Month: January 2020
MMS • Lloyd Danzig
Article originally posted on InfoQ. Visit InfoQ
Increasingly-rapid developments in the field of AI have offered society profound benefits but also produced complex ethical dilemmas. Many of the most nefarious issues are often overlooked, even in the engineering community. There also exists the meta-ethical question of who ought to be the ones making decisions concerning the encoding of values into autonomous systems.
By Lloyd Danzig
MMS • RSS
MMS • Sergio De Simone
Article originally posted on InfoQ. Visit InfoQ
Swift development lead Ted Kremenek has announced a preliminary vision of what Swift 6 could include and how the community will get there on Swift’s mailing list. Swift 6 will bring significant improvements to the language, including better concurrency support and memory ownership. No fixed timeline has been set yet, though, which leads to think it will not happen in 2020.
According to Kremenek, the reason why a fixed timeline for Swift 6 cannot be set yet is the scope and depth of changes required by the new language version.
These are major changes to the language that will take discussion, investigation, and time to implement. Instead of announcing a specific timeline for “Swift 6”, the plan is for the community to be a part of seeing these efforts progress, with focused efforts and goals, and we release Swift 6 when those efforts culminate.
This does not mean the Swift team will go silent until Swift 6 is ready. Quite on the contrary, Kremenek sees a number of intermediate releases leading to Swift 6, with each of them being a major release in its own right.
The goals for those intermediate 5.x releases, as proposed by the Swift Core team, span across three main areas: the Swift ecosystem, developer experience, and language refinement. That does not exclude additional focuses that the community may deem relevant.
The Swift ecosystem is certainly thriving on Apple platforms. To accelerate its growth on other domains, Kremenek says, Swift should provide improved support on other platforms. This effort would include redefining the way Swift programs are installed and deployed; work towards better tooling, with Swift Language Server and Package Manager at the center of focus; enrich Swift open-source library ecosystem, with special attention to support for using Swift server-side and for numerical applications.
Developer experience is already an area of major focus for Swift, according to Kremenek, including work on faster builds, more accurate diagnostics, better code completion and debugging support.
On the language front, there are a number of interesting evolutions that can be attained before getting to the major changes envisioned for Swift 6. In particular, the Swift 5 series should improve variadic generics support, add DSL capabilities through function builders, and make its general use more convenient on embedded systems or for machine learning applications, among other things.
Reactions to Kremenek announcement were mostly positive, albeit marked by a different perception of the urgency to add proper concurrency support to the language. On a negative note, long-time Apple developer John Shier remarked there are still no plans for an integrated Swift package repository. Kremenek replied to this by acknowledging the value this would have and pointing to GitHub recent announcement about supporting Swift packages in their GitHub registry, while not ruling out more related efforts for Swift 6. Many Reddit commenters stressed the importance of improving Swift support for concurrency, with preferences going in the direction of async/await support at the language level or to a solution inspired in Go channels. At the moment, though, it is not clear which direction Swift will take, with the current view being reflected in Chris Lattner Swift concurrency manifesto. Similarly, the direction work on memory ownership could take is reflected in Swift ownership manifesto.
MMS • Damien OConnor Sheetal Thaker
InfoQ Homepage Presentations Leading in an Agile World
Summary
Damien O’Connor, Sheetal Thaker explore the characteristics of leaders over the last six decades, looking at how leadership has changed over time, and articulate where they think it is headed.
Bio
Damien O’Connor started his Agile journey working alongside a prominent agile consultancy as a software developer. Sheetal Thaker coaches on Agile processes and practices, hosts Agile training, advises senior leaders on Agile transformations and also helps place Agile experts into positions where they can make a difference.
About the conference
Agile Tour London is a conference about Agile in its general approach, where agilists of all background can meet to exchange ideas, refresh their minds, evaluate issues and renew their own approach to Execute Everyday Agile. Join us at Agile Tour London 2019, dive into hands-on workshops and engaging talks, exchange opinions with fellow agilists and meet directly some of the most amazing speakers of the community. Whether you are an agile newbie or an Expert Agilist, this is the conference you can’t afford to miss.
Jan 25, 2020
MMS • Damien OConnor Sheetal Thaker
MMS • Steef-Jan Wiggers
Article originally posted on InfoQ. Visit InfoQ
In a recent blog post, Confluent announced the general availability of Confluent Cloud on the Google Cloud Platform (GCP) Marketplace. Confluent Cloud is a fully managed Apache Kafka service, which removes the burden of its users to manage Kafka themselves.
In April last year, Google announced a strategic partnership with several leading open-source centric companies, including MongoDB, DataStax, and Confluent. Since then, the products of these companies, such as Confluent Cloud, are available as managed services on GCP. By signing up and providing a credit card as a payment method, users could get started with Confluent Cloud on GCP – yet billing was separate from the consumption of other GCP services. However, with the availability of Confluent Cloud in the marketplace, users will now have one bill for GCP services consumption.
Ricardo Ferreira, a developer advocate at Confluentinc, stated in the blog post:
You can now use Confluent Cloud with your existing project’s billing and credits. Any consumption of Confluent Cloud is now a line in your monthly GCP bill.
Through the Google Cloud, console users can access the marketplace and search for Confluent Cloud to purchase the service. By purchasing the service, users will commit to paying for consumption through so-called Confluent Consumption Units (CCU) – one CCU equals $ 0.0001. Once a user purchases Cloud Confluent, he or she can enable the API and start managing the Apache Kafka service through GCP – that is, inside the Confluent Cloud users can create clusters through providing a name and selecting a region in GCP to spin them up.
Source: https://www.confluent.io/blog/confluent-cloud-managed-kafka-service-gcp-marketplace/
Besides the offering of a managed Kafka service in the cloud by Confluent, there are other cloud providers in the market offering the same services. For instance, Amazon launched a service called Amazon Managed Streaming for Kafka, Amazon MSK for short, in preview during AWS re:Invent 2018 – and made the service generally available in June 2019. Furthermore, Microsoft partnered with Bitnami to offer a Kafka on Azure through their Marketplace.
Lastly, Confluent Cloud is also available on AWS and Azure. Dan Rosanova, senior group product manager at Confluentinc, told InfoQ:
Our goal is to provide a complete streaming service built around Apache Kafka and provide it to customers on any cloud they choose. We offer the same experience, capabilities, tools, and performance regardless of which cloud you’ve selected to run Confluent Cloud in. It is fully managed software as a service.
More details on Confluent Cloud are available on the website.
MMS • David Lowe Shane Hastie
Article originally posted on InfoQ. Visit InfoQ
David Lowe has written a book The Innovation Revelation: A story about satisfying customer needs. The book tells the fictional story of Charlie Blades who is a manager in the IT department of a retail company in London, faced with disruption from outside and old ways of working inside. The story explores how changes in workplace culture and practices can result in better outcomes.
By David Lowe, Shane Hastie
MMS • Sergio De Simone
Article originally posted on InfoQ. Visit InfoQ
Comparitech security firm reported a major data breach at Microsoft that exposed 250 million customer records over a period of a couple of days. Microsoft said leaked data, which did not include personally identifiable information, was not used maliciously.
Comparitech team, led by security researcher Bob Diachenko, uncovered five Elastic Search servers which contained five apparently identical sets of records.
The records contained logs of conversations between Microsoft support agents and customers from all over the world, spanning a 14-year period from 2005 to December 2019. All of the data was left accessible to anyone with a web browser, with no password or other authentication needed.
Most of the personally identifiable information, such as contract numbers, payment information, etc., were redacted, but some of that was still available in plain text files. Microsoft confirmed that, complying with their standard operating procedure, personal information had been removed using automated tool. They also clarified under which conditions data may have been left unredacted:
An example of this occurs if the information is in a non-standard format, such as an email address separated with spaces instead of written in a standard format (for example, “XYZ @contoso com” vs “XYZ@contoso.com”).
Microsoft’s investigation over what caused the data breach led to a configuration change to the database’s network security group including wrong security rules. This made the data publicly discoverable and, at the end of December, search engine BinaryEdge indexed Microsoft databases. BinaryEdge specializes in scanning the Internet to determine to which extent private assets are inadvertently exposed.
Diachenko recognized Microsoft was quick to secure the data in a Tweet:
Kudos to MS Security Response team – I applaud the MS support team for responsiveness and quick turnaround on this despite New Year’s Eve.
He also remarked that “misconfiguration happen &mdash no matter how big or secured a company is”.
Worrisome as it may appear, this data breach is only the last in a long and growing series of data breaches that exposed almost 8 billion records in 2019 only, according to Blockchain startup SelfKey:
AT LEAST 7.9 billion records, including credit card numbers, home addresses, phone numbers and other highly sensitive information, have been exposed through data breaches in 2019.
This obviously raises the question of how secure our personal data is in the hands of Internet companies.
Indeed, quite a number of comments on Hacker News hinted at the absence of legal consequences for this kind of misbehaviour, whether intentional or not. This is true of the World at large with the notable exception of the European Union, where the recent GDPR regulation promises to protect customer rights from personal data mishandling. According to GDPR, a company could be fined for up to 4% of its global annual turnover. It is not known yet whether EU GDPR regulators are investigating Microsoft data breach, but all EU-based customers may contact Microsoft Data Protection Officer to reclaim more detailed information about their data.
Other developers on Hacker News pointed to ElasticSearch as a key factor to explain this data breach, since it does not grant a proper security level out-of-the-box. As a matter of fact, authentication was added to the open source version only in May 2019 and it is still true that ElasticSearch security features require a paid subscription to license the use of its security module. Interestingly, however, Amazon released a free and open source security module for ElasticSearch as part of their Open Distro project, which could turn to be a life-saver for many.