Tech News

Last week, the team behind Material-UI released Material-UI v4 with CSS specificity, migration to Typescript and much more. The release of Material-UI v4 is influenced by two major factors. Firstly, the team analyzed the Developer survey results done in March. Secondly, the team wanted to be up to date with the latest best practices in the React community and with the Material Design Specification. What’s new in Material-UI v4? CSS specificity CSS specificity needs to be good enough and by default, Material-UI injects its style at the end of the <head> element. But styled components and few other popular styling solutions inject the style just before it and therefore loses specificity. In order to solve this problem, the team has introduced a new prop: injectFirst. Classes boilerplate In v1, the team had introduced classes API to target all the elements but they observed the use of this API for sometime and saw few users struggling. It is challenging to apply the class name on the right element and it further requires boilerplate as well. In order to improve this situation, the team changed the class name generation to output global class names and kept the classes API working as before. TypeScript All the demos have been migrated from JavaScript to TypeScript. The team has even type checked their demos which improves their TypeScript test coverage. Also, they have fixed many issues during the migration. While writing an application with TypeScript, users can now directly copy & paste the demos without the need of converting them or having to fix the errors. Improved UX The team has changed the menu organization to group all the components under a single navigation item. The team has also changed the background color to white for increasing the text contrast and readability. Tree shaking with ES modules This is the first version that supports native tree shaking with ES modules, users  can now use destructured imports while importing multiple components. To know more about this release, check out the post on Medium. Implementing autocompletion in a React Material UI application [Tutorial] Applying styles to Material-UI components in React [Tutorial] Fyne 1.0 released as a cross-platform GUI in Go based on Material Design  

Apple announced last week that it has canceled its AirPower charging mat over concerns related to its inability to achieve “high standards” for the product. Apple had first announced details about the AirPower charging mat during the company’s iPhone X event in September 2017. During the event, Apple said that AirPower would be shipped in 2018, but failed to follow up for the next 18 months. The speculation over AirPower chargers getting canceled grew when Apple removed all info regarding AirPower from its website. However, the rumors of its cancellation went down as iOS 12.2 beta release included support for a wireless charger. “After much effort, we’ve concluded AirPower will not achieve our high standards and we have canceled the project. We apologize to those customers who were looking forward to this launch”, Dan Riccio, SVP of Hardware Engineering, Apple, told TechCrunch. Had the chargers shipped, a multitude of new and unique features would have welcomed the users. For instance, apart from being wireless, AirPower charger would have also been equipped with multi-device charging feature (ability to charge three devices at once), and a unique technology with multiple coils, among others. Many people have made speculations about the reason behind AirPower cancellation, with many blaming it on issues related to engineering and overheating. Craig Lloyd, a staff writer at iFixit, published a post where he discusses the possible reasons behind charger’s cancellation. Craig states that Wireless charging pads use electric current in your phone’s wire coil that helps charge the battery. However, this electricity being transmitted isn’t perfectly clean and generates noise that can interfere with other wireless devices. When different coils are charged together, a slightly different waveform is generated. Apple wanted to create a large charging platform with the help of overlapping coils which would allow AirCharger to power different devices on the charger mat. However, this introduced a different set of challenges. “Apple boxed themselves into an electromagnetic corner. What they wanted to do was physically possible—and they surely had it working in the lab—but they couldn’t consistently meet the rigorous transmission requirements that are designed to keep us safe from our gadgets”, states Craig. Now although Apple failed to deliver this product, it has not lost hope yet. “We continue to believe that the future is wireless and are committed to push the wireless experience forward”, said Riccio. Public reaction to the news is largely comical, as users took to Twitter to post memes regarding the news. https://twitter.com/wannatechnow/status/1112664509108375552 https://twitter.com/MKBHD/status/1111710778741190656 https://twitter.com/JonyIveParody/status/1111772531210534912 https://twitter.com/amelvand/status/1112031397831692289 Apple’s March Event: Apple changes gears to services, is now your bank, news source, gaming zone and TV Apple to merge the iPhone, iPad, and Mac apps by 2021 Apple acquires Pullstring to possibly help Apple improve Siri and other IoT-enabled gadgets

Along with Windows 7, Microsoft is also ending security updates and technical support for Internet Explorer 10 by January 2020 that it shared in a blog post yesterday, and users are advised to upgrade to IE11 by then. Support for IE10 and below ended back in 2016, except on a few environments like Windows server 2012 and some embedded versions and now Microsoft is just pulling the plug on those few remaining environments. Microsoft on their blog post wrote, “We encourage you to use the time available to pilot IE11 in your environments. Upgrading to the latest version of Internet Explorer will ease the migration path to Windows 10, Windows Server 2016 or 2019, or Windows 10 IoT, and unlock the next generation of technology and productivity. It will also allow you to reduce the number of Internet Explorer versions you support in your environment.” Commercial customers of Windows Server 2012 and Windows Embedded 8 Standard can download IE11 via the Microsoft Update Catalog or IE11 upgrade through Windows Update and Windows Server Update (WSUS) that Microsoft will publish later this year. IE10 will continue to receive updates for Windows 10, Windows Server 2016 or 2019, or Windows 10 IoT throughout 2019. You can find these updates on the Update Catalog and WSUS channel as a Cumulative Update for Internet Explorer 10. Similarly, updates for IE11 will be labeled as Cumulative Update Internet Explorer 11 on the Microsoft Update Catalog, Windows Update, and WSUS. Many Hacker News users are also speculating that the support of IE11 could also end by 2025. One of the users said, “If anyone is wondering about IE11, MS says "Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it is installed. Extended support for Windows 10 ends on October 14, 2025. Extended support for Windows Server 2016 ends on January 11, 2027. Presumably one or those 2 dates could be considered the termination date for IE11.” Another Hacker News user believes, “...it is good time to start considering ending IE11 support as well, especially with Chromium-Edge coming out later this year. Edge is getting a Chromium back-end with talk of Windows 7 and 8 support. So, perhaps that's a strategy to kill IE11 too (fingers crossed).” Read the official announcement by Microsoft to know more details. Microsoft Office 365 now available on the Mac App Store Microsoft acquires Citus Data with plans to create a ‘Best Postgres Experience’ Microsoft’s Bing ‘back to normal’ in China

Yesterday Elm 0.19.1 was released with a new improvements to the compiler that now display syntactical errors in a new fashion that pointing users to their mistakes as well as suggesting them additional resources.  The goal of 0.19.1 is to clean up the rough edges such that we have a really solid foundation for newcomers, professionals, scientists. Evan Czaplicki, the creator of these improved error messages explains in a blog post, “the new error messages points to the spot where it got stuck, but more importantly, it tries to help by (1) giving examples and (2) linking to a page that explains how imports work. It tries to help you learn!” For example, if you miss out on including a curly braces in your JavaScript code, the error message shows up at the very end of the file. Now with the improved Elm compiler, the error message will point out the error where it occurred while also suggesting a viable fix. Source: Elm’s blog Czaplicki hopes that this project can eliminate the survivorship bias present in the programming ecosystem, which he believes is also one of the reasons why it took so long for Elm to prioritize this project. “I hope this work on syntax error messages will help make Elm more friendly and accessible, and I hope it will help make space for other language designers to prioritize this kind of project!”, he adds. Other improvements in Elm 0.19.1 Faster compilation, especially for incremental compiles Uses filelocks so that cached files are not corrupted when plugins run elm make multiple times on the same project at the same time. More intuitive multiline declarations in REPL Various bug fixes (e.g. --debug, x /= 0, type Height = Height Float in --optimize) Developers on Twitter appreciated Elm’s focus on errors. https://twitter.com/vronnie911/status/1186377031015157762 https://twitter.com/domenkozar/status/1163795173022806016 Read more about improved error messages in Elm 0.19.1 on this blog post. What to expect from D programming language in the near future OpenBSD 6.6 comes with GCC disabled in base for ARMv7 and i386, SMP improvements and more. Swift shares diagnostic architecture improvements that will be part of the Swift 5.2 release.

Yesterday, the team at Timber.io, a cloud-based logging platform, released Vector, a high-performance observability data router that makes transforming, collecting, and sending logs, metrics, and events easy. One of the reasons behind building Vector was to integrate mtail's functionality into a bigger project. mtail is a tool which is used for extracting metrics from application logs. Licensed under the Apache License, Version 2.0, Vector decouples data collection and routing from user services that give users the control and data ownership. Vector which written in Rust, compiles to a single static binary and it has been designed to be deployed across the entire infrastructure.  Concepts of Vector Following is a diagram depicting the basic concepts that Vector comprises of: Image source: Vector Sources When Vector ingests data it proceeds to normalize that data into a record, which sets the stage for easy and consistent processing of the data. Examples of sources include syslog, tcp, file, and stdin. Transforms Transform modifies an event or the stream as a whole like a filter,  parser, sampler, or aggregator.  Sinks A sink is a destination for events and its design and transmission method is controlled by the downstream service it is interacting with. For instance, the TCP sink will stream individual records, while the S3 sink will buffer and flush data. Features of Vector Memory efficient and fast Vector is fast and memory-efficient and doesn't have a runtime and garbage collector. Test cases Vector involves performance and correctness tests, where the performance tests measure performance and capture detailed performance data, whereas, correctness tests verify behavior.  The team behind Vector has also invested in a robust test harness that provides a data-driven testing environment.  Here are the test results: Image source: GitHub Processing data Vector is used for collecting data from various sources in various shapes. It also sets the stage for easy and consistent processing of the data. Serves as a single tool It serves as a light-weight agent as well as a service that works as a single tool for users. Guarantee support matrix It features a guarantee support matrix that helps users understand their tradeoffs. Easy deployment Vector cross-compiles to a single static binary without any runtime. Users seem to be happy about this news as they think Vector is useful for them. A user commented on HackerNews, "I'm learning Rust and eventually plan to build such a solution but I think a lot of this project can be repurposed for what I asked much faster than building a new one. Cheers on this open source project. I will contribute whatever I can. Thanks!!" It seems more metrics-focused sources and Sinks are expected in Vector in the future. A member from the Vector project commented, "It's still slightly rough around the edges, but Vector can actually ingest metrics today in addition to deriving metrics from log events. We have a source component that speaks the statsd protocol which can then feed into our prometheus sink. We're planning to add more metrics-focused sources and sinks in the future (e.g. graphite, datadog, etc), so check back soon!" To know more about this news, check out Vector's page. Implementing routing with React Router and GraphQL [Tutorial] TP-Link kept thousands of vulnerable routers at risk of remote hijack, failed to alert customers Amazon buys ‘Eero’ mesh router startup, adding fuel to its in-house Alexa smart home ecosystem ambitions

Yesterday, at the Spark + AI summit, the team at Apache Spark announced .NET for Apache Spark, a popular open source distributed processing engine used for analytics over large data sets. It can also be used for processing real-time streams, batches of data, machine learning, and ad-hoc query. .NET fo Apache Spark for developers .NET for Apache Spark aims at making Apache Spark accessible to .NET developers across all Spark APIs. The team at Apache Spark aims to develop .NET for Apache Spark in the open (as a .NET Foundation member project) along with the Spark and .NET community for the developers. .NET for Apache Spark comes with high-performance APIs for using Spark from C# and F#. With .NET APIs, users can now access all aspects of Apache Spark including streaming, Spark SQL, DataFrames, MLLib, etc. It lets the developers reuse all the skills, code, knowledge, and libraries. The C#/ F# language that binds to Spark will be written on a new Spark interop layer that will offer easier extensibility. .NET for Apache Spark can be used on Linux, macOS, and Windows and is compliant with .NET Standard 2.0. .NET for Apache Spark performance The first preview version of .NET for Apache Spark performs well on the popular TPC-H benchmark. This benchmark consists of a suite of business-oriented queries. .NET for Apache Spark has a better performance against Python and Scala. It is also 2 times faster than Python. What more features can be expected? In the future, the team aims to simplify the documentation and samples and work towards native integration with developer tools such as Visual Studio, Visual Studio Code, Jupyter notebooks. Developers can also expect .NET support for user-defined aggregate functions and .NET idiomatic APIs for C# and F# (e.g., using LINQ for writing queries). The team is also working towards adding support for Azure Databricks, Kubernetes, etc. and making .NET for Apache Spark part of Spark Core. Few users are excited about this news and are expecting some major improvement with .NET for Spark. A user commented on HackerNews, “I've seen the announcement about .NET interior support in Apache Spark some time ago. The benchmarks are interesting and tell the story - in few cases it is faster than Python, but slower than native (for Spark) Scala/JVM. Maybe with Arrow interchange Python's performance would increase (and for other interpose that would use Array - i.e. for .Net).” Few others are confused about the transition, as they have to get their teams shifted to the new setup. Another user commented, “Indeed the real sad part is you can’t lead teams there early (premature optimization). Everybody seems to make the same rough transition on their own.” To know more about this news, check out the post by Apache Spark. Winners for the 2019 .NET Foundation Board of Directors elections are finally declared Fedora 31 will now come with Mono 5 to offer open-source .NET support ML.NET 1.0 RC releases with support for TensorFlow models and much more!

Last week, the team at Microsoft announced the XLOOKUP feature for Excel users, a successor to the VLOOKUP function, the first lookup function learned by Excel users. XLOOKUP feature gives Excel users an easier way of displaying information in their spreadsheets. Currently, this function is only available to Office 365 testers and the company will be making it more broadly available. XLOOKUP has the ability to look vertically as well as horizontally and it replaces HLOOKUP too.  XLOOKUP just needs 3 arguments for performing the most common exact lookup whereas VLOOKUP required 4. The official post reads, “Let’s consider its signature in the simplest form: XLOOKUP(lookup_value,lookup_array,return_array) lookup_value: What you are looking for lookup_array: Where to find it return_array: What to return”  XLOOKUP overcomes the limitations of VLOOKUP Exact match in XLOOKUP is possible VLOOKUP resulted in a default approximate match of what the user was looking for, rather than the exact match. With XLOOKUP users can now find the exact match. Data can be drawn on both sides  VLOOKUP can draw on the data that’s on the right-hand side of the reference column, so users have to rearrange their data to use the function. With XLOOKUP, users can easily draw on the data both to the left and right, and it also combines VLOOKUP and HLOOKUP into a single function. Column insertions/deletions VLOOKUP’s 3rd argument is the column number so if you insert or delete a column then you have to increment or decrement the column number inside the VLOOKUP. With XLOOKUP users can easily insert or delete columns. Search from the back is now possible With VLOOKUP, users need to reverse the order of the data for finding the last occurrence of the data but with XLOOKUP it is easy for users to search the data from the back. References cells systematically For VLOOKUP, the 2nd argument, table_array, needs to be stretched from the lookup column to the results column. It references more cells which results in unnecessary calculations, reducing the performance of your spreadsheets. XLOOKUP systematically references the cells which don’t lead to complications in calculations. In an email to CNBC, Joe McDaid, Excel’s senior program manager wrote, XLOOKUP is “more powerful than INDEX/MATCH and more approachable than VLOOKUP.” To know more about this news, check out the official post. What’s new in application development this week? Microsoft announces its support for bringing exFAT in the Linux kernel; open sources technical specs Qt introduces Qt for MCUs, a graphics toolkit for creating a fluid user interface on microcontrollers Twilio launched Verified By Twilio, that will show customers who is calling them and why      

Last Friday, ZDNet reported about Canva’s data breach. Canva is a popular Sydney-based startup which offers a graphic design service. According to the hacker, who directly contacted ZDNet, data of roughly 139 million users has been compromised during the breach. Responsible for the data breach is a hacker known as GnosticPlayers online. Since February this year, they have put up the data of 932 million users on sale, which are reportedly stolen from 44 companies around the world. "I download everything up to May 17," the hacker said to ZDNet. "They detected my breach and closed their database server." Source: ZDNet website In a statement on the Canva website, the company confirmed the attack and has notified the relevant authorities. They also tweeted about the data breach on 24th May as soon as they discovered the hack and recommended their users to change their passwords immediately. https://twitter.com/canva/status/1132086889408749573 “At Canva, we are committed to protecting the data and privacy of all our users and believe in open, transparent communication that puts our communities’ needs first,” the statement said. “On May 24, we became aware of a security incident. As soon as we were notified, we immediately took steps to identify and remedy the cause, and have reported the situation to authorities (including the FBI). “We’re aware that a number of our community’s usernames and email addresses have been accessed.” Stolen data included details such as customer usernames, real names, email addresses, and city & country information. For 61 million users, password hashes were also present in the database. The passwords where hashed with the bcrypt algorithm, currently considered one of the most secure password-hashing algorithms around. For other users, the stolen information included Google tokens, which users had used to sign up for the site without setting a password. Of the total 139 million users, 78 million users had a Gmail address associated with their Canva account. Canva is one of Australia's biggest tech companies. Founded in 2012, since the launch, the site has shot up the Alexa website traffic rank, and has been ranking among the Top 200 popular websites. Three days ago, the company announced it raised $70 million in a Series-D funding round, and is now valued at a whopping $2.5 billion. Canva also recently acquired two of the world's biggest free stock content sites -- Pexels and Pixabay. Details of Pexels and Pixabay users were not included in the data stolen by the hacker. According to reports from Business Insider, the community was dissatisfied with how Canva responded to the attack. IT consultant Dave Hall criticized the wording Canva used in a communication sent to users on Saturday. He believes Canva did not respond fast enough. https://twitter.com/skwashd/status/1132258055767281664 One Hacker News user commented , “It seems as though these breaches have limited effect on user behaviour. Perhaps I'm just being cynical but if you are aren't getting access and you are just getting hashed passwords, do people even care? Does it even matter? Of course names and contact details are not great. I get that. But will this even effect Canva?” Another user says, “How is a design website having 189M users? This is astonishing more than the hack!” Facebook again, caught tracking Stack Overflow user activity and data Ireland’s Data Protection Commission initiates an inquiry into Google’s online Ad Exchange services Adobe warns users of “infringement claims” if they continue using older versions of its Creative Cloud products

On Tuesday, Microsoft open sourced its Accessibility tools, allowing developers to easily find and fix common accessibility issues early in the development cycle. This includes Accessibility Insights for Windows and Accessibility Insights for Web, both built on Deque’s open source axe technology. You can run quick tests, easily create audits that you can export and share with others, and even file issues to GitHub. Accessibility Insights for Web Accessibility Insights for Web is basically a Chrome extension that helps developers find and fix accessibility issues in web apps and sites. The tool comes with a lightweight, two-step process called FastPass that helps developers identify common, high-impact accessibility issues. Fast Pass uses automated checks to check compliance with approximately 50 accessibility requirements. It also makes use of Tab stops to provide clear instructions and a visual helper for identifying accessibility issues related to keyboard access, such as missing tab stops, keyboard traps, and incorrect tab order. The second part of Accessibility Insights is Assessment which helps HTML developers in verifying if a web app or web site is 100% compliant with Web Content Accessibility Guidelines (WCAG) 2.0 Level AA. It also comes with Automated checks and also Manual Testing to provide step-by-step instructions, examples, and how-to-fix guidance for approximately 20 tests. Deque Systems provides GitHub issue filing for Accessibility Insights for Web, and color contrast detection heuristics for Accessibility Insights for Windows. On why Accessibility Insights is open sourced, Microsoft writes in a blog post, “We are driven by the promise of more accessible products for more people.  That’s why we’re releasing Accessibility Insights to the open source and accessibility communities – it’s all of ours now, and together we’ll continue to make it a better tool and build a more accessible future.” You can read more about Accessibility Insights on its website. It’s a win for Web accessibility as courts can now order companies to make their sites WCAG 2.0 compliant W3C and FIDO Alliance declare WebAuthn as the web standard for password-free logins Microsoft open sources the Windows Calculator code on GitHub

Yesterday, the Go team shared the details of what all is coming in Go 1.13, the first release that is implemented using the new proposal evaluation process. In this process, feedback is taken from the community on a small number of proposals to reach the final decision. The team also shared what proposals they have selected to implement in Go 1.14 and the next steps. At Gophercon 2017, Russ Cox, Go programming language tech lead at Google, first disclosed the plan behind the implementation of Go 2. This plan was simple: the updates will be done in increments and will have minimal to no effect on everybody else. Updates in Go 1.13 Go 1.13, which marks the first increment towards Go 2, is planned to release in early August this year. A lot of language changes have landed in this release that were shortlisted from the huge list of Go 2 proposals based on the new proposal evaluation process. These proposals are selected under the criteria that they should address a problem, have minimal disruption, and provide a clear and well-understood solution. The team selected “relatively minor and mostly uncontroversial” proposals for this version. These changes are backward-compatible as modules, Go’s new dependency management system is not the default build mode yet. Go 1.11 and Go 1.12 include preliminary support for modules that makes dependency version information explicit and easier to manage. Proposals planned to be implemented in Go 1.13 The proposals that were initially planned to be implemented in Go 1.13 were: General Unicode identifiers based on Unicode TR31: This proposes to add support for enabling programmers using non-Westen alphabets to combine characters in identifiers and export uncased identifiers. Binary integer literals and support for_ in number literals: Go comes with support for octal, hexadecimal, and standard decimal literals. However, unlike other mainstream languages like Java 7, Python 3, and Ruby, it does not have support for binary integer literals. This proposes adding support for binary integer literals as a new prefix to integer literals like 0b or 0B. Another minor update is adding support for a blank (_) as a separator in number literals to improve the readability of complex numbers. Permit signed integers as shift counts: This proposes to change the language spec such that the shift count can be a signed or unsigned integer, or any non-negative constant value that can be represented as an integer. Out of these shortlisted proposals the binary integer literals, separators for number literals, and signed integer shift counts are implemented. The general Unicode identifiers proposal was not implemented as there was no “concrete design document in place in time.“ The proposal to support binary integer literals was significantly expanded, which led to an overhauled and modernized Go’s number literal syntax. Updates in Go 1.14 After the relatively minor updates in Go 1.13, the team has plans to take it up a notch with Go 1.14. With the new major version Go 2, their overarching goal is to provide programmers improved scalability. To achieve this, the team has to tackle the three biggest hurdles: package and version management, better error handling support, and generics. The first hurdle, package and version management will be addressed by the modules feature, which is growing stronger with each release. For the other two, the team has presented draft designs at last year’s GopherCon in Denver. https://youtu.be/6wIP3rO6On8 Proposals planned to be implemented in Go 1.14 Following are the proposals that are shortlisted for Go 1.14: A built-in Go error check function, ‘try’: This proposes a new built-in function named ‘try’ for error handling. It is designed to remove the boilerplate ‘if’ statements typically associated with error handling in Go. Allow embedding overlapping interfaces: This is a backward-compatible proposal to make interface embedding more tolerant. Diagnose ‘string(int)’ conversion in ‘go vet’: This proposes to remove the explicit type conversion string(i) where ‘i’ has an integer type other than ‘rune’. The team is making this backward-incompatible change as it was introduced in the early days of Go and now has become quite confusing to comprehend. Adopt crypto principles: This proposes to implement design principles for cryptographic libraries outlined in the Cryptography Principles document. The team is now seeking community feedback on these proposals. “We are especially interested in fact-based evidence illustrating why a proposal might not work well in practice or problematic aspects we might have missed in the design. Convincing examples in support of a proposal are also very helpful,” the blog post reads. While developers are confident that Go 2 will bring a lot of exciting features and enhancements, not many are a fan of some of the proposed features, for instance, the try function. “I dislike the try implementation, one of Go's strengths for me after working with Scala is the way it promotes error handling to a first class citizen in writing code, this feels like its heading towards pushing it back to an afterthought as tends to be the case with monadic operations,” a developer commented on Hacker News. Some Twitter users also expressed their dislike towards the proposed try function: https://twitter.com/nicolasparada_/status/1144005409755357186 https://twitter.com/dullboy/status/1143934750702362624 These were some of the updates proposed for Go 1.13 and Go 1.14. To know more about this news, check out the Go Blog. Go 1.12 released with support for TLS 1.3, module support among other updates Go 1.12 Release Candidate 1 is here with improved runtime, assembler, ports and more State of Go February 2019 – Golang developments report for this month released  

Have you heard about the latest VPNFilter Malware attack? In brief, the software networking firm and its network analysis department known as ‘Talos’ identified a malware known as VPNFilter a few weeks ago. Something about these attacks made them particularly risky. If you are an individual or any small or medium business organization accessing the internet using routers from companies such as Linksys, Netgear, QNAP, TP-Link, ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE then you are vulnerable to the VPNFilter malware attack. Read on to understand where do you stand and what you can do to avoid falling victim of this vicious malware attack. How VPNFilter malware works? The first thing that you need to understand is that VPNFilter has a 3 stage attack procedure. The first stage, which is one of the most potent and dangerous one too, plants itself into the router firmware. In most malware attack cases, a reboot would make the malware go away. That’s where VPNFilter stands out. It persists through the reboot and after the reboot it initiates the second stage. The second stage is about spying on the user activity and data and then storing and accessing user data, tracking the URLs and getting to know more about the victim. The most terrifying factor is that the user never realizes that they have been attacked. The reason being that VPNFilter uses the technique of “Man in the Middle” or MitT attack. What happens in this form of cyber attack is that the spyware gets attached to the router and then collects user data and prepares for a larger assault while the user is completely unaware of it. The image below explains the process.     Source: Yeahhub.com If this seems scary to you then you haven’t yet heard the interesting bit yet. The third stage is about introducing different plugins which can perform different types of actions. One of them is it can downgrade the security level of your requests from HTTPS to HTTP protocol. This in turn makes your data unencrypted and also makes your passwords and other valuable data open to anyone who is snooping on your network. The rest of the hacking process then eventually becomes much easier. Imagine what could happen if you logged in to a social media platform or into your netbanking application and the data is phished away. The worst part is that you won’t even know that your account is hacked until the hackers expose themselves by making malicious transactions. The horror story doesn’t end here, it also comes with a “Remote Destroy” button. This enables the hackers to delete important network and configuration files from your router before destroying the malware and this means your router will be rendered useless after they choose to do so. This gives them the power to disrupt internet connectivity on a global scale since the number of routers presently affected can be anywhere around 500k. Is there a way out? How can you save your router from this onslaught. Rebooting doesn’t work. The only way that some groups have suggested is to restore factory defaults of your router, upgrade the firmware of your router, and log in with your credentials. This three step process might be the only way you can get away from this attack. How to know that your router is no good? Try updating it to the latest version of firmware, if it says unable to upgrade, you can be damn sure of the fact that it’s time for you to buy a new one. BeyondCorp is transforming enterprise security Top 5 cybersecurity assessment tools for networking professionals IoT Forensics: Security in an always connected world where things talk

In 2016, Apache decided to start integrating GitHub’s repository and tooling with their own services. After working on the integration over the years, they made a move towards simplifying how they work and move all Git projects to GitHub. By February, this year, Apache completed the migration to GitHub and enabled all the projects with a simple platform to host and review code, collaborate on projects, and build software alongside developers around the world. Greg Stein, ASF Infrastructure Administrator, said, "In 2016, the Foundation started integrating GitHub's repository and tooling, with our own services. This enabled selected projects to use GitHub's excellent tools. Over time, we improved, debugged, and solidified this integration. In late 2018, we asked all projects to move away from our internal git service, to that provided by GitHub. This shift brought all of their tooling to our projects, while we maintain a backup mirror on our infrastructure." Yesterday, Apache Software Foundation (ASF) finally joined the GitHub open source community. Apache Software Foundation has about 200M+ lines of code that are managed by an all-volunteer community of 730 individuals. Nat Friedman, Chief Executive Officer of GitHub, said on this announcement, "We're proud to have such a long standing member of the Open Source community migrate to GitHub. Whether we're working with individual Open Source maintainers and contributors or some of the world's largest Open Source foundations like Apache, GitHub's mission is to be the home for all developers by supporting Open Source communities, addressing their unique needs, and helping Open Source projects thrive." Initially, Apache projects had two version control services, Apache Subversion and Git. As the number of projects increased, ASF communities wanted to see their source code available on GitHub because the codes were read-only mirrors. Also, the ability to use the GitHub tools around those repositories was very limited. This made Apache take the decision to join GitHub. Greg Stein further added, "We continue to experiment and expand the set of services that GitHub can provide to our communities, given our own needs and requirements. The Foundation has started working closely with GitHub management to explore ways to make this happen, and what will be possible in the future." Many users think that the reason for Apache to migrate to GitHub was the increasing cost of managing the code and infrastructure. A user commented on HackerNews, “Apparently, one of the big motivating reasons for this was "cost". The foundation’s 2018 five-year strategic plan noted that infrastructure services account for more than 80 percent of the total ASF expense budget, adding: Increasingly, project communities have infrastructure requirements that strain the capabilities of the ASF. The report noted that, given burgeoning costs, encouraging the use of more externally provided services was its best option.” Another comment reads, “Holy shit, they're spending $800k a year on infrastructure! Honestly, it's difficult to understand why they haven't sooner moved to GitHub, or even GitLab or the like - it feels reckless. That money could be put to far greater use - as an Apache supporter who hasn't ever felt the need to look at their costs, I have to say that I'm very disappointed.” To know more about this news, check out Apache’s blog post. Microsoft and GitHub employees come together to stand with the 996.ICU repository ‘Developers’ lives matter’: Chinese developers protest over the “996 work schedule” on GitHub GitHub releases Vulcanizer, a new Golang Library for operating Elasticsearch    

The Game studio, who brought the phenomenal online video game Fortnite to life, has launched an Epic games store. In a blog post on the Unreal Engine website, Epic stated that the store will have a “fair economics and a direct relationship with players”. All players who buy a game will be subscribed to a developer’s newsfeed where they can contact them for updates and news about upcoming releases. Developers can also control their game pages and connect with YouTube content creators, Twitch streamers, and bloggers with the recently launched Support-A-Creator program. Epic games store will also follow an 88/12 revenue split. “Developers receive 88% of revenue,” the company wrote. “There are no tiers or thresholds. Epic takes 12%. And if you’re using Unreal Engine, Epic will cover the 5% engine royalty for sales on the Epic Games store, out of Epic’s 12%.” Source: Unreal Engine Epic’s inspiration for the 88/12 split may have possibly been taken from Valve’s Steam store (a major competitor to Epic games) who have tweaked their revenue making process. “Starting from October 1, 2018, when a game makes over $10 million on Steam, the revenue share for that application will adjust to 75 percent/25 percent on earnings beyond $10 million,” Valve wrote in the official blog post. “At $50 million, the revenue share will adjust to 80 percent/20 percent on earnings beyond $50 million. The Epic game store with launch with a few selected games on PC and Mac, then it will open up to other games and to Android and other open platforms throughout 2019. With this move, Epic Games are looking to attract more gamers and developers to their platform. And a better revenue split will automatically do most of the work for them. Developer-favour revenue splitting will also increase the market where previously there was a lack of competition in PC-game distribution by the immovable 30/70 split. Twitteratis were fairly happy with this announcement and expressed their feelings and agreed on it to being a threat to Valve. https://twitter.com/Grummz/status/1069975572984385537 https://twitter.com/SpaceLyon/status/1069979966501208065 https://twitter.com/lucasmtny/status/1069970212424953857 https://twitter.com/nickchester/status/1069970684112265217 The Epic Games team will reveal more details on upcoming game releases at the Game Awards this Thursday. Read the blog post by Epic games to know more. Epic games CEO calls Google “irresponsible” for disclosing the security flaw in Fortnite Android Installer before patch was ready Google is missing out $50 million because of Fortnite’s decision to bypass Play Store Implementing fuzzy logic to bring AI characters alive in Unity based 3D games

In a blog post, the ESLint team talks about the future of ESLint on TypeScript. Earlier, the TypeScript team talked about their future and including ESLint into their repository to improve compatibility between the two. Based on the feedback from the TypeScript community, it was discovered that the linting experience was not that good in TypeScript. They then announced support for both ESLint and TSLint. The former worked well with TypeScript while TSLint would cause duplicate work and induce some breaking changes. Also, some lint rules were not present in TSLint. Hence the focus has been on incorporating ESLint. Many members from the ESLint team have been working to improve its compatibility with TypeScript. The focus of this earlier work was on the TypeScript parser and typescript-eslint-parser. Other than that there were efforts also on eslint-plugin-typescript which was maintained by individual team members. The Typescript parser will become an important part in the integration of the two and the ESLint teams want to ensure its proper maintenance. The typescript-eslint project A key contributor working on ESLint compatibility in TypeScript, James Henry started the typescript-eslint project as a centralized repository. It contains all things pertaining to TypeScript ESLint compatibility and will be housing TypeScript parser, eslint-plugin-typescript, and other utilities that aid in the TypeScript ESLint integration. However, the ESLint team itself won’t be formally a part of this project but seem to be supportive of Henry’s efforts. ESLint’s future in TypeScript The ESLint official team will no longer maintain the typescript-eslint-parser. The repository is now archived and there will be no future released of typescript-eslint-parser in npm. Users who are using typescript-eslint-parser are advised to switch to @typescript-eslint/parser. The typescript-eslint repository will be updated for any new developments on ESLint support in TypeScript. Announcing ‘TypeScript Roadmap’ for January 2019- June 2019 TypeScript 3.2 released with configuration inheritance and more Introducing ReX.js v1.0.0 a companion library for RegEx written in TypeScript

Cycle.js is a functional and reactive JavaScript framework for writing predictable code. The apps built with Cycle.js consist of pure functions, which means it only takes inputs and generates predictable outputs, without performing any I/O effects. What is the basic concept behind Cycle.js? Cycle.js considers your application as a pure main() function. It takes inputs that are read effects (sources) from the external world and gives outputs that are write effects (sinks) to affect the external world. Drivers like plugins that handle DOM effects, HTTP effects, etc are responsible for managing these I/O effects in the external world. Source: Cycle.js The main() is built using Reactive Programming primitives that maximize separation of concerns and provides a fully declarative way of organizing your code. The dataflow in your app is clearly visible in the code, making it readable and traceable. Here are some of its properties: Functional and reactive As Cycle.js is functional and reactive, it allows developers to write predictable and separated code. Its building blocks are reactive streams from libraries like RxJS, xstream or Most.js. These greatly simplify code related to events, asynchrony, and errors. This application structure also separates concerns as all dynamic updates to a piece of data are co-located and impossible to change from outside. Simple and concise This framework is very easy to learn and get started with as it has very few concepts. Its core API has just one function, run(app, drivers). Apart from that, we have streams, functions, drivers, and a helper function to isolate scoped components. Its most of the building blocks are just JavaScript functions. Functional reactive streams are able to build complex dataflows with very few operations, which makes apps in Cycle.js very small and readable. Extensible and testable In Cycle.js, drivers are simple functions that take messages from sinks and call imperative functions. All I/O effects are done by the drivers, which means your application is just a pure function. This makes it very easy to swap the drivers around. Currently, there are drivers for React Native, HTML5 Notification, Socket.io, and so on. Also, with Cycle.js, testing is just a matter of feeding inputs and inspecting the output. Composable As mentioned earlier, a Cycle.js app, no matter how complex it is, is a function that can be reused in a larger Cycle.js app. Sources and sinks in these apps act as interfaces between the application and the drivers, but they are also the interface between a child component and its parent. Its components are not just GUI widgets like in other frameworks. You can make Web Audio components, network requests components, and others since the sources/sinks interface is not exclusive to the DOM. You can read more about Cycle.js on its official website. Introducing Howler.js, a Javascript audio library with full cross-browser support npm at Node+JS Interactive 2018: npm 6, the rise and fall of JavaScript frameworks, and more InfernoJS v6.0.0, a React-like library for building high-performance user interfaces, is now out