computing
Auto Added by WPeMatico
Decrypted: Space hacking, iPhone vulnerability, Zoom’s security boom
Security startups to the rescue.
As we continue to ride out the pandemic, security experts are closely monitoring the surge of coronavirus-related cyber threats. Just this week, Google’s Threat Analysis Group, its elite threat hunting unit, says that while the overall number of threats remains largely the same, opportunistic hackers are retooling their efforts to piggyback on coronavirus.
Some startups are downsizing and laying off staff, but several cybersecurity startups are faring better, thanks to an uptick in demand for security protections. As the world continues to pivot toward working from home, it has blown up key cybersecurity verticals in ways we never expected. To wit, identity startups are needed more than ever to make sure only remote employees are getting access to corporate systems.
Can the startups take on the giants at their own game?
THE BIG PICTURE
Another payments processor drops the security ball
For the third time this year, a payments processor has admitted to a security lapse. First it was Cornerstone, then it was nCourt. This time it’s Paay, a New York-based card payment processor startup that left a database on the internet unprotected and without a password. Worse, the data was storing full, plaintext credit card numbers.
Anyone who knew where to look could have accessed the data. Luckily, a security researcher found it and reported it to TechCrunch. We alerted the company; it quickly took the data offline, but Paay denied that the data stored full credit card numbers. We even sent the co-founder a portion of the data showing card numbers stored in plaintext, but he did not respond to our follow-up.
Powered by WPeMatico
AWS launches Amazon AppFlow, its new SaaS integration service
AWS today launched Amazon AppFlow, a new integration service that makes it easier for developers to transfer data between AWS and SaaS applications like Google Analytics, Marketo, Salesforce, ServiceNow, Slack, Snowflake and Zendesk. Like similar services, including Microsoft Azure’s Power Automate, for example, developers can trigger these flows based on specific events, at pre-set times or on-demand.
Unlike some of its competitors, though, AWS is positioning this service more as a data transfer service than a way to automate workflows, and, while the data flow can be bi-directional, AWS’s announcement focuses mostly on moving data from SaaS applications to other AWS services for further analysis. For this, AppFlow also includes a number of tools for transforming the data as it moves through the service.
“Developers spend huge amounts of time writing custom integrations so they can pass data between SaaS applications and AWS services so that it can be analysed; these can be expensive and can often take months to complete,” said AWS principal advocate Martin Beeby in today’s announcement. “If data requirements change, then costly and complicated modifications have to be made to the integrations. Companies that don’t have the luxury of engineering resources might find themselves manually importing and exporting data from applications, which is time-consuming, risks data leakage, and has the potential to introduce human error.”
Every flow (which AWS defines as a call to a source application to transfer data to a destination) costs $0.001 per run, though, in typical AWS fashion, there’s also cost associated with data processing (starting at 0.02 per GB).
“Our customers tell us that they love having the ability to store, process, and analyze their data in AWS. They also use a variety of third-party SaaS applications, and they tell us that it can be difficult to manage the flow of data between AWS and these applications,” said Kurt Kufeld, vice president, AWS. “Amazon AppFlow provides an intuitive and easy way for customers to combine data from AWS and SaaS applications without moving it across the public internet. With Amazon AppFlow, our customers bring together and manage petabytes, even exabytes, of data spread across all of their applications — all without having to develop custom connectors or manage underlying API and network connectivity.”
At this point, the number of supported services remains comparatively low, with only 14 possible sources and four destinations (Amazon Redshift and S3, as well as Salesforce and Snowflake). Sometimes, depending on the source you select, the only possible destination is Amazon’s S3 storage service.
Over time, the number of integrations will surely increase, but for now, it feels like there’s still quite a bit more work to do for the AppFlow team to expand the list of supported services.
AWS has long left this market to competitors, even though it has tools like AWS Step Functions for building serverless workflows across AWS services and EventBridge for connections applications. Interestingly, EventBridge currently supports a far wider range of third-party sources, but as the name implies, its focus is more on triggering events in AWS than moving data between applications.
Powered by WPeMatico
Google Cloud’s fully managed Anthos is now generally available for AWS
A year ago, back in the days of in-person conferences, Google officially announced the launch of its Anthos multi-cloud application modernization platform at its Cloud Next conference. The promise of Anthos was always that it would allow enterprises to write their applications once, package them into containers and then manage their multi-cloud deployments across GCP, AWS, Azure and their on-prem data centers.
Until now, support for AWS and Azure was only available in preview, but today, the company is making support for AWS and on-premises generally available. Microsoft Azure support remains in preview, though.
“As an AWS customer now, or a GCP customer, or a multi-cloud customer, […] you can now run Anthos on those environments in a consistent way, so you don’t have to learn any proprietary APIs and be locked in,” Eyal Manor, the GM and VP of engineering in charge of Anthos, told me. “And for the first time, we enable the portability between different infrastructure environments as opposed to what has happened in the past where you were locked into a set of APIs.”
Manor stressed that Anthos was designed to be multi-cloud from day one. As for why AWS support is launching ahead of Azure, Manor said that there was simply more demand for it. “We surveyed the customers and they said, ‘hey, we want, in addition to GCP, we want AWS,’ ” he said. But support for Azure will come later this year and the company already has a number of preview customers for it. In addition, Anthos will also come to bare metal servers in the future.
Looking even further ahead, Manor also noted that better support for machine learning workloads is on the way. Many businesses, after all, want to be able to update and run their models right where their data resides, no matter what cloud that may be. There, too, the promise of Anthos is that developers can write the application once and then run it anywhere.
“I think a lot of the initial response and excitement was from the developer audiences,” Jennifer Lin, Google Cloud’s VP of product management, told me. “Eric Brewer had led a white paper that we did to say that a lot of the Anthos architecture sort of decouples the developer and the operator stakeholder concerns. There hadn’t been a multi-cloud shared software architecture where we could do that and still drive emerging and existing applications with a common shared software stack.”
She also noted that a lot of Google Cloud’s ecosystem partners endorsed the overall Anthos architecture early on because they, too, wanted to be able to write once and run anywhere — and so do their customers.
Plaid is one of the launch partners for these new capabilities. “Our customers rely on us to be always available and as a result we have very high reliability requirements,” said Naohiko Takemura, Plaid’s head of engineering. “We pursued a multi-cloud strategy to ensure redundancy for our critical KARTE service. Google Cloud’s Anthos works seamlessly across GCP and our other cloud providers preventing any business disruption. Thanks to Anthos, we prevent vendor lock-in, avoid managing cloud-specific infrastructure, and our developers are not constrained by cloud providers.”
With this release, Google Cloud is also bringing deeper support for virtual machines to Anthos, as well as improved policy and configuration management.
Over the next few months, the Anthos Service Mesh will also add support for applications that run in traditional virtual machines. As Lin told me, “a lot of this is is about driving better agility and taking the complexity out of it so that we have abstractions that work across any environment, whether it’s legacy or new or on-prem or AWS or GCP.”
Powered by WPeMatico
Pulumi brings support for more languages to its infrastructure-as-code platform
Seattle-based Pulumi has quickly made a name for itself as a modern platform that lets developers specify their infrastructure through writing code in their preferred programming language — and not YAML. With the launch of Pulumi 2.0, those languages now include JavaScript, TypeScript, Go and .NET, in addition to its original support for Python. It’s also now extending its reach beyond its core infrastructure features to include deeper support for policy enforcement, testing and more.
As the company also today announced, it now has over 10,000 users and more than 100 paying customers. With that, it’s seeing a 10x increase in its year-over-year annual run rate, though without knowing the exact numbers, it’s obviously hard to know what exactly to make of that number. Current customers include the likes of Cockroach Labs, Mercedes-Benz and Tableau .
When the company first launched, its messaging was very much around containers and serverless. But as Pulumi founder and CEO Joe Duffy told me, today the company is often directly engaging with infrastructure teams that are building the platforms for the engineers in their respective companies.
As for Pulumi 2.0, Duffy says that “this is really taking the original Pulumi vision of infrastructure as code — using your favorite language — and augmenting it with what we’re calling superpowers.” That includes expanding the product’s overall capabilities from infrastructure provisioning to the adjacent problem spaces. That includes continuous delivery, but also policy-as-code. This extends the original Pulumi vision beyond just infrastructure but now also lets developers encapsulate their various infrastructure policies as code, as well.
Another area is testing. Because Pulumi allows developers to use “real” programming languages, they can also use the same testing techniques they are used to from the application development world to test the code they use to build their underlying infrastructure and catch mistakes before they go into production. And with all of that, developers can also use all of the usual tools they use to write code for defining the infrastructure that this code will then run on.
“The underlying philosophy is taking our heritage of using the best of what we know and love about programming languages — and really applying that to the entire spectrum of challenges people face when it comes to cloud infrastructure, from development to infrastructure teams to security engineers, really helping the entire organization be more productive working together,” said Duffy. “I think that’s the key: moving from infrastructure provisioning to something that works for the whole organization.”
Duffy also highlighted that many of the company’s larger enterprise users are relying on Pulumi to encode their own internal architectures as code and then roll them out across the company.
“We still embrace what makes each of the clouds special. AWS, Azure, Google Cloud and Kubernetes,” Duffy said. “We’re not trying to be a PaaS that abstracts over all. We’re just helping to be the consistent workflow across the entire team to help people adopt the modern approaches.”
Powered by WPeMatico
Decrypted: Post-coronavirus, Auth0’s close call, North Korea warning, Awake’s Series C
Welcome to a look back at the past week in security and what it means for you. Each week we’ll look at the big news of the week and why it matters.
What will the world look like after the coronavirus pandemic subsides?
Some of us are now in our fifth week of sheltering in place, but there’s no fixed end-date in sight. We’ve gone from a period of confusion and concern to testing and mitigation. Now we’re starting to look ahead at the world post-coronavirus. Things still have to get done. But how do we regain a semblance of normality in the middle of a pandemic?
Tech can be the answer but it’s not a panacea; Apple and Google have explained more about their contact tracing efforts to help better understand the spread of the virus seems promising. But privacy concerns and worries that the system could be abused have raised justified concerns. On the other hand, with a U.S. presidential election slated for later this year, many experts want tech out of the picture in favor of a secure solution that uses paper ballots.
Will tech save the day, or will it kick us while we’re down? Let’s dive in.
THE BIG PICTURE
Voting by mail should be having its moment. Will it?
This year’s U.S. presidential election will still go ahead — it’s in the constitution as an immutable fact — but a pandemic throws a wrench in the works.
But security experts say electronic voting isn’t secure or resilient enough to protect from foreign interference. Even the more established mobile voting offerings have been shown to be deeply flawed.
Powered by WPeMatico
Microsoft’s new ‘Planetary Computer’ project will use global environmental data to support sustainability
Microsoft is embarking on a new sustainability initiative as part of its overall approach to support environmental protection measures, with a project it calls the “Planetary Computer.” This will actually be a computing endeavor that uses aggregated global environmental data collected from a number of sources as its input, and that will seek to employ machine learning and other techniques to better understand the challenges faced in planetary health, and provide answers to both Microsoft clients and scientists about how to plan for sustainability.
If all that sounds pretty esoteric to you, you’re not alone. But in a blog post, Microsoft president Brad Smith detailed some specific examples of what it hopes the Planetary Computer will actually be capable of doing. Those include things like providing searchable satellite imagery, machine learning and user-sourced data around actual on-the-ground forest borders for use in industrial construction site surveys or forest preservation efforts; providing accurate current measurement sand impact forecast for water use for agricultural planning; providing wildlife biologists with global species habitat information to support preservation efforts; and more.
This is an evolution of Microsoft’s AI for Earth program, which was launched in 2017, and the actual development of the Planetary Computer will involve further investments in infrastructure, as well as participation from the existing AI for Earth grant recipients to built out analyses on the data collected. There’s also a new AI for Earth grant, valued at $1 million, provided to the Group on Earth Observations Biodiversity Observation Network to help act as a cornerstone for biodiversity data collection as part of the project.
To help, Microsoft is also partnering with Esri, a geographical mapping and information company that underpins a lot of the related technological institutes in that sphere. Geospatial data sets will be made available through Azure and Esri later this year for use by clients and institutions, and you can expect even more to come.
Powered by WPeMatico
Pinpoint releases dashboard to bring visibility to software engineering operations
As companies look for better ways to understand how different departments work at a granular level, engineering has traditionally been a black box of siloed data. Pinpoint, an Austin-based startup, has been working on a platform to bring this information into a single view, and today it released a dashboard to help companies understand what’s happening across software engineering from an operational perspective.
Jeff Haynie, co-founder and CEO at Pinpoint says the company’s mission for the last two years has been giving greater visibility into the engineering department, something he says is even more important in the current context with workers spread out at home.
“Companies give engineering a bunch of money, and they build a bunch of amazing things, but in the end, it is just a black box, and we really don’t know what happens,” Haynie said. He says his company has been working to take all of the data to try and contextualize it, bring it together and correlate that information.
Today, they are introducing a dashboard that takes what they’ve been building and pulls it together into a single view, which is 100% self-serve. Prior to this, you needed a bunch of hand-holding from Pinpoint personnel to get it up and running, but today you can download the product and sign into your various services such as your git repository, your CI/CD software, your IDE and so forth.
It also provides a way for engineering personnel to communicate with one another without leaving the tool.
Pinpoint software engineering dashboard. Image Credit: Pinpoint
“Obviously, we will handhold and help people as they need it, and we have an enterprise version of the product with a higher level of SLA, and we have a customer success team to do that, but we’ve really focused this new release on purely self service,” Haynie said.
What’s more, while there is a free version already for teams under 10 people that’s free forever, with the release of today’s product, the company is offering unlimited access to the dashboard for free for three months.
Haynie says they’re like any startup right now, but having experience with several other startups and having lived through 9/11, the dot-com crash, 2008 and so forth, he knows how to hunker down and preserve cash. At the same time, he says they are seeing a lot of in-bound interest in the product, and they wanted to come up with a creative way to help customers through this crisis, while putting the product out there for people to use.
“We’re like any other startup or any other business frankly at this point: we’re nervous and scared. How do you survive this [and how long will it last]? The other side of it is that we’re rushing to take advantage of this inbound interest that we’re getting and trying to sort of seize the opportunity and try to be creative about how we help them.”
The startup hopes that, if companies find the product useful, after three months they won’t mind paying for the full version. For now, it’s just putting it out there for free and seeing what happens with it — just another startup trying to find a way through this crisis.
Powered by WPeMatico
Twine aims to end social isolation with its video chat app for deep conversations
A new startup called twine wants to help people feel less isolated and alone. Though the project has been in the works for around six months, it’s launching at a time when people are struggling with being cut off from family, friends, neighbors, co-workers and others due to the COVID-19 outbreak and the resulting government lockdowns and self-quarantines. Described simply as a “Zoom for meeting new people,” twine is a group video chat experience where people are encouraged to have meaningful discussions that spark new friendships.
In twine, users are matched with four other partners who they’ll then have 1-to-1 conversations with for eight minutes apiece. The full gathering lasts for a total of 40 minutes, including the virtual guide portion where the ground rules are set.
Participants choose from a library of more than 250 “deep” questions, then get matched with partners who want to explore the same topics. They then RSVP for twine’s digital gatherings in their time zone and check in when it’s time to start.
The overall experience is meant to help people find connections by skipping the small talk and going straight to what matters. But the focus is on friendships, not dating. Afterward, users are encouraged to set reminders to get back in touch and meet again in future gatherings.
There’s a hint of Chatroulette to this idea, given that users could be matched to people who are only there to disrupt the experience, in theory at least. But the company aims to reduce the potential for this sort of shock trolling by permanently banning members who are flagged for making others uncomfortable in any sort of way. We also noticed the app asks for your email, phone and ZIP code during its onboarding process, so it’s not entirely an anonymous experience.
In addition, twine requires users to rate each conversation when it ends, and members have to be pre-approved before joining a chat. The company says it’s looking to move toward “real ID only” in the future to further reduce the potential for trolling.
That said, there’s still a bit of a risk in chatting openly with strangers about highly personal topics. Twine’s guidelines say that conversations are not to be discussed with others, but this is not a doctor-patient relationship with legal protections for confidentiality. It’s just a group chat app with people who may or may not be there to follow the rules.
That said, the internet is currently experiencing a rebirth of sorts, due to COVID-19. People are coming online to look for connections. Social media is actually becoming social. This is an ideal environment to test something as optimistic as twine, which at its core believes people are largely good and will use the technology appropriately.
The idea for twine comes from serial entrepreneurs Lawrence Coburn and Diana Rau. Coburn spent the last nine years as founder and CEO of mobile events technology provider DoubleDutch, which was acquired by Cvent in 2019. Rau, meanwhile, was co-founder and CEO of Veterati, a digital mentoring platform for veterans that had also leveraged 1-to-1 conversations as part of its community-building experience.
The founders already knew each other from the Georgetown entrepreneurship ecosystem. And Coburn was an advisor to Veterati, and Rau had worked at DoubeDutch, as well.
Coburn describes his vision for twine as something in between a new social network and a substitute for those who are spiritual, but not religious, in terms of helping people who want to “be better humans.” Rau says she wanted to work on twine to help end loneliness by giving people a place to explore humanity on a one-on-one basis.
The app was originally intended to connect people who would meet up in real-life gatherings, but the coronavirus outbreak shifted those plans and accelerated launch plans.
“Launching a new company during the best of times is really, really hard. During a global pandemic? Yikes!,” wrote Coburn, in a blog post about the launch. “But as the new reality settles in, it has become clear to me that the world needs twine or something like it more than ever. The macro forces that inspired Diana and I to start twine – loneliness, polarization, isolation – will only be exacerbated by social distancing. A societal loneliness that was already classified as an epidemic pre coronavirus, is about to get way, way worse,” he added.
The startup is backed by $1.4 million in seed funding, closed on March 12, led by DoubleDutch investor, Hinge Capital. Other investors from DoubleDutch have also returned to fund twine, including FJ Labs, Brand Foundry and Bragiel Brothers. Angels in the round include April Underwood (Slack), Jay Hoffmann (Rocketmiles), Scott Heiferman (Meetup) and Vishal Kapur (Screenhero).
In the future, twine aims to be subscription-based and launch real-life gatherings, as originally planned, when it’s safe to do so.
The app is currently in private beta on iOS and web. Currently, it has a waitlist of around 1,000 users, mainly from New York City and San Francisco, but twine will be available worldwide.
Powered by WPeMatico
Cloud Foundry Foundation executive director Abby Kearns steps down to pursue a new executive role elsewhere
The Cloud Foundry Foundation (CFF), the home of the Cloud Foundry open-source developer platform, today announced that its executive director Abby Kearns is stepping down from her role to pursue an executive role elsewhere.
If you’ve followed the development of the CFF for a while, it won’t come as a surprise that its current CTO, Chip Childers, is stepping into the executive director role. For the last few years, Kearns and Childers shared duties hosting the foundation’s bi-annual conferences and were essentially the public faces of the organization.
Both Kearns and Childers stepped into their roles in 2016 after CFF founding CEO Sam Ramji departed the organization for a role at Google . Before joining the Cloud Foundry Foundation, Kearns worked on Pivotal Cloud Foundry and spent over eight years as head of product management for integration services at Verizon (which, full disclosure, is also the corporate parent of TechCrunch).
Today, according to its own data, the Linux Foundation-based Cloud Foundry project is used by more than half the Fortune 500 enterprises. And while some use the open-source code to run and manage their own Cloud Foundry platforms, most work with a partner like the now VMware-owned Pivotal.
“I am tremendously proud of Cloud Foundry and of the Foundation we have all built together,” said Kearns in today’s announcement. “Cloud Foundry offers the premier developer experience for the cloud native landscape and has seen massive adoption in the enterprise. It also has one of the strongest, kindest, most diverse communities (and staff) in open source. I leave the organization in the best hands possible. Chip was the first Foundation staff member and has served as CTO for more than four years. There is literally nobody else in the world more qualified for this job.”
During her role as executive director, Kearns helped shepherd the project through a number of changes. The most important of those was surely the rise of Kubernetes and containers in general, which quickly changed the DevOps landscape. Unlike other organizations, the CFF adapted to these changing times and started integrating these new technologies. Over the course of the last two years, the Cloud Foundry community started to deeply integrate these cloud-native technologies into its own platform, despite the fact that the community had already built its own container orchestration system in the past.
As Childers told me last year, though, the point of Cloud Foundry isn’t any specific technology, though. Instead, it’s about the developer experience. Ideally, the developers who use it don’t have to care about the underlying infrastructure and can simply integrate it into their DevOps workflow. With a lot of the recent technical changes behind it,
“We as a Foundation are turning the page to a new chapter; raising the profiles of our technical contributors, highlighting the community’s accomplishments and redefining the Cloud Foundry platform as the best Kubernetes experience for enterprise developers,” said Childers today. “Abby has done a tremendous job leading the Foundation through a period of massive growth and upheaval in the cloud native world. Her leadership was instrumental in building Cloud Foundry as a leading cloud development tool.”
As the CFF also today announced, Paul Fazzone, SVP Tanzu R&D at VMware, has been named Chairman of the Board of Directors, where he replaces Dell EMC global CTO John Roese.
“This next chapter for Cloud Foundry will be a shift forward in focusing on evolving the technology to a Kubernetes-based platform and supporting the diverse set of contributors who will make that outcome possible,” said Fazzone. “In my new role as Chairman of the Board, I look forward to helping guide the Foundation toward its goal of expanding and bolstering the ecosystem, its community and its core of users.”
Powered by WPeMatico
Compete in Startup Battlefield and Launch at Disrupt SF 2020
Early-stage founders: Don’t miss your chance to follow in the footsteps of tech giants. We know COVID-19 has created challenges for startup founders, but fear not. Disrupt SF is still proceeding as scheduled, with a Disrupt Digital Pass Virtual option. Launch your startup in the world’s most famous pitch competition, Startup Battlefield. The smackdown goes down live on the Main Stage at Disrupt San Francisco 2020 on September 14-16. Want a shot at $100,000 and the Disrupt Cup? Fill out your application to compete right here.
Companies such as Fitbit, Cloudflare, Mint.com, Dropbox, Vurb, Yammer and Getaround — to name but a few — trace their origins to the Battlefield competition. The Startup Battlefield Alumni Community — 902 companies strong and counting — has collectively raised $9 billion and produced more than 115 successful exits (IPOs or acquisitions). That’s some impressive company to keep. Why not join their ranks?
Here’s how Startup Battlefield works. First, you apply. (Pro tip: Applying and competing in the Battlefield is free and TechCrunch does not take any equity). Next, TechCrunch’s Battlefield-savvy editorial team pours over every application looking for approximately 20 startups to pitch on the Main Stage.
The TechCrunch team will put all participants through rigorous, weeks-long training to hone pitches, business models, presentation skills and any other startup issues that require tightening. You’ll be in fighting trim and ready to step out onto the Main Stage.
Teams have just six minutes to pitch and present a live demo to a panel of expert judges. After each pitch, the judges (we’re talking folks like Cyan Banister, Kirsten Green, Aileen Lee, Alfred Lin and Roelof Botha) will put each team through a Q&A. No flop-sweat here, thanks to all those weeks of pitch coaching.
The judges will select anywhere from four to six teams to advance to the finals. And that means another pitch and Q&A in front of a fresh set of judges. The winning team takes home $100,000, the coveted Disrupt Cup and they bask in a spotlight of media and investor attention. Startup Battlefield can be a life-changing experience for all competitors — not just the ultimate winner.
The action takes place in front of an enthusiastic audience of thousands. Plus, we live-stream the entire event on TechCrunch.com, once you sign up for the digital pass. If all that’s not enough, consider this. Startup Battlefield competitors receive a VIP Disrupt experience.
You’ll have access to private VIP events like the Startup Battlefield Reception, and each team receives four complimentary event tickets. You get to exhibit at the show for all three days, and you’ll have access to CrunchMatch, TC’s investor-founder networking platform. And you also get a complimentary ticket to all future TC events and free subscriptions to Extra Crunch.
Whew. That’s a whole lot of opportunity and exposure. So, what are you waiting for? Disrupt San Francisco 2020 takes place on September 14-16. Apply to compete in Startup Battlefield for a shot at launching your dream to the world.
TechCrunch is mindful of the COVID-19 issue and its impact on live events. You can follow our updates here.
Is your company interested in sponsoring or exhibiting at Disrupt San Francisco 2020? Contact our sponsorship sales team by filling out this form.
Powered by WPeMatico