supported with the help of web workers. The downside of web workers is that they do not share mutable data between them. Instead, they rely on message-passing for communication. On the other hand, WebAssembly threads can share the same Wasm memory. The underlying storage of shared memory is enabled by SharedArrayBuffer, a JavaScript primitive that allows sharing the contents of a single ArrayBuffer concurrently between workers. Each WebAssembly thread runs in a web worker, but their shared Wasm memory allows them to work as fast as they do on native platforms. This means that those applications which use Wasm threads are responsible for managing access to the shared memory as in any traditional threaded application. How you can try this support To test the WebAssembly module you need to turn on the experimental WebAssembly threads support in Chrome 70 onwards: First, navigate to the chrome://flags URL in your browser: Source: Google Developers Next, go to the experimental WebAssembly threads setting: Source: Google Developers Now change the setting from Default to Enabled and then restart your browser: Source: Google Developers The aforementioned steps are for development purposes. In case you are interested in testing your application out in the field, you can do that with origin trial. Original trials allow you to try experimental features with your users by obtaining a testing token that’s tied to your domain. You can read more in detail about the WebAssembly thread support in Chrome 70 on the Google Developers blog. Chrome 70 releases with support for Desktop Progressive Web Apps on Windows and Linux Testing WebAssembly modules with Jest [Tutorial] Introducing Walt: A syntax for WebAssembly text format written 100% in JavaScript and needs no LLVM/binary toolkits

Tableau 2019.1 beta was announced at the Tableau Conference 2018 held in New Orleans last week. This release brings features like the ability to ask more sophisticated data questions, a better mobile app, export to PowerPoint and more. Ask questions in plain language with Ask Data A new feature called Ask Data allows you to use plain natural language and ask data questions in Tableau 2019.1 beta. The answers are returned in the form of a viz on typing a question. Ask Data makes it easy to refine a question as your explore your data more. The query can be simple as “monthly TV sales” and aggregation is done behind the scenes based on the current month filtering for the product type. Ask Data also understands vague terms like “latest” or “most popular”. Ask Data is integrated into Tableau Server and Tableau Online and works with any live or extract data sources. Schedule and run Prep flows in Tableau 2019.1 beta From Tableau 2019.1 you’ll be able to use a secure server environment to run Tableau Prep flows via Tableau Prep Conductor. The Tableau Prep conductor is an add-on to Tableau Online and Tableau Server with an additional cost. It lets scheduling and running the flows authored by  you with the Tableau Prep application right from the browser. Teams can receive prepped data and run history to help understand the scheduling history. A redesigned mobile app with Tableau 2019.1 beta Both the iOS and Android apps for Tableau have been redesigned for a more intuitive experience. You can easily find the most important dashboards with favorites, and interact with your favorite dashboards even without internet. There are options to scroll, highlight, and view tooltips on vizzes regardless of internet connectivity. There is a powerful, integrated search which allows you to browse projects and find specific content. The new app is even more secure with fingerprint or facial recognition authentications. Export to PowerPoint, alerts, and Google AdWords You can now export from Tableau to PowerPoint presentations. Vizzes from Tableau Server or Tableau Online can be exported to PowerPoint as high-resolution images which are complete with a link back to the original workbook. The dashboards can be integrated directly into presentations with a single click. Data-driven alerts were originally introduced in Tableau 10.3. It notifies users of activities like sales team exceeding their allowed limit or when the IT team needs to respond to an event. This now has a new view displaying all the existing alerts for the viz you are viewing. Users can also add themselves with an “Add Me” option from the side panel. You can now analyze your ad metrics by connecting Google AdWords to Tableau. The Beta is available for existing customers. For more details, visit the Tableau website. How to do data storytelling well with Tableau [Video] A tale of two tools: Tableau and Power BI “Tableau is the most powerful and secure end-to-end analytics platform”: An interview with Joshua Milligan

It was only last week when a report by The New York Times brought to light the shocking allegations against Andy Rubin’s (creator of Android) sexual misconduct at Google. Now, more than 200 engineers at Google are organizing a “women’s walk” walkout this week to protest against the company's response to the reports of sexual misconduct, as per Buzzfeed news. According to the report by the New York Times, after Rubin was accused of misbehavior in 2014 and the allegations were confirmed by Google, he was asked to leave by former Google CEO, Mr.Page, but received $90 million as an exit package. He also received a high profile well-respected farewell by Google in October 2014. But Rubin isn’t the only one, at least four senior executives have been protected by Google in the past, despite them being accused of sexual misconduct, as per the NY Times report. Andy Rubin spoke out about the allegation on Twitter where he denied the NY Times report: https://twitter.com/Arubin/status/1055632398509985792 https://twitter.com/Arubin/status/1055632399172755456 As per the Buzzfeed reports, Google executives had hosted an all-hands meeting last Thursday, during which they tried explaining their behavior towards Rubin and apologized to employees. Google CEO Sundar Pichai also sent an email to all Google employees on Thursday clarifying how the company has fired 48 people over the last two years for sexual harassment where 13 of them were “senior managers and above”. He also mentioned how none of the accused employees received any exit packages. “We are dead serious about making sure we provide a safe and inclusive workplace. We want to assure you that we review every single complaint about sexual harassment or inappropriate conduct, we investigate and we take action”, read the email. The protest is a response to Google’s handling of sexual misconduct within the workplace in the recent past, that employees found as inadequate. Moreover, Google employees participating in the planned protest are dissatisfied that senior executives such as Drummond, Chief Legal Officer, Alphabet, and Chairman, CapitalG, mentioned in the NY times report for indulging in “inappropriate relationships” within the organization continue to work in highly placed positions at Google and have not faced any real punitive action by Google for their action. In April this year, Google employees protested against Project Maven, with petitions, and better demands for more transparency within the organization. The demands of the upcoming protest haven’t been made specified yet, but, shares similar sentiments. The planning for the walkout was done on an internal online forum by the Google employees to map out the details regarding the protest. By yesterday, that post had upvotes, as per a current Google employee who wishes to remain anonymous. The day and timing of the walkout haven’t been fixed yet but is likely to take place this Thursday, as reported by BuzzFeed. One of the Google employee, who wishes to remain anonymous, told BuzzFeed, 'Personally, I’m furious. I feel like there’s a pattern of powerful men getting away with awful behavior towards women at Google‚ or if they don’t get away with it, they get a slap on the wrist, or they get sent away with a golden parachute, like Andy Rubin. Public reaction towards the protest is largely positive: https://twitter.com/iamjono/status/1057120231074611200 https://twitter.com/womensmarch/status/1057067265324183552 https://twitter.com/ryancarson/status/1057003377777930240 Our take on this development If this protest manages to get a response from Google on the veracity of the claims made by the NYT article, it would be a good place to start healing. Openly acknowledging issues is the first step towards working on them. The protest could be more effective had the organizers has a clear set of goals to achieve from the walkout. Currently, it appears more like an emotional response to the revelation than as a way to move the company in the right direction on the topic of making the workplace safe and treating everyone fairly. Of late Google, employees seem to increasingly place the role of the companies moral compass on contentious and sensitives topics. Holding Google accountable for its role in enabling workplace misconduct is a worthy cause to stand up for. However, doing this via continuous protests or through media leaks does not seem to be an effective long-term approach to dealing with organizational issues - for both employees and for Google. There is the risk of employees becoming jaded and distrusting or management simply taking the easy way out by choosing to leave behind those that don’t align with its new vision only to become a monolithic thinking machine.   Frequent employee protests is a symptom of a deeper value-misalignment problem that Google must reflect on. Ex-googler who quit Google on moral grounds writes to Senate about company’s “Unethical” China censorship plan OK Google, why are you ok with mut(at)ing your ethos for Project DragonFly? Google takes steps towards better security, introduces new API policies for 3rd parties and a Titan Security system for mobile devices

In the Kotlin 1.3 release, coroutines are now stable, scalability is better, and Kotlin/Native Beta is added. Coroutines are stable in Kotlin 1.3 Coroutines provide a way to write non-blocking asynchronous code that’s easy to understand. It is a useful tool for activities ranging from offloading work onto background workers to implementing complicated network protocols. The kotlinx.coroutines library hits is at 1.0. It provides a solid foundation for managing asynchronous jobs various scales including composition, cancelation, exception handling and UI-specific use cases. Kotlin/Native Beta Kotlin/Native makes use of LLVM to compile Kotlin sources into standalone binaries without any VM required. Various operating systems and CPU architectures including iOS, Linux, Windows, and Mac are supported. The support extends to even WebAssembly and embedded systems like STM32. Kotlin/Native has a fully automatic memory management and can interoperate with C, Objective-C, and Swift. It exposes platform APIs like Core Foundation, POSIX, and any other native library of choice. The Kotlin/Native runtime promotes immutable data and blocks any attempts of sharing unprotected mutable state between threads. Threads don’t exist for Kotlin/Native, they are abstracted away as a low-level implementation. Threads are replaced by workers which are a safe and manageable way of achieving concurrency. Multiplatform projects in Kotlin 1.3 Kotlin supports JVM, Android, JavaScript, and Native. Hence code can be reused. This saves effort and time which can be used to perform other tasks. The multiplatform libraries in Kotlin 1.3 cover everyday tasks such as HTTP, serialization and managing coroutines. Using the libraries is the easiest way to write multi platform code. You can also create custom multi-platform libraries which wrap platform-specific dependencies into a common API. Tooling support for Kotlin/Native and Multiplatform Kotlin 1.3 has tooling support for Kotlin/Native and multiplatform projects. This is available in IntelliJ IDEA Community Edition, IntelliJ IDEA Ultimate, and Android Studio. All of the code editing features such as error highlighting, code completion, navigation and refactoring are available in all these IDEs. Ktor 1.0 Beta Ktor is a connected applications framework. It implements the entire HTTP stack asynchronously using coroutines and has reached Beta. Other features Some other features in Kotlin 1.3 release include experimental support for inline classes, incremental compilation for Kotlin/JS, and unsigned integers. This release also features a sequence debugger for visualizing lazy computations, contracts to improve static analysis for library calls, and no-arg entry point to provide a cleaner experience for new users. To know more details about all the changes, visit the changelog. KotlinConf 2018: Kotlin 1.3 RC out and Kotlin/Native hits beta Kotlin/Native 0.8 recently released with safer concurrent programming 4 operator overloading techniques in Kotlin you need to know

Open Source is getting a lot of attention these days and to incentivize people to contribute to open source Codefresh has launched "Fixvember", a do-it-from-home, DevOps hackathon. Codefresh is a Kubernetes native CI/CD which allows for creating powerful pipelines based on DinD as a service and provides self-service test environments, release management, and Docker and Helm registry. Codefresh’s Fixvember is a Devops based hackathon where Codefresh will provide DevOps professionals with a limited-edition t-shirt to contribute to open source. The event basically encourages developers (and not just Codefresh users) to make at least three contributions to open source projects, including building automation, adding better testing, and fixing bugs. The focus is on making engineers more successful by following DevOps best practices. Adding a Codefresh YAML to an open-source repo may also earn developers additional prizes or recognition. Codefresh debuts Fixvember in sync with the launch of its public-facing builds in the Codefresh platform. Codefresh is offering 120 builds/month, private Docker Registry, Helm Repository, and Kubernetes/Helm Release management for free to increase the adoption of CI/CD processes. It is also offering a huge free tier within Codefresh with everything needed to help teams. Developers can participate by following these steps. Step 1: Signup at codefresh.io/fixvember Step 2: Make 3 open source contributions that improve DevOps. This could be adding/updating a Codefresh pipeline to a repo, adding tests or validation to a repo, or just fixing bugs. Step 3: Submit your results using your special email link “I can’t promise the limited-edition t-shirt will increase in value, but if it does, I bet it will be worth $1,000 by next year. The FDA prevents me from promising any health benefits, but it’s possible this t-shirt will actually make you smarter,” joked Dan Garfield, Chief Technology Evangelist for Codefresh. “Software engineers sometimes have a hero complex that adding cool new features is the most valuable thing. But, being ‘Super Fresh’ means you do the dirty work that makes new features deploy successfully. Adding automated pipelines, writing tests, or even fixing bugs are the lifeblood of these projects.” Read more about Fixvember on Codefresh Blog. Azure DevOps outage root cause analysis starring greedy threads and rogue scale units. JFrog, a DevOps based artifact management platform, bags a $165 million Series D funding Is your Enterprise Measuring the Right DevOps Metrics?

Google released version 4.0 of its OCR engine, Tesseract, yesterday. Tesseract 4.0 comes with a new neural net (LSTM) based OCR engine, updated build system, other improvements, and bug fixes. Tesseract is an OCR engine that offers support for unicode (a specification that supports all character set) and comes with an ability to recognize more than 100 languages out of the box. It can be trained to recognize other languages and is used for text detection on mobile devices, videos, and in Gmail image spam detection. Let’s have a look at what's new in Tesseract 4.0. New neural net (LSTM) based OCR engine The new OCR engine uses a neural network system based on LSTMs, with major accuracy gains. This consists of new training tools for the LSTM OCR engine. You can train a new model from scratch or by fine-tuning an existing model. Trained data including LSTM models and 123 languages have been added to the new OCR engine. Optional accelerated code paths have been added for the LSTM recognizer: Moreover, a new parameter lstm_choice_mode that allows including alternative symbol choices in the hOCR output has been added. Updated Build System Tesseract 4.0 uses semantic versioning and requires Leptonica 1.74.0 or a higher version. In case you want to build Tesseract from source code then a compiler with strong C++ 11 support is necessary. Unit tests have been added to the main repo. Tesseract's source tree has been reorganized in version 4.0. A new option has been added that lets you compile Tesseract without the code of the legacy OCR engine. Bug Fixes Issues in trainingdata rendering have been fixed. Damage caused to binary images when processing PDFs has been fixed. Issues in the OpenCL code have been fixed. OpenCL now works fine for the legacy Tesseract OCR engine but the performance hasn’t improved yet. Other Improvements Multi-page TIFF handling is improved in Tesseract 4.0. Improvements are made to PDF rendering. The version information and improved help texts have been added to the training tools. tessedit_pageseg_mode 1 has been removed from hocr, pdf, and tsv config files. The user has to now explicitly use --psm 1 if that is desired. For more information, check out the official release notes. Tesla v9 to incorporate neural networks for autopilot Neural Network Intelligence: Microsoft’s open source automated machine learning toolkit

Yesterday, Facebook open-sourced QNNPACK that stands for Quantized Neural Networks PACKage. It is a mobile-optimized library for low-intensity convolutions used in state-of-the-art neural networks. It comes with implementations of convolutional, deconvolutional, and fully connected neural network operators on quantized 8-bit tensors. This library makes it possible to bring advanced computer vision tasks such as running Mask R-CNN and DensePose on phones in real time and image classification in less than 100 ms. Currently, QNNPACK is integrated into PyTorch1.0 with Caffe2 graph representation and is usable via Caffe2 model representation. Why QNNPACK is introduced? Running state-of-the-art artificial intelligence on mobile phones is not very easy as it requires several adaptations to get optimized performance from its hardware. Earlier, there wasn’t a performant open source implementation for several common neural network primitives. Because of this reason, promising research models such as ResNeXt, CondenseNet, and ShuffleNet were underused. QNNPACK enables developers to use these research models by providing high-performance implementations of convolutional, deconvolutional, and fully connected operations on quantized tensors. QNNPACK-based Caffe2 operators were approximately 2x faster than TensorFlow Lite on quantized state-of-the-art MobileNet v2 architecture, says the Facebook research blog. The library speeds up many operations, such as depthwise convolutions, that advanced neural network architectures use. Along with QNNPACK, they have also open-sourced Caffe2 quantized MobileNet v2 model that gives 1.3 percent higher accuracy than the corresponding TensorFlow model. To know more in detail about QNNPACK, check out the official announcement on the Facebook blog. Facebook introduces two new AI-powered video calling devices “built with Privacy + Security in mind” Facebook’s Glow, a machine learning compiler, to be supported by Intel, Qualcomm and others Facebook launches LogDevice: An open source distributed data store designed for logs

The team at Aragon started their journey towards a decentralized model at the beginning of 2018. Now finally, the vision has become a reality with two teams contributing to Aragon's development: Aragon One and Aragon DAC. To further strengthen this motive, new Aragon teams need to be brought on board. This is why the team has been working on a program called ‘Flock’  for selecting new Aragon teams, which will provide a minimum grant of $1,000,000 for operational costs. The Aragon project For those who are not familiar with the Aragon project, it aims to disintermediate the creation and maintenance of organizational structures by using blockchain technology. They provide tools for users to become entrepreneurs and run their own organization while easily and securely managing it. The Aragon organizations are powered by Ethereum, a global blockchain in which code and applications always run without any possibility of downtime or censorship. The traditional Blockchain technology has a network of thousands of computers all over the globe. Users can set up their own nodes and all the necessary data is replicated across the network. There is a single shared point of cryptographically verifying the data. Alternatively, the decentralized design encouraged by Aragon ensures prohibiting interference of government or a malicious third-party in an organizations way of working. What is Flock? The Flock program is released in alpha to structure grants to Aragon teams. The program will handle the initial application and pre-selection process for new Aragon teams. Independent teams will be selected to work on the core components and products of the Aragon project. The funds provided are intended to cover: The operational costs for research, development, and maintenance of the Aragon products and ecosystem for one year. The minimum amount of funds available for operations is $1 million. An incentivization package in ANT While the process of onboarding new teams will begin in the next few months, Aragon will be opening conversations with potential teams soon. You can head over to Aragon’s blog to know more about their decentralization initiative. Alternatively, visit their GitHub page to know how to sign up your team to Aragon. Mozilla pledges to match donations to Tor crowdfunding campaign up to $500,000 JFrog, a DevOps based artifact management platform, bags a $165 million Series D funding OmniSci, formerly MapD, gets $55 million in series C funding

Yesterday, Google launched reCAPTCHA v3, a revamped version of their Captcha API that helps filter abusive traffic to a website without user interaction. reCAPTCHA v3 returns a score for each request. The score is based on interactions with a site, so website owners can take the most appropriate action. “Over the last decade, reCAPTCHA has continuously evolved its technology,” Google product manager Wei Liu wrote in a blog post. ReCAPTCHA is usually used on sign in pages. You can rate limit login attempts, exponentially increasing rate limit or just lock out IPs that exceed allowed login attempts and analyze your logs to ban abusive IPs. She adds,“ reCAPTCHA v3 helps to protect your sites without user friction and gives you more power to decide what to do in risky situations.” reCAPTCHA v3 also runs adaptive risk analysis in the background to alert you of suspicious traffic. The scoring logic Website owners can use the reCAPTCHA score in 3 different ways. They can set a threshold that determines when a user is let through or when further verification needs to be done. They can combine the score with their own signals that reCAPTCHA can’t access such as user profiles or transaction histories. They can use the reCAPTCHA score as one of the signals to train machine learning models to fight abuse. reCAPTCHA v3, uses a new tag “Action” which can be used to define the key steps of a user journey and enable reCAPTCHA to run its risk analysis in context. On adding action to multiple pages, reCAPTCHA adaptive risk analysis engine can identify the pattern of attackers more accurately by looking at the activities across different pages on your website. The reCAPTCHA admin console provides an overview of reCAPTCHA score distribution and a breakdown for the stats of the top 10 actions on your site. It also provides multiple ways to customize actions that occur for different types of traffic, to protect against bots and improve user experience based on a website’s specific needs. Source: Google You can visit the reCAPTCHA developer site for more details. OK Google, why are you ok with mut(at)ing your ethos for Project DragonFly? 90% Google Play apps contain third-party trackers, share user data with Alphabet, Facebook, Twitter, etc: Oxford University Study. A multimillion-dollar ad fraud scheme that secretly tracked user affected millions of Android phones. This is how Google is tackling it.

ASP.NET Core 3.0 will come with some changes in the way projects work with frameworks. The .NET Core integration will be tighter and will bring third-party open source integration. Changes to shared frameworks in ASP.NET Core 3.0 In ASP.NET Core 1.0, packages were referenced as just packages. From ASP.NET Core 2.1 this was available as a .NET Core shared framework. ASP.NET Core 3.0 aims to reduce issues working with a shared framework. This change removes some of the Json.NET (Newtonsoft.Json) and Entity Framework Core (Microsoft.EntityFrameworkCore.*) components from the shared framework ASP.NET Core 3.0. For areas in ASP.NET Core dependent on Json.NET, there will be packages that support the integration. The default areas will be updated to use in-box JSON APIs. Also, Entity Framework Core will be shipped as “pure” NuGet packages. Shift to .NET Core from .NET Framework The .NET Framework will get fewer new features that come to .NET Core in further releases. This change is made so that existing applications in .NET Core don’t break due to some changes. To leverage the features from .NET Core, ASP.NET Core will now only run on .NET Core starting from version 3.0. Developers currently using ASP.NET Core on .NET Framework can continue to do so till the LTS support period of August 21, 2021. Third party components will be filtered Third party components will be removed. But Microsoft will support the open source community with integration APIs, contributions to existing libraries by Microsoft engineers, and project templates to ensure smooth integration of these components. Work is also being done on streamlining the experience for building HTTP APIs, and a new API client generation system. For more details, visit the Microsoft website. .NET Core 3.0 and .NET Framework 4.8 more details announced .NET Core 2.0 reaches end of life, no longer supported by Microsoft Microsoft’s .NET Core 2.1 now powers Bing.com

As per the UK budget report 2018, chancellor Philip Hammond is planning to introduce a digital services tax from April 2020 on tech giants. The chancellor is proposing a 2% tax rate against the sales that large digital companies make in the UK. The digital services tax is to be levied against social media platforms, internet marketplaces and search engines (read Facebook, Amazon, and Google). At the moment, digital media firms used to pay taxes on UK profits, which is a much smaller figure than revenues. The new digital services tax would be levied on companies that are profitable and generate "at least £500m a year in global revenue". Which clearly indicates that the chancellor is targeting tech giants instead of startups. The UK seems to have become frustrated with the slow movement of international lawmaking in this space. Both the 36 member OECD (Organisation for Economic Co-operation and Development) and the European commission have been working on this issue but the progress has been quite slow. Taking matters into their hands, the UK Govt has earmarked April 2020 for the new levy. The Treasury forecasts that the tax will generate £275m in 2019-20, rising to £370m in the following year. It then expects that digital services tax receipts will reach £400m in 2021-22 and £440m the year after. However, Julian David, chief executive of industry body TechUK, said the proposed £500m threshold was "low" and "and risks capturing much smaller companies than anticipated". Although the digital services tax is going to be effective from April 2020, it may not move ahead if the EU intervenes before that. Europe may also potentially move ahead with its own digital levy which would tax firms at a 3% rate. The OECD also intends to provide an update on its plans in 2019 with the aim of producing a final report the following year. People all over the internet have varied thoughts over this proposal. While some are happy: One hacker news user commented, “With business rate slashes to help struggling retailers (retaliation against Amazon) and mental health funding increases for schools (retaliation against Facebook/Google), I'm quite happy to see something happen at last. I expect other governments to follow suit.” Another user said, “This is a pretty good idea. Tech giants make money in Europe paying little to no tax incorporating in Ireland, while all small to medium businesses incorporated in the UK pay the usual tax. It’s simply unfair.” Some are not: https://twitter.com/Corporategang1/status/1057118872099319809 https://twitter.com/ConsultantsUnlt/status/1057104669418242048 We can only speculate as to how the tax will unfold. The implementation details are bound to be tricky, and surely companies will look for loopholes to avoid taxes. U.S Government Accountability Office (GAO) reports U.S weapons can be easily hacked. 5 reasons government should regulate technology Tech Titans, Acquisitions and Regulation – Trick or Treat?

Worried about the privacy of your messages and chats? It’s about time you start considering the use of ‘Signal’. As if end-to-end chat encryption wasn’t enough, Signal is now rolling out a new feature in Beta that will further hide a sender's “from” information and conceal their identity. The logic behind implementing this feature is simple- While the service always needs to know where a message should be delivered, ideally it shouldn’t need to know who the sender is. First, let's understand how communication takes place traditionally, prior to exploring this feature. The traditional method of sending messages A Signal client sends a message by connecting to the service over TLS, authentication takes place, and the encrypted message contents are sent to the destination. The authentication process is supposed to: Validate the sender’s identity to help prevent spoofing and help the recipient understand who sent the message. Use the sender’s identity to apply rate limiting and abuse protection. The latest beta release is designed to further retain another piece of information of its users: who is messaging whom. Communication will now take place in 3 simple steps: The app will hide a sender’s information inside the envelope of an encrypted message using Signal Protocol. The sender’s “from” information will be removed from outside the message’s envelope. It will be replaced with a short-term certificate, containing the sender’s phone number, public identity key and an expiry time. This will be used to prove a sender’s identity. The whole envelope is encrypted again. Once the message is delivered, the recipient’s device will validate the certificate and decrypt the message as it normally would without exposing the sender’s identity at any point. In order to implement the new feature and still ensure authenticity of the sender the following have been included in the short-term certificate: #1 Sender certificates To prevent spoofing of messages, clients periodically retrieve a short-lived sender certificate, containing the client’s phone number, public identity key, and an expiration timestamp- thus attesting to their identity. Clients can include the sender certificate when a message is sent, and receivers of the message can easily check its validity. #2 Delivery tokens To take steps against abuse, clients derive a 96-bit delivery token from their profile key and register it with the service. The service requires that the clients prove their knowledge of the delivery token for a user in order to transmit messages to that particular user. Profiles are shared with contacts, other people or groups who users explicitly approve, and in conversations that they create. This allows delivery tokens to be seamlessly exchanged behind the scenes. Since knowledge of a user’s profile key is necessary to derive that user’s delivery token, this restricts “sealed sender” messages to contacts who are less likely to require rate limits and other abuse protection. Additionally, blocking a user who has access to a profile key will trigger a profile key rotation. #3 Encryption Signal Protocol is used to encrypt message contents end-to-end. The “envelope” containing the sender certificate as well as the message ciphertext is also encrypted using the sender and recipient identity keys. Signal has never retained much of users data. This was proved two years ago when the FBI demanded that Signal turn over all the data it had on one particular user. But the question is, with social media platforms being misused by criminals to post attack threats, will a feature like this make Signal a haven for unscrupulous elements? Does Signal also have a plan to tackle issues such as hate speech recognition on its platform? The Beta releases that support sealed sender will be rolling out over the next few days. Users are advised to update all of their devices to use this new feature. Head over to the Signal Blog for more insights on this news. Google Cloud Storage Security gets an upgrade with Bucket Lock, Cloud KMS keys and more Firefox Nightly now supports Encrypted Server Name Indication (ESNI) to prevent 3rd parties from tracking your browsing history 90% Google Play apps contain third-party trackers, share user data with Alphabet, Facebook, Twitter, etc: Oxford University Study

It was only earlier this month when Bloomberg published a story alleging that China hacked into Amazon and Apple’s servers, and now the two tech giants seem to be retaliating against Bloomberg. Apple did not invite Bloomberg to its fall product event “There’s More in the Making” that takes place tomorrow in Brooklyn. Amazon, on the other hand, pulled its fourth quarter advertisements from Bloomberg’s website, last week, leading to a huge loss in Bloomberg’s ad revenue. An Amazon spokesperson told BuzzFeed News last week that the ads were canceled “due to a missed creative deadline”. Apple, on the other hand, declined to comment on this. Tim Cook, CEO, Apple, had asked Bloomberg to retract the story, in an interview with BuzzFeed News on 19th October. "There is no truth in their story about Apple," Cook mentioned to BuzzFeed. Apple also published a statement regarding the same, “we are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Apple has repeatedly explained to Bloomberg reporters and editors over the past 12 months, there is no truth to these claims”. Andy Jassy, Amazon web services CEO and Super Micro joined in Apple, refuting the claims made by Bloomberg. https://twitter.com/ajassy/status/1054401346827243520 Steve Schmidt, Chief Information Security Officer at Amazon Web Services further stated, “as we shared with Bloomberg BusinessWeek multiple times over the last couple months, this is untrue. At no time, past or present, have we ever found any issues relating to modified hardware or malicious chips in SuperMicro motherboards in any Elemental or Amazon systems. Nor have we engaged in an investigation with the government. There are so many inaccuracies in ‎this article as it relates to Amazon that they’re hard to count”. Super Micro also issued a statement, stating, “Super Micro strongly refutes reports that servers it sold to customers contained malicious microchips in the motherboards of those systems. Supermicro takes all security claims very seriously and makes continuous investments in the security capabilities of their products. Super Micro qualifies and certifies every contract manufacturer and routinely inspects their facilities and processes closely”. According to the Bloomberg article, Chinese spies had implanted tiny chips on computer motherboards made by Super Micro Computer. “In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies”. These motherboards were used by several of the largest American tech giants such as Amazon and Apple. These chips then provided secret access to the private data on the machines. The report also states that “the chips were reportedly built to be as inconspicuous as possible and to mimic signal conditioning couplers. It was determined during an investigation, which took three years to conclude, that the chip allowed the attackers to create a stealth doorway into any network that included the altered machines.” Although, both Amazon and Apple totally refute the allegations, Bloomberg, however, continues to stand by its report.   Bloomberg says Google, Mastercard covertly track customers’ offline retail habits via a secret million dollar ad deal Amazon tried to sell its facial recognition technology to ICE in June, emails reveal Apple now allows U.S. users to download their personal data via its online privacy data portal

Phishing attacks these days are a common phenomenon. Fraudsters use technical tricks and social engineering to deceive users into revealing sensitive personal information such as usernames, passwords, account IDs, credit card details and social security numbers through fake emails. Gophish provides a framework to simulate real-world phishing attacks. This enables industries to avail phishing training to make employees more aware of security in their business. Gophish is an open-source phishing toolkit written in Golang, specially designed for businesses and penetration testers. It is  This means that the Gophish releases do not have any dependencies. It's easy to set up and run and can be hosted in-house. Here are some of the features of Gophish #1 Ease of use Users can easily create or import pixel-perfect phishing template while customizing their templates in their browser itself. Phishing emails can be scheduled and can be sent in the background. Results of the simulation are delivered in near real-time. #2 Cross Platform Gophish can be used across platforms like Windows, Mac OSX, and Linux. #3 Full REST API The framework is powered with REST API. Gophish’s Python client makes it really easy to work with the API. #4 Real-Time Results Results obtained by Gophish are updated automatically. Users can view a timeline for every recipient, track if the email was opened, link clicks, submitted credentials, and more. Damage caused by phishing in a corporate environment can have dangerous repercussions like loss or misuse of confidential data, ruining the consumer's trust in the brand, use of corporate network resources etc. The Gophish framework aims to help industry professionals learn how to tackle phishing attacks with its ease of setup, use, and powerful results. To learn more about how to use Gophish and its benefits, head over to their official Blog. Google’s Protect your Election program: Security policies to defend against state-sponsored phishing attacks, and influence campaigns Microsoft claims it halted Russian spear phishing cyberattacks IBM launches Industry’s first ‘Cybersecurity Operations Center on Wheels’ for on-demand cybersecurity support