Tech News

A Security researcher from Google’s Project Zero team recently revealed a high severity flaw in the macOS kernel that allows a copy-on-write (COW) behavior, a resource-management technique, also referred to as shadowing. The researcher informed Apple about the flaw back in November 2018, but the company is yet to fix it even after exceeding the 90-day deadline. This is the reason why the bug is now being made public with a "high severity" label. According to a post on Monorail, the issue tracking tool is for chromium-related projects, “The copy-on-write behavior works not only with anonymous memory but also with file mappings. This means that, after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem.” “This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug. MacOS permits normal users to mount filesystem images. When a mounted filesystem image is mutated directly (e.g. by calling pwrite() on the filesystem image), this information is not propagated into the mounted filesystem”, the post further reads. According to a Google project member, “We've been in contact with Apple regarding this issue, and at this point no fix is available. Apple is intending to resolve this issue in a future release, and we're working together to assess the options for a patch. We'll update this issue tracker entry once we have more details.” A user commented on HackerNews, “Given the requirements that a secondary process should even be able to modify a file that is already open, I guess the expected behavior is that the 1st process's version should remain cached in memory while allowing the on-disk (CoW) version to be updated? While also informing the 1st process of the update and allowing the 1st process to reload/reopen the file if it chooses to do so. If this is the intended/expected behavior, then it follows that pwrite() and other syscalls should inform the kernel and cause prevent the origional cache from being flushed.” To know more about this news, head over to the bug issue post. Drupal releases security advisory for ‘serious’ Remote Code Execution vulnerability Google’s home security system, Nest Secure’s had a hidden microphone; Google says it was an “error” Firedome’s ‘Endpoint Protection’ solution for improved IoT security

Today an exciting news was awaiting the Next.js users, five months after Next.js 8 was released. Today the Next.js team has released their next version Next.js 9. The major highlights of this release are the built in zero-config TypeScript support, automatic static optimization, API routes and improved developer experience. All the features are backwards compatible with the earlier versions of Next.js. Some of the major features are explained in brief below: Built-In Zero-Config TypeScript Support Automated Setup Getting started with TypeScript in Next.js is easy: rename any file, page or component, from ‘.js’ to ‘.tsx’. Then, run ‘next dev’. Next.js will also create a default ‘tsconfig.json’ with sensible defaults, if not already present. Integrated Type-Checking While in development Next.js will show type errors after saving a file. Type-checking happens in the background, allowing users to interact with the updated application in the browser instantly. Type errors will propagate to the browser as they become available. Next.js will also automatically fail the production build, if type errors are present. This helps prevent shipping broken code to production. Dynamic Route Segments Next.js supports creating routes with basic named parameters, a pattern popularized by ‘path-to-regexp’. Creating a page that matches the route ‘/post/:pid’ can now be achieved by creating a file in your pages directory named: ‘pages/post/[pid].js’. Next.js will automatically match requests like ‘/post/1, /post/hello-nextjs’, etc and render the page defined in ‘pages/post/[pid].js’. The matching URL segment will be passed as a query parameter to your page with the name specified between the ‘[square-brackets]’. Automatic Static Optimization Starting with Next.js 9, users will no longer have to make the choice between fully server-rendering or statically exporting their application. Users can now do both on a per-page basis. Automatic Partial Static Export A heuristic was introduced to automatically determine if a page can be prerendered to static HTML using ‘getInitialProps’. This allows Next.js to emit hybrid applications that contain both server-rendered and statically generated pages. The built-in Next.js server (‘next start’) and programmatic API (‘app.getRequestHandler()’) both support this build output transparently. There is no configuration or special handling required. Statically generated pages are still reactive: Next.js will hydrate the application client-side for full interactivity. Furthermore, Next.js will update the application after hydration also, if the page relies on query parameters in the URL. API Routes To start using API routes, users have to create a directory called ‘api/’ inside the ‘pages/ directory’. All files in this directory will be automatically mapped to ‘/api/<your route>’, in the same way as other page files are mapped to routes. All the files inside the ‘pages/api/’ directory export a request handler function instead of a React Component. Besides using incoming data, the API endpoint will also return data. Next.js will provide ‘res.json()’ by default making it easier to send data. When making changes to API endpoints in development, the user need not restart the server as the code is automatically reloaded. Production Optimizations Prefetching in-Viewport <Link>s Next.js 9 will automatically prefetch <Link> components as they appear in-viewport. This feature improves the responsiveness of users application by making navigations to new pages quicker. Next.js uses an Intersection Observer to prefetch the assets necessary in the background. These requests have low-priority and yield to ‘fetch()’ or XHR requests. Next.js will avoid automatically prefetching if the user has data-saver enabled. Optimized AMP by Default Next.js 9 will render optimized AMP by default. Optimized AMP is up to 50% faster than traditional AMP. Dead Code Elimination for typeof window Branches Next.js 9 replaces ‘typeof window’ with its appropriate value (undefined or object) during server and client builds. This change allows Next.js to remove dead code from compiled code automatically. Developer Experience Improvements Next.js 9 aims to bring unobtrusive and ease-of-use improvements to help its users develop in the best way. Compiling Indicator An RFC / "good first issue" has been created to discuss potential solutions for the problem of indicating that work is being done. Users will also see a small triangle to show that Next.js is doing compilation work, at the bottom right corner of the page. Console Output Starting from Next.js 9, the log output will jump less and will no longer clear the screen. This allows for a better overall experience as the users terminal window will have more relevant information and will flicker less, while Next.js will integrate better. Users are very happy with the striking features introduced in Next.js 9. https://twitter.com/johnbrett_/status/1148167900840255489 https://twitter.com/chanlitohem/status/1148167705834352640 A user on Reddit says that, “That API routes feature looks amazing. Will definitely check it out.” Another Redditor comments, “Gonna give v9 a try today. Very stoked for the new dynamic routing!” Head over to the Next.js official blog for more details. Next.js 7, a framework for server-rendered React applications, releases with support for React context API and Webassembly Meet Sapper, a military grade PWA framework inspired by Next.js 16 JavaScript frameworks developers should learn in 2019

On August 23, Jonathan Turner, an Azure SDK developer introduced a new shell written in Rust, called Nushell or ‘Nu’. This Rust-based shell is inspired by the “classic Unix philosophy of pipelines, the structured data approach of PowerShell, functional programming, systems programming, and more,” Turner writes in his official blog. The idea of Nushell struck when Turner’s friend Yehuda Yatz demonstrated the working of Powershell. Yatz asked Turner if he could join in his project “we could take the ideas of a structured shell and make it more functional (as opposed to object-oriented)? What if, like PowerShell, it worked on Windows, Linux, and macOS? What if it had great error messages?” Turner highlights the fact that “everything in Nu is data”; this means when a user tries other commands and realize that they are using the same commands to filter, to sort, etc. Rather than having the need to remember all the parameters to all the commands, they can just use the same verbs to act over our data, regardless of where the data came from. Nu also understands structured text files like JSON, TOML, YAML, and allows users to manipulate their data, and much more. “You get used to using the verbs, and then you can use them on anything. When you’re ready, you can write it back to disk,” Turner writes. Nu also supports opening and looking at the text and binary data. On opening a source file, users can scroll around in a syntax-highlighted file. Further on opening an xml, they can look at its data. They can even open a binary file and look at what’s inside. Turner mentions that there is a lot one might want to explore with Nushell. Hence, the team has released Nu with the ability to extend it with plugins. Nu will look for these plugins in your path, and load them up on startup. Rust language is the major backbone for this project and Nushell would not have been possible without Rust, Turner exclaims. Nu internally uses async/await, async streams, and employs liberal use of “serde” to manage serializing and deserializing into the common data format and to communicate with plugins. Nushell GitHub page reads, “This project has reached a minimum-viable product level of quality. While contributors dogfood it as their daily driver, it may be instable for some commands. Future releases will work fill out missing features and improve stability. Its design is also subject to change as it matures.” The team will further work towards stability, the ability to use Nu as the main shell, the ability to write functions and scripts in Nu, and much more. Users can also read the book on Nu, available in both English and Spanish language. To know more about this news in detail, head over to Jonathan Turner’s official blog post or visit Nushell’s GitHub page. Announcing ‘async-std’ beta release, an async port of Rust’s standard library Rust 1.37.0 releases with support for profile-guided optimization, built-in cargo vendor, and more Weaponizing PowerShell with Metasploit and how to defend against PowerShell attacks [Tutorial]

Apple announced Swift 5 for Xcode 10.2 yesterday. The latest Swift 5 update in Xcode 10.2 explores new features and changes to App thinning, Swift Language, Swift Standard Library, Swift Package Manager, and Swift Compiler. Swift is a popular general-purpose, compiled programming language developed by Apple Inc. for iOS, macOS, watchOS, tvOS, and beyond. Writing Swift code is interactive and its syntax is concise yet expressive. Swift code is safe and comprises all modern features. What’s new in Swift 5 for Xcode 10.2? In Xcode 10.2, the Swift command-line tools now require the Swift libraries in macOS. These libraries are included by default in Swift, starting with macOS Mojave 10.14.4. App Thinning Swift apps now no longer include dynamically linked libraries for the Swift standard library as well as the Swift SDK overlays in build variants for devices that run iOS 12.2, watchOS 5.2, and tvOS 12.2. This results in Swift apps getting smaller once they’re shipped in the App Store or thinned in an app archive for development distribution. Swift Language String literals in Swift 5 can be expressed with the help of enhanced delimiters. A string literal consisting of one or more number signs (#) before the opening quote considers backslashes and double-quote characters as literal. Also, Key paths can now support the identity keypath (\.self) i.e. a WritableKeyPath that refers to its entire input value. Swift Standard Library The standard library in Swift now consists of the Result enumeration with Result.success(_:) and Result.failure(_:) cases. Due to the addition of Standard Library, the Error protocol now conforms to itself and makes working with errors easier. The SIMD types and basic operators have now been defined in the standard library. Set and Dictionary also make use of a different hash seed now for each newly created instance. The DictionaryLiteral type has been renamed as KeyValuePairs in Swift 5. The String structure’s native encoding has been switched from UTF-16 to UTF-8. This improves the relative performance of String.UTF8View as compared to String.UTF16View. Swift Package Manager Targets can now declare the commonly used, target-specific build settings while using the Swift 5 Package.swift tools-version. A new dependency mirroring feature in Swift 5 enables the top-level packages to override dependency URLs. Package manager operations have become significantly faster for larger packages. Swift Compiler Size taken up by Swift metadata can be reduced now as the Convenience initializers defined in Swift only allocates an object ahead of time in case its calling a designated initializer defined in Objective-C. C types consisting of alignment greater than 16 bytes are no longer available in Swift. Swift 3 mode has been deprecated. Supported values for the -swift-version flag has become 4, 4.2, and 5.Default arguments can now be printed in SourceKit-generated interfaces for Swift modules. For more information, check out the official Swift 5 for Xcode 10.2 release notes. Swift 5 for Xcode 10.2 beta is here with stable ABI Exclusivity enforcement is now complete in Swift 5 ABI stability may finally come in Swift 5.0

Last week, Snyk, an open-source security platform published the State of JavaScript frameworks security report 2019. This report mainly focuses on security vulnerabilities and risks in React and Angular ecosystems. It further talks about security practices in other common JavaScript frontend ecosystem projects including Vue.js, Bootstrap, and JQuery. https://twitter.com/snyksec/status/1189527376197246977 Key takeaways from the State of JavaScript frameworks security report Security vulnerabilities in core Angular and React projects In the report, the ‘react’, ‘react-dom’, and ‘prop-types’ libraries were considered as the core modules of React since they often form the foundation for React web applications. Snyk’s research team was able to find three cross-site scripting (XSS) vulnerabilities in total: two in ‘react’ and one in ‘react-dom’. The two vulnerabilities in the ‘react’ library were present in its pretty older versions, 0.5.x versions and the versions prior to 0.14. However, the vulnerability in react-dom was found in a recent release, version 16.x. Its occurrence depends on other pre-conditions as well, such as using the library within a server-rendering context. All these vulnerabilities’ Common Vulnerability Scoring System (CVSS) score ranged 6.5 and 7.1, which basically means that they were all medium to high severity vulnerabilities. Coming to Angular, Snyk found 19 vulnerabilities across six different release branches of Angular 1.x or AngularJS, which is no longer maintained. Angular 1.5 has the highest number of vulnerabilities, with seven vulnerabilities in total. Out of those seven, three had high severity and four had medium severity. The good thing is that with every new version, the vulnerabilities have decreased both in terms of severity and count. Security risks of indirect dependencies React and Angular projects are often generated with a scaffolding tool that provides a boilerplate. While in React, we use the ‘create-react-app’ npm package, in Angular we use the ‘@angular/cli’ npm package. In a sample React and Angular project created using these scaffolding tools, it was found that both included development dependencies with vulnerabilities. The good thing is that neither of them had any production dependency security issues. “It’s worthy to note that Angular relies on 952 dependencies, which contain a total of two vulnerabilities; React relies on 1257 dependencies, containing three vulnerabilities and one potential license compatibility issue,”  the report states. Here’s the list of security vulnerabilities that were found in these sample projects: Source: Snyk Security vulnerabilities in the Angular module ecosystem For the purposes of this study, the Snyk research team divided the Angular ecosystem into three areas: Angular ecosystem modules, malicious versions of modules, developer tooling. The Angular module ecosystem has the following vulnerable modules: Source: Snyk Talking about the malicious versions of modules, the report lists three malicious versions for the ‘angular-bmap’, ‘ng-ui-library’, ‘ngx-pica’ modules. The ‘angular-bmap’ 0.0.9 version included a malicious code that collected sensitive information related to password and credit cards from forms. It then used to send this information to an attacker-controlled URL. Thankfully, this version is now taken down from the npm registry. The ‘ng-ui-library’ 1.0.987 has the same malicious code as  ‘angular-bmap’ 0.0.9, despite that it is still maintained. The third module, 'ngx-pica' (from versions 1.1.4 to 1.1.6) also has the same malicious code as the above two modules. In developer tooling, the module ‘angular-http-server’ was found vulnerable to directory traversal twice. Security vulnerabilities in the React module ecosystem In React’s case, Snyk found four malicious packages namely ‘react-datepicker-plus’, ‘react-dates-sc’, ‘awesome_react_utility’, and ‘reactserver-native’. These contain malicious code that harvests credit card and other sensitive information and attacks compromised modules on the React ecosystem. Notable vulnerable modules that were found in React’s ecosystem during this study: The ‘react-marked-markdown’ module has a high-severity XSS vulnerability that does not have any fix available as of now. The ‘preact-render-to-string’ library is vulnerable to XSS in all versions prior to 3.7.2. The ‘react-tooltip’ library is vulnerable to XSS attacks for all versions prior to 3.8.1. The ‘react-svg’ library has a high severity XSS vulnerability that was disclosed by security researcher Ron Perris affecting all versions prior to 2.2.18. The 'mui-datatables' library has the CSV Injection vulnerability. “When we track all the vulnerable React modules we found, we count eight security vulnerabilities over the last three years with two in 2017, six in 2018 and two up until August 2019. This calls for responsible usage of open source and making sure you find and fix vulnerabilities as quickly as possible,” the report suggests. Along with listing the security vulnerabilities in React and Angular, the report also shares the overall security posture of the two. This includes secure coding conventions, built-in secure capabilities, responsible disclosure policies, and dedicated security documentation for the project. Vue.js security In total, four vulnerabilities were detected in the Vue.js core project spanning from December 2017 to August 2018: three medium and one low regular expressions denial of service vulnerability. As for Vue’s module ecosystem, the report lists the following vulnerable modules: The ‘bootstrap-vue’ library has a high severity XSS vulnerability that was disclosed in January 2019 and affects all versions prior to <2.0.0-rc.12. The ‘vue-backbone’ library had a malicious version published. Bootstrap security The Snyk research team was able to track a total of seven XSS vulnerabilities in Bootstrap. Out of those seven, three were disclosed in 2019 for recent Bootstrap v3 versions and three security vulnerabilities were disclosed in 2018, one of which affects the newer 4.x Bootstrap release. All these vulnerabilities have security fixes and an upgrade path for users to remediate the risks. Among the vulnerable modules in the Bootstrap ecosystem are: The ‘bootstrap-markdown’ library that includes an unfixed XSS vulnerability affecting all versions. The ‘bootstrap-vuejs’ library has a high severity XSS vulnerability that affects all versions prior to bootstrap-vue 2.0.0-rc.12. The ‘bootstrap-select’ library also includes a high severity XSS vulnerability. This article touched upon some of the key findings of the report. Check out the full report by Snyk to know more in detail. React Native 0.61 introduces Fast Refresh for reliable hot reloading React Conf 2019: Concurrent Mode preview out, CSS-in-JS, React docs in 40 languages, and more Vue maintainers proposed, listened, and revised the RFC for hooks in Vue API

Project Jupyter released Jupytext, last week, a new project which allows you to convert Jupyter notebooks to and from Julia, Python or R scripts (extensions .jl, .py and .R), markdown documents (extension .md), or R Markdown documents (extension .Rmd). It comes with features such as writing notebooks as plain text, paired notebooks, command line conversion, and round-trip conversion. It is available from within Jupyter. It allows you to work as you would usually do on your notebook in Jupyter, and save and read it in the formats you select. Let’s have a look at its major features.  Writing notebooks as plain text Jupytext allows plain scripts that you can draft and test in your favorite IDE and open naturally as notebooks in Jupyter. You can run the notebook in Jupyter for generating output, associating a .ipynb representation, along with saving and sharing your research. Paired Notebooks Paired notebooks let you store a .ipynb file alongside the text-only version. Paired notebooks can be enabled by adding a jupytext_formats entry to the notebook metadata with Edit/Edit Notebook Metadata in Jupyter's menu. On saving the notebook, both the Jupyter notebook and the python scripts are updated. Command line conversion There’s a jupytext script present for command line conversion between the various notebook extensions: jupytext notebook.ipynb --to md --test      (Test round-trip conversion) jupytext notebook.ipynb --to md --output      (display the markdown version on screen) jupytext notebook.ipynb --to markdown           (create a notebook.md file) jupytext notebook.ipynb --to python               (create a notebook.py file) jupytext notebook.md --to notebook              (overwrite notebook.ipynb) (remove outputs) Round-trip conversion Round-trip conversion is also possible with Jupytext. Converting Script to Jupyter notebook to script again is identity, meaning that on associating a Jupyter kernel with your notebook, the information will go to a yaml header at the top of your script. Converting Markdown to Jupyter notebook to Markdown is again identity. Converting Jupyter to script, then back to Jupyter preserves source and metadata. Similarly, converting Jupyter to Markdown, and Jupyter again preserves source and metadata (cell metadata available only for R Markdown). For more information on, check out the official release notes. 10 reasons why data scientists love Jupyter notebooks Is JupyterLab all set to phase out Jupyter Notebooks? How everyone at Netflix uses Jupyter notebooks from data scientists, machine learning engineers, to data analysts

Today, the CentOS community released the much-awaited CentOS 8 (1905). RHEL 8 was released in May this year at the Red Hat Summit 2019. Users were highly anticipating this CentOS 8 rebuild. In CentOS 8, the community has partnered more closely with Fedora and will be sharing git repos with the Fedora system. Highlights of CentOS 8 As the CentOS Linux distribution is a platform derived from the sources of Red Hat Enterprise Linux (RHEL), it conforms fully with Red Hat's redistribution policy and aims to have full functional compatibility with the upstream product. Version control system and Database servers It will provide version control systems such as Git 2.18, Mercurial 4.8, and Subversion 1.10. Database servers such as MariaDB 10.3, MySQL 8.0, PostgreSQL 10, PostgreSQL 9.6, and Redis 5 have been included. GNOME Shell GNOME Shell has been rebased to version 3.28. The GNOME session and the GNOME Display Manager use Wayland as their default display server. The X.Org server, which is the default display server in RHEL 7, is available as well. Cryptography policies System-wide cryptographic policies, which configures the core cryptographic subsystems, covering the TLS, IPsec, SSH, DNSSEC, and Kerberos protocols, are applied by default. Python updates As Python 3.6 is the default Python implementation in RHEL 8, CentOS may get similar Python default updates. Also, limited support for Python 2.7 may be provided. No version of Python is installed by default. To know about all the highlights in detail, read the upstream Release Notes Deprecated functionalities Assuming the deprecations in RHEL 8, similar CentOS 8 features have been deprecated. The --interactive option of the ignoredisk Kickstart command has been deprecated. NFSv3 over UDP has been disabled. Digital Signature Algorithm (DSA) and Network scripts have been deprecated. TLS 1.0 and TLS 1.1 are deprecated To know more about the deprecated functionalities read the upstream documentation. Removed security functionality The Clevis HTTP pin has been removed shadow-utils no longer allow all-numeric user and group names securetty is now disabled by default To know more about the other removed security functionalities, read the upstream documentation. Known issues in CentOS 8 If the user is planning to install CentOS-8 in a VirtualBox guest, you should not select "Server with a GUI" (default) during the installation. Support for some adapters have been removed CentOS-8. ELRepo offers driver update disks (DUD) for some of those that are still commonly used. For the list of the device IDs provided by the ELRepo packages, please see here. Once CentOS-8 is installed, you can use the centosplus kernel (kernel-plus) which has support for those devices. While using the boot.iso and NFS to install, the automatic procedure for adding the AppStream-Repo will fail. You have to disable it and add the right NFS-path manually. To install and use CentOS 8 (1905), a minimum of 2 GB RAM is required. The community members recommend at least 4 GB RAM for it to function smoothly. To know more about CentOS 8 in detail, read CentOS wiki page. Other news in Tech .NET Core 3.0 is now available with C# 8, F# 4.7, ASP.NET Core 3.0 and general availability of EF Core 3.0 and EF 6.3 Introducing Weld, a runtime written in Rust and LLVM for cross-library optimizations Nim 1.0 releases with improved library, backward compatibility and more

Yesterday, the team behind Dark programming language has unveiled Darklang’s private beta version. Dark is a holistic programming language, editor, and infrastructure for building backends. Developers can write in the Dark language, using the Dark editor, and the program is hosted on Dark’s infrastructure. As a result, they can code without thinking about infrastructure, and have safe instant deployment, which the team is calling “deployless” development. According to the team, backends today are too complicated to build and they have designed Dark in a way to reduce that complexity. Ellen Chisa, CEO of the Dark says, “Today we’re releasing two videos showing how Dark works. And demonstrate how to build a backend application (an office sign-in app) in 10 minutes.” Paul Biggar, the CTO also talks about the Dark’s philosophy and the details of the language, the editor and the infrastructure. He also shows how they make “deployless” safe with feature flags and versioning, and how Dark allows to introspect and debug live requests. Alpha users of Darklang build backends for web and mobile applications The Dark team says that during the private alpha, developers have built entire backends in Dark. Chase Olivieri built Altitude, a flight deal subscription site. Julius Tarng moved the backend of Tokimeki Unfollow to Dark for scalability. Jessica Greenwalt & Pixelkeet ported Birb, their internal project tracker, into a SaaS for other design studios to use. The team has also seem alpha users build backends for web and mobile applications, internal tools, Slackbots, Alexa skills, and personal projects. And they’ve even started building parts of Dark in Dark, including their presence service and large parts of the signup flow. Additionally, the team will let you in the private beta of Darklang immediately if the developers have their project well-scoped and ready to get started. Community unhappy with private version, and expect open-source On Hacker News, users are discussing that in this time and age if there is any new programming language, it has to be open-source. One of them commented, “Is there an open source version of the language? ...bc I'm not touching a programming language with a ten foot pole if it hasn't got at least two implementations, and at least one open source :| Sure, keep the IDEs and deployless infrastructure and all proprietary, but a core programming language in 2019 can only be open-source. Heck, even Microsoft gets it now.” Another one says, “They are 'allowing' people into a private beta of a programming language? Coupled with the fact it is not open source and has a bunch of fad ad-tech videos on the front page this is so many red flags.” While others compare Dark with different programming languages, mainly Apex, Rust and Go. A user comment reads, “I see a lot of Parse comparisons, but for me this is way more like Force.com from Salesforce and the Apex language. Proprietary language (Apex, which is Java 6-ish), complete vertical integration, no open source spec or implementation.” Another one says, “Go - OK, it has one implementation (open-source), but it's backed by one big player (Google) and used by many others... also the simplicity at core design decisions sound like the kind of choices that would make an alternative compiler easier to implement than for other languages Rust - pretty fast growing open-source community despite only one implementation... but yeah I'm sort of worried that Rust is a "hard to implement" kind of language with maybe a not high enough bus factor... similar worries for Julia too But tbh I'm not drawn much to either Go and Rust for other reasons - Go is too verbose for my taste, no way to write denser code that highlights the logic instead of the plumbing, and it has a "dumb" type system, Rust seems a really bad choice for rapid prototyping and iteration which is what I care about now.” Other interesting news in programming this week Introducing ‘ixy’, a simple user-space network driver written in high-level languages like Rust, Go, and C#, among others TextMate 2.0, the text editor for macOS releases GNU community announces ‘Parallel GCC’ for parallelism in real-world compilers

Back in July 2010, Graydon Hoare showcased the Rust programming language for the very first time at Mozilla Annual Summit. Rust is an open-source system programming language that was created with speed, memory safety, and parallelism in mind. Looking at Rust’s memory and thread safety guarantees, a supportive community, a quickly evolving toolchain, many major projects are being rewritten in Rust. And, one of the major ones was Servo, an HTML rendering engine that will eventually replace Firefox’s rendering engine. Mozilla is also using Rust for rewriting many other key parts of Firefox under Project Quantum. Fastly chose Rust to implement Lucet, its native WebAssembly compiler and runtime. More recently, Facebook also chose Rust to implement its controversial Libra blockchain. As the 9th anniversary of the day when Hoare first presented Rust in front of a large audience is approaching, The New Stack took a very interesting interview with him. In the interview, he talked about the current state of system programming, how safe he considers our current complex systems are, how they can be made safer, and more. Here are the key highlights from the interview: Hoare on a brief history of Rust Hoare started working on Rust as a side-project in 2006. Mozilla, his employer at that time, got interested in the project and provided him a team of engineers to help him in the further development of the language. In 2013, he experienced burnout and decided to step down as a technical lead. After working on some less-time-sensitive projects, he quit Mozilla and worked for the payment network, Stellar. In 2016, he got a call from Apple to work on the Swift programming language. Rust is now being developed by the core teams and an active community of volunteer coders. This programming language that he once described as “spare-time kinda thing” is being used by many developers to create a wide range of new software applications from operating systems to simulation engines for virtual reality. It was also "the most loved programming language" in the Stack Overflow Developer Survey for four years in a row (2016-2019). Hoare was very humble about the hard work and dedication he has put into creating the Rust programming language. When asked to summarize Rust’s history he simply said that “we got lucky”.  He added, “that Mozilla was willing to fund such a project for so long; that Apple, Google, and others had funded so much work on LLVM beforehand that we could leverage; that so many talented people in academia, industry and just milling about on the internet were willing to volunteer to help out.” The current state of system programming and safety Hoare considers the state of system programming language “healthy” as compared to the starting couple of decades in his career. Now, it is far easier to sell a language that is focused on performance and correctness. We are seeing more good languages coming into the market because of the increasing interaction between academia and industry. When asked about safety, Hoare believes that though we are slowly taking steps towards better safety, the overall situation is not getting better. He attributes building a number of new complex computing systems is making it worse. He said, “complexity beyond comprehension means we often can’t even define safety, much less build mechanisms that enforce it.” Another reason according to him is the huge number of vulnerable software present in the field that can be exploited anytime by a bad actor. For instance, on Tuesday, a zero-day vulnerability was fixed in Firefox that was being “exploited in the wild” by attackers. “Like much of the legacy of the 20th century, there’s just a tremendous mess in software that’s going to take generations to clean up, assuming humanity even survives that long,” he adds. How system programming can be made safer Hoare designed Rust with safety in mind. Its rich type system and ownership model ensures memory and thread safety. However, he suggests that we can do a lot better when it comes to safety in system programming. He listed a bunch of new improvements that we can implement, “information flow control systems, effect systems, refinement types, liquid types, transaction systems, consistency systems, session types, unit checking, verified compilers and linkers, dependent types.” Hoare believes that there are already many features suggested by academia. The main challenge for us is to implement these features “in a balanced, niche-adapted language that’s palatable enough to industrial programmers to be adopted and used.” You can read Hoare’s full interview on The New Stack. Rust 1.35.0 released Rust shares roadmap for 2019 Rust 1.34 releases with alternative cargo registries, stabilized TryFrom and TryInto, and more

More than five months after announcing Warp, Cloudflare has finally made it available to the general public, yesterday. With two million people on the waitlist to try Warp, the Cloudflare team says that it took them harder than they thought to build a next-generation service to secure consumer mobile connections, without compromising on speed and power usage. Along with Warp, Cloudflare is also launching Warp Plus. Warp is a free VPN to the 1.1.1.1 DNS resolver app which will speed up mobile data using the Cloudflare network to resolve DNS queries at a faster pace. It also comes with end-to-end encryption and does not require users to install a root certificate to observe encrypted internet traffic. It is built around a UDP-based protocol that is optimized for the mobile internet and offers excellent performance and reliability. Why Cloudflare delayed the Warp release? A few days before Cloudflare announced Warp on April 1st, Apple released its new version iOS 12.2 with significant changes in its underlying network stack implementation. This made the Warp network unstable thus making the Cloudflare team arrange for workarounds in their networking code, which took more time. Cloudflare adds, “We had a version of the WARP app that (kind of) worked on April 1. But, when we started to invite people from outside of Cloudflare to use it, we quickly realized that the mobile Internet around the world was far more wild and varied than we'd anticipated.” As the internet is made up of diverse network components, the Cloudflare team found it difficult to include all the diversity of mobile carriers, mobile operating systems, and mobile device models in their network. The Cloudflare team also found it testing to include users’ diverse network settings in their network. Warp uses a technology called Anycast to route user traffic to the Cloudflare network, however, it moves the users’ data between entire data centers, which made the Warp functioning complex.  To overcome all these barriers, the Cloudflare team has now changed its approach by focussing more on iOS. The team has also solidified the shared underpinnings of the app to ensure that it would even work with future network stack upgrades. The team has also tested Warp with network-based users to discover as many corner cases as possible. Thus, the Cloudflare team has successfully invented new technologies to keep the session state stable even with multiple mobile networks. Cloudflare introduces Warp Plus - an unlimited version of Warp Along with Warp, the Cloudflare team has also launched Warp Plus, an unlimited version of WARP for a monthly subscription fee. Warp Plus is faster than Warp and uses Cloudflare’s Argo Smart Routing to achieve a higher speed than Warp. The official blog post states, “Routing your traffic over our network often costs us more than if we release it directly to the internet.” To cover these costs, Warp Plus will charge a monthly fee of $4.99/month or less, depending on the user location. The Cloudflare team also added that they will be launching a test tool within the 1.1.1.1 app in a few weeks to make users “see how your device loads a set of popular sites without WARP, with WARP, and with WARP Plus.” Read Also: Cloudflare plans to go public; files S-1 with the SEC  To know more details about Warp Plus, read the technical post by Cloudflare team. Privacy features offered by Warp and Warp Plus The 1.1.1.1 DNS resolver app provides strong privacy protections such as all the debug logs will be kept only long enough to ensure the security of the service. Also, Cloudflare will only retain the limited transaction data for legitimate operational and research purposes.  Warp will not only maintain the 1.1.1.1 DNS protection layers but will also ensure: User’s-identifiable log data will be written to disk The user’s browsing data will not be sold for advertising purposes Warp will not demand any personal information (name, phone number, or email address) to use Warp or Warp Plus Outside editors will regularly regulate Warp’s functioning The Cloudflare team has also notified users that the newly available Warp will have bugs present in them. The blog post also specifies that the most popular bug currently in Warp is due to traffic misroute, which is making the Warp function slower than the speed of non-Warp mobile internet.  Image Source: Cloudflare blog The team has made it easier for users to report bugs as they have to just click on the little bug icon near the top of the screen on the 1.1.1.1 app or shake their phone with the app open and send a bug report to Cloudflare. Visit the Cloudflare blog for more information on Warp and Warp Plus. Facebook will no longer involve third-party fact-checkers to review the political content on their platform GNOME Foundation’s Shotwell photo manager faces a patent infringement lawsuit from Rothschild Patent Imaging A zero-day pre-auth vulnerability is currently being exploited in vBulletin, reports an anonymous researcher

By Lance Eliot, the AI Trends Insider    Here’s a topic that entails intense controversy, oftentimes sparking loud arguments and heated responses. Prepare yourself accordingly. Do you think that men are better drivers than women, or do you believe that women are better drivers than men?    Seems like most of us have an opinion on the matter, one way or another.    Stereotypically, men are often characterized as fierce drivers that have a take-no-prisoners attitude, while women supposedly are more forgiving and civil in their driving actions. Depending on how extreme you want to take these tropes, some would say that women shouldn’t be allowed on our roadways due to their timidity, while the same could be said that men should not be at the wheel due to their crazed pedal-to-the-metal predilection.  What do the stats say? According to the latest U.S. Department of Transportation data, based on their FARS or Fatality Analysis Reporting System, the number of males annually killed in car crashes is nearly twice that of the number of females killed in car crashes.    Ponder that statistic for a moment. Some would argue that it definitely is evidence that male drivers are worse drivers than female drivers, which seems logically sensible under the assumption that since more males are being killed in car crashes than women, men must be getting into a lot more car crashes, ergo they must be worse drivers.    Presumably, it would seem that women are better able to avoid getting into death-producing car crashes, thus they are more adept at driving and are altogether safer drivers.    Whoa, exclaim some that don’t interpret the data in that way. Maybe women are somehow able to survive deadly car crashes better than men, and therefore it isn’t fair to compare the count of how many perished. Or, here’s one to get your blood boiling, perhaps women trigger car crashes by disrupting traffic flow and are not being agile enough at the driving controls, and somehow men pay a dear price by getting into deadly accidents while contending with that kind of driving obfuscation.    There seems to be little evidentiary support for those contentions. A more straightforward counterargument is that men tend to drive more miles than women. By the very fact that men are on the roadways more so than women, they are obviously going to be vulnerable to a heightened risk of getting into bad car crashes. In a sense, it’s a situation of rolling the dice more times than women do.    Insurance companies opt for that interpretation, including too that the stats show that men are more likely to drive while intoxicated, they are more likely to be speeding, and more likely to not use seatbelts.     There could be additional hidden factors involved in these outcomes. For example, some studies suggest that the gender differences begin to dissipate with aging, namely that at older ages, the chances of getting killed in a car crash becomes about equal for both male and female drivers. Of course, even that measure has controversy, which for some it is a sign that men lose their driving edge and spirit as they get older, become more akin to the skittishness of women.    Yikes, it’s all a can of worms and a topic that can readily lend itself to fisticuffs.    Suppose there were some means to do away with all human driving, and we had only AI-based driving that took place. One would assume that the AI would not fall into any gender-based camp. In other words, since we all think of AI as a kind of machine, it wouldn’t seem to make much sense to say that an AI system is male or that an AI system is female.  As an aside, there have been numerous expressed concerns that the AI-fostered Natural Language Processing (NLP) systems that are increasingly permeating our lives are perhaps falling into a gender trap, as it were. When you hear an Alexa or Siri voice that speaks to you if it has a male intonation do you perceive the system in a manner differently than if it has a female intonation?  Some believe that if every time you want to learn something new that you invoke an NLP that happens to have said a female sounding voice, it will tend to cause children especially to start to believe that women are the sole arbiters of the world’s facts. This could also work in other ways such as if the female sounding NLP was telling you to do your homework, would that cause kids to be leery of women as though they are always being bossy?    The same can be said about using a male voice for today’s NLP systems. If a male-sounding voice is always used, perhaps the context of what the NLP system is telling you might be twisted into being associated with males versus females.  As a result, some argue that the NLP systems ought to have gender-neutral sounding voices.    The aim is to get away from the potential of having people try to stereotype human males and human females by stripping out the gender element from our verbally interactive AI systems.    There’s another perhaps equally compelling reason for wanting to excise any male or female intonation from an NLP system, namely that we might tend to anthropomorphize the AI system, unduly so.    Here’s what that means.  AI systems are not yet even close to being intelligent, and yet the more that AI systems have the appearance of human-like qualities, we are bound to assume that the AI is as intelligent as humans. Thus, when you interact with Alexa or Siri, and it uses either a male or female intonation, the argument is that the male or female verbalization acts as a subtle and misleading signal that the underlying system is human-like and ergo intelligent.  You fall readily for the notion that Alexa or Siri must be smart, simply by extension of the aspect that it has a male or female sounding embodiment.  In short, there is ongoing controversy about whether the expanding use of NLP systems in our society ought to not “cheat” by using a male or female sounding basis and instead should be completely neutralized in terms of the spoken word and not lean toward using either gender.  Getting back to the topic of AI driving systems, there’s a chance that the advent of true self-driving cars might encompass gender traits, akin to how there’s concern about Alexa and Siri doing so.    Say what?  You might naturally be puzzled as to why AI driving systems would include any kind of gender specificity.    Here’s the question for today’s analysis: Will AI-based true self-driving cars be male, female, gender fluid, or gender-neutral when it comes to the act of driving?  Let’s unpack the matter and see.  For my framework about AI autonomous cars, see the link here: https://aitrends.com/ai-insider/framework-ai-self-driving-driverless-cars-big-picture/  Why this is a moonshot effort, see my explanation here: https://aitrends.com/ai-insider/self-driving-car-mother-ai-projects-moonshot/    For more about the levels as a type of Richter scale, see my discussion here: https://aitrends.com/ai-insider/richter-scale-levels-self-driving-cars/    For the argument about bifurcating the levels, see my explanation here: https://aitrends.com/ai-insider/reframing-ai-levels-for-self-driving-cars-bifurcation-of-autonomy/   The Levels Of Self-Driving Cars   It is important to clarify what I mean when referring to true self-driving cars.  True self-driving cars are ones where the AI drives the car entirely on its own and there isn’t any human assistance during the driving task.  These driverless vehicles are considered a Level 4 and Level 5, while a car that requires a human driver to co-share the driving effort is usually considered at a Level 2 or Level 3. The cars that co-share the driving task are described as being semi-autonomous, and typically contain a variety of automated add-on’s that are referred to as ADAS (Advanced Driver-Assistance Systems).  There is not yet a true self-driving car at Level 5, which we don’t yet even know if this will be possible to achieve, and nor how long it will take to get there.    Meanwhile, the Level 4 efforts are gradually trying to get some traction by undergoing very narrow and selective public roadway trials, though there is controversy over whether this testing should be allowed per se (we are all life-or-death guinea pigs in an experiment taking place on our highways and byways, some point out).  Since semi-autonomous cars require a human driver, the adoption of those types of cars won’t be markedly different from driving conventional vehicles, so there’s not much new per se to cover about them on this topic (though, as you’ll see in a moment, the points next made are generally applicable).  For semi-autonomous cars, the public must be forewarned about a disturbing aspect that’s been arising lately, namely that despite those human drivers that keep posting videos of themselves falling asleep at the wheel of a Level 2 or Level 3 car, we all need to avoid being misled into believing that the driver can take away their attention from the driving task while driving a semi-autonomous car.  You are the responsible party for the driving actions of the vehicle, regardless of how much automation might be tossed into a Level 2 or Level 3.    For why remote piloting or operating of self-driving cars is generally eschewed, see my explanation here: https://aitrends.com/ai-insider/remote-piloting-is-a-self-driving-car-crutch/    To be wary of fake news about self-driving cars, see my tips here: https://aitrends.com/ai-insider/ai-fake-news-about-self-driving-cars/    The ethical implications of AI driving systems are significant, see my indication here: http://aitrends.com/selfdrivingcars/ethically-ambiguous-self-driving-cars/  Be aware of the pitfalls of normalization of deviance when it comes to self-driving cars, here’s my call to arms: https://aitrends.com/ai-insider/normalization-of-deviance-endangers-ai-self-driving-cars/    Self-Driving Cars And Gender Biases  For Level 4 and Level 5 true self-driving vehicles, there won’t be a human driver involved in the driving task.    All occupants will be passengers.    The AI is doing the driving.    At first glance, it seems on the surface that the AI is going to drive like a machine does, doing so without any type of gender influence or bias.  How could gender get somehow shoehorned into the topic of AI driving systems?    There are several ways that the nuances of gender could seep into the matter.    We’ll start with the acclaimed use of Machine Learning (ML) or Deep Learning (DL).    As you’ve likely heard or read, part of the basis for today’s rapidly expanding use of AI is partially due to the advances made in ML/DL.    You might have also heard or read that one of the key underpinnings of ML/DL is the need for data, lots, and lots of data.  In essence, ML/DL is a computational pattern matching approach.  You feed lots of data into the algorithms being used, and patterns are sought to be discovered. Based on those patterns, the ML/DL can then henceforth potentially detect in new data those same patterns and report as such that those patterns were found.  If I feed tons and tons of pictures that have a rabbit somewhere in each photo into an ML/DL system, the ML/DL can potentially statistically ascertain that a certain shape and color and size of a blob in those photos is a thing that we would refer to as a rabbit.    Please note that the ML/DL is not likely to use any human-like common-sense reasoning, which is something not often pointed out about these AI-based systems.  For example, the ML/DL won’t “know” that a rabbit is a cute furry animal and that we like to play with them and around Easter, they are especially revered. Instead, the ML/DL simply based on mathematical computations has calculated that a blob in a picture can be delineated, and possibly readily detected whenever you feed a new picture into the system, attempting to probabilistically state whether there’s such a blob present or not.    There’s no higher-level reasoning per se, and we are a long ways away from the day when human-like reasoning of that nature is going to be embodied into AI systems (which, some argue, maybe we won’t ever achieve, while others keep saying that the day of the grand singularity is nearly upon us.  In any case, suppose that we fed pictures of only white-furry rabbits into the ML/DL when we were training it to find the rabbit blobs in the images.    One aspect that might arise would be that the ML/DL would associate the rabbit blob as always and only being white in color.    When we later on fed in new pictures, the ML/DL might fail to detect a rabbit if it was one that had black fur, because the lack of white fur diminished the calculated chances that the blob was a rabbit (as based on the training set that was used).  In a prior piece, I emphasized that one of the dangers about using ML/DL is the possibility of getting stuck on various biases, such as the aspect that true self-driving cars could end up with a form of racial bias, due to the data that the AI driving system was trained on.  Lo and behold, it is also possible that an AI driving system could incur a gender-related bias.    Here’s how.    If you believe that men drive differently than women, and likewise that women drive differently than men, suppose that we collected a bunch of driving-related data that was based on human driving and thus within the data there was a hidden element, specifically that some of the driving was done by men and some of the driving was done by women.    Letting loose an ML/DL system on this dataset, the ML/DL is aiming to try and find driving tactics and strategies as embodied in the data.    Excuse me for a moment as I leverage the stereotypical gender-differences to make my point.  It could be that the ML/DL discovers “aggressive” driving tactics that are within the male-oriented driving data and will incorporate such a driving approach into what the true self-driving car will do while on the roadways.    This could mean that when the driverless car roams on our streets, it is going to employ a male-focused driving style and presumably try to cut off other drivers in traffic, and otherwise be quite pushy.    Or, it could be that the ML/DL discovers the “timid” driving tactics that are within the female-oriented driving data and will incorporate a driving approach accordingly, such that when a self-driving car gets in traffic, the AI is going to act in a more docile manner.    I realize that the aforementioned seems objectionable due to the stereotypical characterizations, but the overall point is that if there is a difference between how males tend to drive and how females tend to drive, it could potentially be reflected in the data.    And, if the data has such differences within it, there’s a chance that the ML/DL might either explicitly or implicitly pick-up on those differences.  Imagine too that if we had a dataset that perchance was based only on male drivers, this landing on a male-oriented bias driving approach would seem even more heightened (similarly, if the dataset was based only on female drivers, a female-oriented bias would be presumably heightened).    Here’s the rub.  Since male drivers today have twice the number of deadly car crashes than women, if an AI true self-driving car was perchance trained to drive via predominantly male-oriented driving tactics, would the resulting driverless car be more prone to car accidents than otherwise?    That’s an intriguing point and worth pondering.  Assuming that no other factors come to play in the nature of the AI driving system, we might certainly reasonably assume that the driverless car so trained might indeed falter in a similar way to the underlying “learned” driving behaviors.  Admittedly, there are a lot of other factors involved in the crafting of an AI driving system, and thus it is hard to say that training datasets themselves could lead to such a consequence.    That being said, it is also instructive to realize that there are other ways that gender-based elements could get infused into the AI driving system.  For example, suppose that rather than only using ML/DL, there was also programming or coding involved in the AI driving system, which indeed is most often the case.    It could be that the AI developers themselves would allow their own biases to be encompassed into the coding, and since by-and-large stats indicate that AI software developers tend to be males rather than females (though, thankfully, lots of STEM efforts are helping to change this dynamic), perhaps their male-oriented perspective would get included into the AI system coding.    For why remote piloting or operating of self-driving cars is generally eschewed, see my explanation here: https://aitrends.com/ai-insider/remote-piloting-is-a-self-driving-car-crutch/  To be wary of fake news about self-driving cars, see my tips here: https://aitrends.com/ai-insider/ai-fake-news-about-self-driving-cars/    The ethical implications of AI driving systems are significant, see my indication here: http://aitrends.com/selfdrivingcars/ethically-ambiguous-self-driving-cars/  Be aware of the pitfalls of normalization of deviance when it comes to self-driving cars, here’s my call to arms: https://aitrends.com/ai-insider/normalization-of-deviance-endangers-ai-self-driving-cars/  In The Field Biases Too   Yet another example involves the AI dealing with other drivers on the roadways.    For many years to come, we will have both self-driving cars on our highways and byways and simultaneously have human-driven cars. There won’t be a magical overnight switch of suddenly having no human-driven cars and only AI driverless cars.    Presumably, self-driving cars are supposed to be crafted to learn from the driving experiences encountered while on the roadways.  Generally, this involves the self-driving car collecting its sensory data during driving journeys, and then uploading the data via OTA (Over-The-Air) electronic communications into the cloud of the automaker or self-driving tech firm. Then, the automaker or self-driving tech firm uses various tools to analyze the voluminous data, including likely ML/DL and pushes out to the fleet of driverless cars some updates based on what was gleaned from the roadway data collected.   How does this pertain to gender?    Assuming again that male drivers and female drivers do drive differently, the roadway experiences of the driverless cars will involve the driving aspects of the human-driven cars around them.    It is quite possible that the ML/DL doing analysis of the fleet collected data would discover the male-oriented or the female-oriented driving tactics, though it and the AI developers might not realize that the deeply buried patterns were somehow tied to gender.    Indeed, one of the qualms about today’s ML/DL is that it oftentimes is not amenable to explanation.    The complexity of the underlying computations does not necessarily lend itself to readily being interpreted or explained in everyday ways (for how the need for XAI or Explainable AI is becoming increasingly important).  Conclusion  Some people affectionately refer to their car as a “he” or a “she,” as though the car itself was of a particular gender.    When an AI system is at the wheel of a self-driving car, it could be that the “he” or “she” labeling might be applicable, at least in the aspect that the AI driving system could be gender-biased toward male-oriented driving or female-oriented driving (if you believe such a difference exists).  Some believe that the AI driving system will be gender fluid, meaning that based on all how the AI system “learns” to drive, it will blend together the driving tactics that might be ascribed as male-oriented and those that might be ascribed as female-oriented.    If you don’t buy into the notion that there are any male versus female driving differences, presumably the AI will be gender-neutral in its driving practices.  No matter what your gender driving beliefs might be, one thing is clear that the whole topic can drive one crazy.  Copyright 2020 Dr. Lance Eliot   This content is originally posted on AI Trends.   [Ed. Note: For reader’s interested in Dr. Eliot’s ongoing business analyses about the advent of self-driving cars, see his online Forbes column: https://forbes.com/sites/lanceeliot/]  http://ai-selfdriving-cars.libsyn.com/website 

The Cloud Native Computing Foundation (CNCF) accepted OpenMetrics, an open source specification for metrics exposition, into the CNCF Sandbox, a home for early stage and evolving cloud native projects. Google cloud engineers and other vendors had been working on this persistently from the past several months and finally it got accepted by CNCF. Engineers are further working on ways to support OpenMetrics in the OpenSensus, a set of uniform tracing and stats libraries that work with multi-vendor services. OpenMetrics will bring together the maturity and adoption of Prometheus, and Google’s background in working with stats at extreme scale. It will also bring in the experience and needs of a variety of projects, vendors, and end-users who are aiming to move away from the hierarchical way of monitoring to enable users to transmit metrics at scale. The open source initiative, focused on creating a neutral metrics exposition format will provide a sound data model for current and future needs of users. It will embed into a standard that is an evolution of the widely-adopted Prometheus exposition format. While there are numerous monitoring solutions available today, many do not focus on metrics and are based on old technologies with proprietary, hard-to-implement and hierarchical data models. “The key benefit of OpenMetrics is that it opens up the de facto model for cloud native metric monitoring to numerous industry leading implementations and new adopters. Prometheus has changed the way the world does monitoring and OpenMetrics aims to take this organically grown ecosystem and transform it into a basis for a deliberate, industry-wide consensus, thus bridging the gap to other monitoring solutions like InfluxData, Sysdig, Weave Cortex, and OpenCensus. It goes without saying that Prometheus will be at the forefront of implementing OpenMetrics in its server and all client libraries. CNCF has been instrumental in bringing together cloud native communities. We look forward to working with this community to further cloud native monitoring and continue building our community of users and upstream contributors.” says Richard Hartmann, Technical Architect at SpaceNet, Prometheus team member, and founder of OpenMetrics. OpenMetrics contributors include AppOptics, Cortex, Datadog, Google, InfluxData, OpenCensus, Prometheus, Sysdig and Uber, among others. “Google has a history of innovation in the metric monitoring space, from its early success with Borgmon, which has been continued in Monarch and Stackdriver. OpenMetrics embodies our understanding of what users need for simple, reliable and scalable monitoring, and shows our commitment to offering standards-based solutions. In addition to our contributions to the spec, we’ll be enabling OpenMetrics support in OpenCensus” says Sumeer Bhola, Lead Engineer on Monarch and Stackdriver at Google. For more information about OpenMetrics, please visit openmetrics.io. To quickly enable trace and metrics collection from your application, please visit opencensus.io. 5 reasons why your business should adopt cloud computing Alibaba Cloud partners with SAP to provide a versatile, one-stop cloud computing environment Modern Cloud Native architectures: Microservices, Containers, and Serverless – Part 1

The Blender team released beta version 2.8 of its Blender, a free and open-source 3D creation software, earlier this week. Blender 2.8 beta comes with new features and updates such as EEVEE, a high-end Viewport, Collections, Cycles, and 2D animation among others. Blender is a 3D creation suite that offers the entirety of the 3D pipeline including modeling, rigging, animation, simulation, rendering, compositing, and motion tracking. It allows video editing as well as game creation. What’s new in Blender 2.8 Beta? EEVEE Blender 2.8 beta comes with EEVEE, a new physically based real-time renderer. EEVEE works as a renderer for final frames, and also as the engine driving Blender’s real-time viewport. It consists of advanced features like volumetrics, screen-space reflections and refractions, subsurface scattering, soft and contact shadows, depth of field, camera motion blur and bloom. A new 3D Viewport There's a new and modern 3D viewport that was completely rewritten. It can help optimize the modern graphics cards as well as add powerful new features. It consists of a workbench engine that helps visualize your scene in flexible ways. EEVEE also helps power the viewport to enable interactive modeling and painting with PBR materials. 2D Animation There are a new and improved 2D drawing capabilities, which include a new Grease Pencil. Grease Pencil is a powerful and new 2D animation system that was added, with a native 2D grease pencil object type, modifier, and shader effects. In a nutshell, it helps to create a user-friendly interface for the 2D artist. Collections Blender 2.8 beta introduces ‘collections’, a new concept that lets you organize your scene with the help of Collections and View Layers. Cycles Blender 2.8 beta comes with a new feature called Cycles that includes new principled volume and hair shaders, bevel and ambient occlusion shaders, along with many other improvements and optimizations. Other features Dependency Graph: In blender 2.8 beta, the core object evaluation and computation system have been rewritten. Blender offers better performance for modern many-core CPUs as well as for new features in the future releases. Multi-object editing: Blender 2.8 beta comes with multiple-object editing that allows you to enter edit modes for multiple objects together. For more information, check out the official Blender 2.8 beta release notes. Mozilla partners with Khronos Group to bring glTF format to Blender Building VR objects in React V2 2.0: Getting started with polygons in Blender Blender 2.5: Detailed Render of the Earth from Space

Last week, a Jupyter Community Workshop on dashboarding was held in Paris. At the workshop, several contributors came together to build the Voila package, the details of which QuantStack shared yesterday. Voila serves live Jupyter notebooks as standalone web applications providing a neat way to share your work results with colleagues. Why do we need Voila? Jupyter notebooks allow you to do something called “literature programming” in which human-friendly explanations are accompanied with code blocks. It allows scientists, researchers, and other practitioners of scientific computing to add theory behind their code including mathematical equations. However, Jupyter notebooks may prove to be a little bit problematic when you plan to communicate your results with other non-technical stakeholders. They might get put-off by the code blocks and also the need for running the notebook to see the results. It also does not have any mechanism to prevent arbitrary code execution by the end user. How Voila works? Voila addresses all the aforementioned queries by converting your Jupyter notebook to a standalone web application. After connecting to a notebook URL, Voila launches the kernel for that notebook and runs all the cells. Once the execution is complete, it does not shut down the kernel. The notebook gets converted to HTML and is served to the user. This rendered HTML includes JavaScript that is responsible for initiating a websocket connection with the Jupyter kernel. Here’s a diagram depicting how it works: Source: Jupyter Blog Following are the features Voila provides: Renders Jupyter interactive widgets: It supports Jupyter widget libraries including bqplot, ipyleafet, ipyvolume, ipympl, ipysheet, plotly, and ipywebrtc. Prevents arbitrary code execution: It does not allow arbitrary code execution by consumers of dashboards. A language-agnostic dashboarding system: Voila is built upon Jupyter standard protocols and file formats enabling it to work with any Jupyter kernel (C++, Python, Julia). Includes custom template system for better extensibility: It provides a flexible template system to produce rich application layouts. Many Twitter users applauded this new way of creating live and interactive dashboards from Jupyter notebooks: https://twitter.com/philsheard/status/1138745404772818944 https://twitter.com/andfanilo/status/1138835776828071936 https://twitter.com/ToluwaniJohnson/status/1138866411261124608 Some users also compared it with another dashboarding solution called Panel. The main difference between Panel and Voila is that Panel supports Bokeh widgets whereas Voila is framework and language agnostic. “Panel can use a Bokeh server but does not require it; it is equally happy communicating over Bokeh Server's or Jupyter's communication channels. Panel doesn't currently support using ipywidgets, nor does Voila currently support Bokeh plots or widgets, but the maintainers of both Panel and Voila have recently worked out mechanisms for using Panel or Bokeh objects in ipywidgets or using ipywidgets in Panels, which should be ready soon,” a Hacker News user commented. To read more in detail about Voila, check out the official announcement on the Jupyter Blog. JupyterHub 1.0 releases with named servers, support for TLS encryption and more Introducing Jupytext: Jupyter notebooks as Markdown documents, Julia, Python or R scripts JupyterLab v0.32.0 releases

Earlier this year, the Ionic team released the beta version of Ionic React. After receiving the developer feedback and contributions from the community, the team launched Ionic React RC on Wednesday. The team says that this first major release of Ionic React was made possible by Ionic 4.0. Previously, Ionic was built using Angular components, but Ionic 4.0 was rewritten to use Web Components. This change made the Ionic Framework, an app development framework that can be used alongside any front end frameworks, not just Angular. Why is Ionic React needed Explaining the motivation behind Ionic React, Ely Lucas, Software Engineer & Dev Advocate at Ionic wrote in the announcement, “Ionic React RC marks the first major release of our vision to bring Ionic development to more developers on other frameworks.” Though it is possible to import the core Ionic components directly into React projects, this method does not provide a good developer experience. Also, when working with web components in React, you need to write some boilerplate code to properly communicate with the web components. Ionic React will essentially work as a “thin wrapper” around the core components of Ionic and will export them as native React components. It will also handle the boilerplate code for you. However, you still need to write a few features in the native framework such as page lifetime management and lifecycle methods. You can do this by extending the react-router package with @ionic/react-router. Considering this is a release candidate, the team is not expecting many major changes. Sharing the team’s next steps, Lucas said, “We will be looking closely at any issues that pop up during the RC phase and working on some final code stabilization and minor bug fixes...We also plan on creating some more content and guides in the docs to help with some best practices we’ve found when working with Ionic React.” The team is now seeking developer feedback before they come up with the final release. If you encounter any issues, you can report it on the GitHub repo and tag the issue with “package react”. To know further updates on Ionic React, you can also have a chat with the team who will be present at React Rally from August 22-23 at Salt Lake City, UT. This is a community conference that brings together developers of all backgrounds using React.js, React Native, and related tools. Many developers are excited about this update. Here’s what a few Twitter users are saying: https://twitter.com/clandestoapp/status/1161893695194636289 https://twitter.com/miniallaghi/status/1161964880913719297 Check out the official announcement by the Ionic team to know more in detail. The Ionic team announces the release of Ionic React Beta Ionic Framework 4.0 has just been released, now backed by Web Components, not Angular Ionic v4 RC released with improved performance, UI Library distribution and more