The US financial services industry has fully embraced a move to the cloud, driving a demand for tech skills such as AWS and automation, as well as Python for data analytics, Java for developing consumer-facing apps, and SQL for database work.

The push is part of an industrywide trend toward making banking more accessible by giving customers better access to savings accounts, investments, and loans through digital services, according to careers website Dice.com. New technologies, such as cryptocurrency and digital banking, have the potential to bridge opportunity gaps in financial services that have existed for decades. But financial services companies need skilled IT professionals to help manage the integration of new and emerging technology, while modernizing legacy finance tech.

As demand for tech skills grows in the finance industry, certain IT jobs are becoming more sought-after than others. If youre an IT pro looking to break into the finance industry, or a finance IT leader wanting to know where hiring will be most competitive, here are the top 10 in-demand tech jobs in finance, according to data from Dice.

Software engineers are one of the most sought-after roles in the US finance industry, with Dice citing a 28% growth in job postings from January to May. The most in-demand skills include DevOps, Java, Python, SQL, NoSQL, React, Google Cloud, Microsoft Azure, and AWS tools, among others. In the finance industry, software engineers are often tasked with assisting in the technical front-end strategy, writing code, contributing to open-source projects, and helping the company deliver customer-facing services. Software engineers are at the forefront of digital transformation in the financial services industry by helping companies automate processes, release scalable applications, and keep on top of emerging technology trends.

The average salary for a financial software engineer is $116,670 per year, with a reported salary range of $85,000 to $177,000 per year, according to data from Glassdoor.

Full-stack software engineers are essentially high-level software engineers who are focused on designing, testing, and implementing software applications. Job duties include helping plan software projects, designing software system architecture, and designing and deploying web services, applications, and APIs. Youll be required to write code, troubleshoot systems, fix bugs, and assist with the development of microservices. In-demand skills for the role include programming languages such as Scala, Python, open-source RDBMS, NoSQL, as well as skills involving machine learning, data engineering, distributed microservices, and full stack systems.

The average salary for a full stack software engineer is $115,818 per year, with a reported salary range of $85,000 to $171,000 per year, according to data from Glassdoor.

Back-end software engineers are responsible for maintaining the structure of server-side information by optimizing servers, implementing security measures, and developing data storage solutions. Youll also be responsible for writing server scripts and APIs that will be used by front-end engineers and UX designers, inspect server codes, configure front-side applications, maintain stable servers, and maintain a backup library. Commonly sought-after skills for back-end software engineers in the financial industry include Java, Python, SQL, Node, Go, Scala, open-source RDBMS, NoSQL databases, and AWS tools and services, among others. Youll also be expected to stay on top of latest tech trends, work closely with product managers, and assist in building cloud-based solutions for financial clients.

The average salary for a back-end software engineer is $126,755 per year, with a reported salary range of $89,000 to $205,000 per year, according to data from Glassdoor.

A director of software engineering is responsible for maintaining day-to-day operations in the software engineering business unit and drive the business roadmap and strategy for the department. Youll be responsible for managing teams of software engineers, overseeing development of customer-facing and internal business applications, and maintaining an eye on new or emerging technology that may impact the business. Its a high-level role that requires more leadership and communication skills rather than hard skills, but depending on the size of the company, you may still need to code occasionally and get hands-on with tech projects.

The average salary for a director of software engineering is $233,321 per year, with a reported salary range of $160,000 to $397,000 per year, according to data from Glassdoor.

DevOps is the intersection of operations and IT development a practice meant to facilitate faster time-to-market and better collaboration among teams involved in the development life cycle. Operations maintains a stronger focus on stability and reliability, whereas development teams are more invested in innovation, change, and moving forward. DevOps helps bring both ideologies together to find a balance between the two goals. In the financial industry, DevOps engineers are focused on bringing together new emerging technologies and legacy systems that have been in place for decades. As emerging technologies such as cryptocurrency and automated trading grow, DevOps engineers help manage the transition while finding the best way to implement new technology without disturbing the flow of the current systems and services.

The average salary for a DevOps engineer is $121,173 per year, with a reported salary range of $91,000 to $169,000 per year, according to data from Glassdoor.

As more financial companies embrace the cloud, theres been an increase in demand for data engineers to help manage AWS and Azure services in the organization. Finance companies collect massive amounts of data, and data engineers are vital in ensuring that data is maintained and that theres a high level of data quality, efficiency, and reliability around data collection. Skills for financial data engineers include coding skills, data analytics, data visualization, data optimization, data integration, data modeling, cloud computing services, knowledge of relational and nonrelational database systems, and an ability to work with high volumes of structured and unstructured data.

The average salary for a data engineer is $118,915 per year, with a reported salary range of $87,000 to $177,000 per year, according to data from Glassdoor.

In the financial industry, business analysts are responsible for using data to help inform business decisions and to translate business needs into functional requirements. Youll need to have a strong understanding of how the business works, with a focus on technology and how it can help support the business through transformation. Business analysts will be expected to build relationships with finance stakeholders in the business to better understand their technology needs and business processes. Part of the role also includes continually improving the organizations technology stack, while maintaining a priority for business continuity and risk management.

The average salary for a financial business analyst is $98,852 per year, with a reported salary range of $73,000 to $154,000 per year, according to data from Glassdoor.

Business systems analysts are responsible for overseeing internal systems, implementing new technology that will help drive and support business needs, and applying analytical data to help plan, design, and deploy new technology. Theres a strong focus on optimizing processes in the organization, maintaining enterprise applications, keeping technology within budget, and identifying key areas for improvement. In the financial industry, business systems analysts are typically tasked with applying these skills to financial technology used within the business. You may be expected to work with product managers, software development, and IT teams to participate in all phases of the development life cycle for financial services.

The average salary for a business systems analyst is $103,869 per year, with a reported salary range of $76,000 to $156,000 per year, according to data from Glassdoor.

Data has long been important to the financial industry its a vital component that helps inform everything from the stock market to personal bank accounts. Financial companies gather large amounts of data, so data scientists are in high demand to help manage, store, organize, and analyze the data collected. Data scientists are used for everything from stock market predictions, to customer experience initiatives, to fraud protection, and companies typically hire data scientists to focus on just one or two specific areas of interest. Some of the main areas that the financial industry makes use of data scientists includes risk management, fraud detection, customer data, consumer analytics, and algorithmic trading. Youll need knowledge of natural language processing (NLP), machine learning, managing complex data infrastructures, and analytics for the role. Other sought-after skills include Python, R, JavaScript, C++, Apache Spark, and Hadoop.

The average salary for a financial data scientist is $114,979 per year, with a reported salary range of $85,000 to $168,000 per year, according to data from Glassdoor.

Lead software engineers are responsible for design planning, leading new development projects, designing and developing consumer-facing web apps, building APIs, developing cloud-based solutions, and leading software development teams. As lead software engineer, you will likely be tasked with major or high-profile projects in the organization and be expected to train, coach, and mentor teammates. A masters degree isnt necessarily required for this role, but its often preferred. In the financial industry, lead software engineering jobs are typically looking for skills with Python, SQL, NoSQL, JavaScript, AWS, Kubernetes, Git, and more.

The average salary for a lead software engineer is $150,430 per year, with a reported salary range of $116,000 to $202,000 per year, according to data from Glassdoor.

Go here to see the original:
The 10 most in-demand IT jobs in finance - CIO

Originally posted here.By: Az

Jump Crypto and the Solana Foundation have announced their plans to boost the throughput and reliability of the high-performance blockchain Solana. This will be done by developing a new open-source validator client for the network that will run alongside the existing one. Its name [] Firedancer. Firedancer is now Were excited about the opportunity []

Jump Crypto and the Solana Foundation have announced their plans to boost the throughput and reliability of the high-performance blockchain Solana. This will be done by developing a new open-source validator client for the network that will run alongside the existing one.

Its name [] Firedancer .

Firedancer is now

Were excited about the opportunity to help scale the Solana network by engaging our strong-arm in research and development. https://t.co/5wtlghONPG pic.twitter.com/WPRyJN7ior

jump_crypto (@jump_) August 16, 2022

Jump Crypto, which has always been a validator and RPC node operator within the Solana ecosystem, will not only create a second validator client, separate from the one originally built by Solana Labs but also propose important upgrades to Solanas existing open-source core software. Kevin Bowers, Jump Tradings Chief Science Officer, will oversee the process of building the new validator client.

But what is Firedancer, what does it do, and what will it achieve?

Lets take a look!

What is Firedancer?

Firedancer is a new validator client that has been built by Jump Crypto to help increase the efficiency of the Solana network.

It is a fully independent consensus node implementation for the Solana blockchain. A consensus node is the core piece of technology that validators use to agree on the chains state (blocks and transactions) ensuring its integrity and validity.

What does it do?

Currently, Solanas throughput is not limited by any hardware, but instead by software inefficiencies. This is what Firedancer looks to solve, in the process enhancing both the networks decentralisation and its performance drastically.

The truth is that there is one fatal flaw with some PoS consensus methods, and that issue is having the network overthrown by the majority of the stakers. But with just over a third of the stakers/staking power running on Firedancer, no single client will have a supermajority on the network. And the benefit of having a second validator eliminates the issue of having a single point of failure.

According to the Firedancer website, the team aims to make significant progress on the development of the new client over the next 12-24 months. Whats more, the development will be open source, allowing anyone to see what is taking place.

Firedancers core code will be written in the C/C++ programming languages. These languages were chosen due to their widespread use in writing code that needs low-level access to a computers hardware. Low-level access means faster operating times, hence higher throughput and transaction speed.

How does it help?

Firedancer will:

Improve network efficiency.

Help scale the network.

Make it cheaper to run a validator node.

Make the network more decentralised.

Efficiency will be improved due to Firedancer using zero-copy networking to bypass most of the operating systems kernel network stack, coming with its own queues and other concurrency primitives.

Scalability will be down to the core developers and their understanding of the networks capabilities and limitations. Mechanical sympathy is when you use a tool or system with an understanding of how it operates best. This is where the teams behind Jump Crypto and Solana Labs aim to excel (both have significant backgrounds in low-level programming and engineering).

Running a node will be cheaper with a secondary client due to less hardware being needed per node. Less hardware naturally translates to a lower cost. However, it is worth mentioning that existing node operators will eventually have to make changes to their validators, as Firedancer will become an entirely separate node implementation at some point.

Lastly, higher decentralisation is managed by making validation more accessible. Firedancer will achieve this by lowering implementation risks that would impact large portions of the stake at once, and at the same time, by having a second self-dependent team of core engineers.

To learn more, visitfiredancer.io

Join our

Telegram / Discord / Twitter

Read more here:
What is Solana Firedancer and why is it important? - Geeks World Wide

Homebrew HVAC systems are one of those projects that take such a big investment of time, effort and money that youve got to be a really dedicated (ideally home-owning) hacker with a wide variety of multidisciplinary skills to pull off an implementation that can work in reality. One such HVAC hacker is [Vadim Tkachenko] with his multi-zone Home Climate Control (HCC) project that we covered first back in 2007. We now have rare opportunity to look at the improvements fifteen years of part-time development can produce, when a project is used all day, all year round in their own home. At the start, things were simple, just opening and closing ventilators with none of those modern MQTT-driven cloud computing stuff.

The current implementation, called DZ (GitHub project link) has been rewritten using modern reactive programming techniques (which apparently is a good thing for an HVAC control system) with the HCC-core application running on anything UNIX, but fits nicely on the Raspberry Pi. Measurement data (temperature, humidity, etc.) can be taken from 1-wire devices as well as XBee modules, enabling wired and wireless sensing around the installation. The system can control various air management appliances, such as heaters, heat pumps and fans depending on the need for heating, cooling or ventilation. Dont forget that often neglected third leg of HVAC, the V part is critical for a healthy house. The remote control and monitoring is courtesy of an Android application (HCC-Remote) which allows users to visualise the current status and what the HCC is currently doing to keep the programmed climate in check.

Data are transported using the common MQTT protocol, allowing simple connectivity to any sensors or controllers that already exist in an installation, with HCC providing integrations for ESPHome as well as Home Assistant, so there are plenty of options for building a system around existing hardware. The project is fairly big (as youd expect for this length of time) but [Vadim] would like to stress that they see a lot of re-inventing of the wheel on this subject, and a good look at HCC may save some people a lot of pain implementing a system without such a solid grounding.

If your needs are more basic, perhaps this simple ESP8266-based smart vent will suffice? And, if the control system is less of a problem, and youre more interested in the actual physical implementation, why not check out this DIY Energy Recovery Ventilator (ERV) project?

The rest is here:
Is This The Oldest Open Source HVAC Project In Existence? - Hackaday

The use of mobile devices within enterprise organizations is commonplace, so organizations must prepare for all sorts of mobile threat vectors -- including attacks via mobile applications -- to avoid a cybersecurity breach.

As the COVID-19 pandemic and the trend of working from anywhere have pushed many people to work remotely, mobile devices have become a primary channel for employees to stay in touch with their employers and enterprise networks. While this shift has offered convenience and flexibility to workers, reliance on mobile devices brings new security risks to the table. Ransomware, malware and other types of attacks can target mobile devices to great effect, and organizations must account for this to keep data secure throughout the enterprise.

It only takes one compromised mobile device for an attacker to access an organization's network. Corporate-owned and BYOD mobile devices are the ultimate target for land-and-expand attacks, where an attack on a mobile device sets the stage for another attack on a back-end system or cloud application. A typical corporate user's mobile device may have business email, a unified communications application such as Slack or Teams, and a Salesforce or other customer relationship management (CRM) client. When attackers compromise such a device, they have full access to the corporate network resources -- as if they're authorized users of the device.

Because many workers resorted to using personal and corporate-owned mobile devices to get their jobs done amid the pandemic, the mobile attack surface has grown in recent years. A 2022 report from mobile security vendor Zimperium found that a global average of 23% of mobile devices encountered malicious applications in 2021. The firm also found that 75% of phishing sites specifically targeted mobile devices that year.

Additionally, with each new application a user installs on a mobile device, the attack surface grows. Threats to applications, such as exposed APIs and misconfigured code, leave customer data open to attack. Outdated mobile apps only add to these security vulnerabilities. Organizations can look to enterprise mobility management (EMM) and other endpoint management tools for better control over applications. These tools enable IT to create and manage policies, such as automating mobile OS and app updates, for better mobile security.

Attackers may also target mobile devices for reconnaissance. Bad actors can use a mobile device's microphone and camera to spy on organizations and learn corporate secrets, such as research and development plans and financials. Compromised mobile devices can eavesdrop on sales calls or meetings about an organization's next big product.

There are many ways that hackers can compromise mobile devices through mobile apps. Prevent and mitigate the damaging consequences of attacks on mobile applications by keeping the following threat vectors in mind.

Malware is malicious software that can steal login credentials while bypassing two-factor authentication (2FA). Viruses, worms and spyware are examples of malware targeting mobile devices.

The fight against mobile malware starts with mobile antivirus software. IT must tightly control remote access to the enterprise network via mobile devices.

Malware attacks evolve with the support of state-sponsored and criminal hacking organizations. Some of these hacking groups have the technology and staff resources of a large software development shop. For example, a new and alarming trend in malware attacks against mobile banking apps is the dropper apps, which cybercriminals added to legitimate apps in the Google Play store. As hybrid work and BYOD policies blur the lines between personal and corporate devices, this is a significant threat to many organizations.

As DevOps and DevSecOps practices gain popularity, mobile app developers will increasingly have to move to mobile DevSecOps to build secure mobile apps. Many defense techniques will only grow in importance, such as code obfuscation to render app code or logic hard to understand and application shielding to guard against dynamic attacks, malicious debugging and tampering.

While IT teams can use obfuscation to protect data, hackers can also use this tactic to carry out ransomware attacks. A ransomware attack encrypts a compromised mobile device, locking the device user out. Ransomware attackers usually follow the same playbook with mobile devices as they do with PCs: Pay up if you want to regain access to your device and its data.

Ransomware was a part of nearly 25% of all data breaches in 2021 -- an almost 13% increase from the previous year -- according to findings from Verizon's "2022 Data Breach Investigations Report", and mobile devices are far from immune to such attacks.

Preventing ransomware starts with blocking corporate devices from downloading apps from any source other than their enterprise app store, the Apple App Store or Google Play. Some other critical steps to prevent mobile ransomware include the following:

Leaky mobile apps set the stage for a mobile device breach. As the name suggests, a leaky app is an app that corporate data seeps out of, like water leaking out of a cracked pipe. Poor programming practices create flawed code, which can enable the public and attackers to see application data such as corporate information and passwords.

It only takes one compromised mobile device for an attacker to access an organization's network.

Security flaws were a significant issue with the release of the Beijing 2022 Olympics app. The app was mandatory for all attendees and had flaws that could allow attackers to steal personal information and even spy on some communications. Common advice to the athletes and other attendees was to use a burner phone at the Olympics because of the mobile security threats that were present.

A similar threat emerged in January 2021, when Slack identified a bug in its Android app that logged cleartext user credentials on devices. While Slack did warn its users to change their passwords and purge the application data logs, potential access was wide open to attackers seeking corporate information. Although the bug did not lead to any headline-grabbing breaches, it shows that popular enterprise mobile apps are a potential attack vector.

To protect against flawed code and leaky mobile apps, organizations must train their mobile developers in secure coding practices and implement mobile application security testing as part of a DevOps methodology.

A software supply chain works similarly to an assembly line in a factory. It's a production cycle that pulls together partners, contractors and third-party vendors to produce software. Open source software components also travel the same supply chain.

Through the software supply chain, however, a cybersecurity vulnerability in one organization can lead to further damage for various other organizations. The SolarWinds software supply chain breach infamously showed this danger, with hackers gaining access to the networks, systems and data of thousands of the company's government and enterprise customers.

An attacker who compromises the software supply chain of a mobile app vendor can insert code in the app, which prompts an end user to download an update from a malicious site. A software supply chain compromise happens before an app hits a public or corporate app store.

Business application and service providers will no doubt ramp up their supply chain security to prevent these attacks.

Jailbroken iOS devices and rooted Android devices compromise the security posture of the entire device because they allow hackers to carry out privilege escalation attacks. When attackers gain access to a mobile OS, they can attack mobile applications indiscriminately.

EMM tools such as Jamf Private Access enable IT to set security policies that prevent jailbroken or rooted mobile devices from accessing enterprise resources.

As corporate applications migrate to the cloud, the prospect of man-in-the-middle (MitM) attacks -- where an attacker can intercept, delete or alter data sent between two devices -- becomes a reality. While there are other causes of MitM attacks, mobile applications using unencrypted HTTP can traffic sensitive information, which attackers can utilize for their nefarious purposes.

To prevent MitM attacks, organizations should start by training their development teams in secure coding standards and architecture. The same standards must also apply to vendors in their software supply chain.

To ensure the safety of mobile users and sensitive corporate resources, IT must know how attacks on mobile applications can take place and proactively defend against them. As an organization's use of BYOD and corporate devices evolves, so must its mobile security strategies. The key to creating such effective security policies is making the most of working relationships to share best practices among desktop and mobile teams, as well as the end users the organization supports.

Read the rest here:
Preventing attacks on mobile applications in the enterprise - TechTarget

President Joe Biden walks along the Colonnade of the White House on May 4, 2022, to the Oval Office. Official White House photo by Adam Schultz.

Maryland Democrats are gearing up for their big rally Thursday evening with President Joe Biden at Richard Montgomery High School in Rockville.

Their opponents are gearing up as well.

The president is the headliner, but other scheduled speakers at what promises to be a lengthy rally include Democratic National Committee Chair Jaime Harrison; Democratic gubernatorial nomineeWes Moore and his running mate, former state Del.Aruna Miller; Del. Brooke Lierman (D-Baltimore City), the partys nominee for state comptroller; U.S.Ben Cardin; U.S. HouseMajority Leader Steny Hoyer; U.S. Rep. JamieRaskin; andMaryland Democratic Party Chair Yvette Lewis.

But Republicans and conservatives also plan to have a presence, virtually and in person, for counter-programming.

Del. Dan Cox (R-Frederick), the GOP nominee for governor, plans to hold a news conference Thursday afternoon outside the Montgomery County Circuit Court, just a few blocks from the rally site. Earlier in the afternoon, the Republican National Committee is hosting a press call with Del. Neil Parrott (R-Washington), who is in a rematch with U.S. Rep. David Trone (D-Md.).

And the conservative group Help Save Maryland has put out an electronic flier inviting people to a counter-protest outside the high school, urging them to Rally Against Open Borders Joe Biden and His Sanctuary Cronies.

Rockville should be a fun place Thursday afternoon and evening but the traffic could be murder.

Wes week

Not surprisingly, the Moore campaign has kept the pedal to the metal on the fundraising front this week. We know of at least two major fundraisers that he held this week in Maryland.

On Tuesday evening, the Moore campaign had an event at the Woodmore Country Club near Mitchellville with several local and regional business leaders. The list included Everett Browning, a government contractor; John Clyburn, a business consultant and brother of South Carolina Rep. Jim Clyburn, the third-ranking Democrat in the House of Representatives; Gwen McCall, a business and leadership consultant; Emerick Peace, who runs a real estate firm; Terry Spiegner, who runs an IT company; and Freddie Winston, a construction company owner.

Del. Darryl Barnes (D-Prince Georges), the chair of the Legislative Black Caucus in Annapolis who supported Comptroller Peter Franchot, not Moore, in the Democratic gubernatorial primary was also listed as a sponsor of the event.

On Thursday evening, Moore traveled to Annapolis for a fundraiser at the Red Red Wine Bar sponsored by uber-lobbyist Gerard Evans and his multiple clients.

Other individuals and organizations that endorsed Moores Democratic primary foes are quickly falling in line. This week, the Maryland chapter of the Sierra Club, which had endorsed former U.S. Education Secretary John King in the Democratic primary, announced its support for Moore.

Wes Moore and Aruna Miller are a dynamic duo with diverse experience and lots of enthusiasm for bringing people together to solve problems. It doesnt get bigger than an existential climate crisis and threats on democracy from extremists, said Rosa Hance, chair of the Sierra Club Maryland Chapter. We are excited to endorse Wes Moore and work with him and Aruna to meet the challenges head-on.

On Friday, four locals of the Service Employees International Union, which had backed former U.S. Labor Secretary Tom Perez for governor, will endorse Moore in Baltimore. The unions represent health care, education workers, janitors, security guards and workers at BWI Marshall Airport.

Raskin eyes top committee slot

Tuesdays New York primary results were barely 12 hours and already ambitious House Democrats were jockeying to become the top Democrat on the House Committee on Oversight and Reform following the primary defeat of veteran Rep. Carolyn Maloney (D-N.Y.), who has held the committee gavel since the death of the late Maryland Congressman Elijah Cummings (D).

One of those jockeying: Maryland Rep. Jamie Raskin (D).

Raskin, according to Punchbowl News, Politico and other Capitol Hill-focused publications, is one of four Democrats eyeing the vacancy. But he has less seniority in Congress and on the committee than two of the other aspirants, Rep. Steven Lynch (D-Massachusetts) and Rep. Gerry Connolly (D-Virginia). Rep. Ro Khanna (D-California) is also seen as a possibility, but according to Politico, he is urging Raskins selection.

Raskin told Politico that he is actively exploring it and will have something to say this week.

The oversight panel is the venue for great political battles and when its run by the party opposite the White House it is often the center for partisan-tinged investigations. Even though the political environment has changed some over the past few months, the Republicans are still favored to seize control of the House in January, meaning Raskin and his colleagues are likely competing to become ranking member of the committee rather than committee chair.

Depending on how the congressional game of musical chairs turns out following the election, Raskin could also be in line to be the top Democrat on the House Committee on Administration.

Event-hopping in Howard Co.

Two Republicans running in the 9th legislative district, which Democrats have targeted for takeover, are holding back-to-back fundraisers on Sunday evening.

First, Del. Reid Novotny (R-Howard), who is hoping to oust Sen. Katie Fry Hester (D) in November, has an event scheduled at Circle D Farm in Woodbine, from 4-6 p.m. Then, from 6-8 p.m., Del. Trent Kittleman (R-Howard), who is seeking a third term representing the subdistrict District 9A, at a farm in West Friendship, a seven-mile drive away.

Kittleman and the other Republican in the two-seat district, Jianning Jenny Zeng, are running against Democrats Chao Wu and Natalie Ziegler. During the latest round of redistricting, Democrats made the district more favorable to their candidates by substituting a portion of Carroll County for a portion of Montgomery County.

Read more from the original source:
Political Notes: The Biden rally and counter-programming, Moore's new fans, Raskin's ambition, and more - Josh Kurtz

On Tuesday, the creator of Wii U emulator Cemu announced a major 2.0 version release, introducing Linux builds for the first time and open sourcing eight years of work.

In 2017, Wii U emulator Cemu made history by pulling in thousands of dollars per month on Patreon to help fund development. Cemu's high profile Patreon, which was briefly earning $25,000 at its peak, raised questions about the ethics of emulation, particularly when money is involved, and when a project is "closed source" instead of open source, meaning their source code isn't publicly available. Closed source emulator development isn't inherently wrong, but it can be controversialone of the key ways the emulation community protects itself from lawsuits is by keeping its source code public, so litigious companies like Nintendo can study it and confirm that none of its proprietary code is used in the reverse-engineering process.

Dolphin emulator developer Pierre Bourdon broke it down for me back in 2017. "You can save a lot of time if you cheat and look at proprietary documentation (console SDKs, leaks, etc.) while trying to understand how a console works," he said. "This is in general frowned upon in many emulation projects: it puts the whole project at the risk of a lawsuit. It's one of the things where we have no doubts about the legality: it's clearly illegal. With open source projects the development process is usually very open."

Despite some worries in the community that Cemu would attract legal scrutiny thanks to its closed source code, lucrative Patreon and 4K Breath of the Wild videos, Nintendo never came knocking. And now worries that Cemu's source code could be lost if developer exzap ever disappeared are moot, too. The project in its entirety is available on Github, including Linux builds for the new 2.0 release.

Cemu's move to open source marks the end of the most prominent fan-made closed source emulator in existence. It's a great day for the continued preservation of Nintendo's games long into the future, considering the company's own emulation efforts are often disappointingly bad.

Exzap notes that the Linux support is "still very rough around the edges," but hopes that changes quickly as other emulator developers familiarize themselves with Cemu and begin to chip in on the project. Cemu previously only ran on Windows, but its Linux support now opens the door to easy installation on the Steam Deck, my favorite emulation system. It won't be easy to get going on the Deck until Cemu adds flatpak support for one-click installation, but that's already being discussed on the Github.

Cemu's creator used the 2.0 announcement to talk a bit about the emulator's historythey've been the sole developer for much of its run, and said that in the last couple years the project has been especially draining.

"Whenever I tell myself to make time for other things, I end up feeling guilty because my self-inflicted sense of responsibility drives me to always prioritize Cemu over my own interests. This year was especially intense because I single-handedly ported Cemu to Linux while also trying to deliver somewhat constant feature and bug fix updates," they wrote. "In the end, opening up development seems like the logical decision. It has always been the long-term plan anyway. With Cemu being open-source, the hope is that new contributors will pick up where I left off."

Exzap will still be contributing, but hopes having more developers will help with some significant features, like pausing and restarting emulation and improving performance on older hardware.

"I have been working on Cemu for almost 8 years now, watching the project grow from an experiment that seemed infeasible, to something that, at its peak, was used by more than a million people," exzap wrote on Tuesday. "Even today, when the Wii U has been mostly forgotten, we still get a quarter million downloads each month. There are still so many people enjoying Wii U games with Cemu and I will be eternally grateful that I got the chance to impact so many people's life in a positive way, even if just a tiny bit."

Link:

Here's why Wii U emulator Cemu going open source is a big deal for emulationand for the Steam Deck - PC Gamer

A researcher has conducted an analysis to see how major companies could track user activity through their mobile in-app browsers, and released a free and open source tool that allows anyone to check what code is being injected by such browsers.

Some mobile applications use built-in browsers to allow users to quickly access third-party websites. Other apps include a browser to load their own resources, which may be needed to perform various activities. However, these internal browsers could also pose security and privacy risks.

Researcher Felix Krause published a blog post earlier this month claiming that the iOS apps of Instagram and Facebook could monitor everything a user does on an external website opened through the applications internal browser. This claim was based on the JavaScript code the applications inject into the website displayed by the in-app browser.

Later tests showed that TikTok also injects JavaScript code that modifies the content of the third-party websites opened through the social media app. TikTok appears to monitor all keyboard inputs and screen taps, potentially allowing the company to collect passwords and other sensitive information entered via the built-in browser.

Meta said the code is being injected as part of an App Tracking Transparency (ATT) mechanism that helps the company respect users privacy choices. TikTok confirmed that the keylogging code exists, but said its not actually being used.

However, Krause says his analysis highlights the potential security and privacy risks associated with JavaScript code getting injected by in-app browsers into third-party websites. That is why last week he released a free and open source tool that anyone can use to check what code is being executed through these in-app browsers.

The online tool, named InAppBrowser, displays the JavaScript code that is injected when the website inappbrowser.com is opened with an in-app browser. It also provides information on what each command does.

While the tool can provide some useful information, Krause pointed out that it cannot detect all the JavaScript executed by the browser and it also does not provide any information on the tracking mechanisms implemented using native code. In addition, some applications can hide their JavaScript activities, including by using Apples WKContentWorld object, which is designed to separate the app from the webpages and scripts it executes.

On the other hand, the researcher noted, Just because an app injects JavaScript into external websites, doesnt mean the app is doing anything malicious. There is no way for us to know the full details on what kind of data each in-app browser collects, or how or if the data is being transferred or used.

Users who are concerned about the potential risks should always open websites in their phones browser rather than the in-app browser. Popular apps often provide the Open in browser option for this task, or users could simply copy and paste the URL.

Krause also noted that some iOS apps follow Apples recommendation and use Safari or the Safari view controller for accessing external websites, and this prevents them from injecting their own code.

The InAppBrowser source code is available on GitHub. The app can work for both Android and iOS applications.

Related: Apple to Tighten App Privacy, Remove Apps That Don't Comply

Related: Google Details New Privacy and Security Policies for Android Apps

Related: Google Introduces 'Privacy Sandbox' for Ads on Android

Read the original here:

New Open Source Tool Shows Code Injected Into Websites by In-App Browsers - SecurityWeek

You would think organizations would want to know when ex-employees have access to the crown jewels.

No one wants to end up in the news like Twitter did due to lack of access controls for repositories that contain source code just as they are locked in a battle of wits and a highly publicized lawsuit about an acquisition gone awry.

The software supply chain has become one of the biggest attack vectors. Attackers will find any means to access the repositories where source code is stored. Additionally, software today is often built via a combination of internally developed code, open source code or third-party developed code. All this code generally resides in git repositories.

These repositories also contain Infrastructure as code and git configuration rules to make it easier for developers to move their code down the CI/CD development pipeline. Individuals with unauthorized access to these repositories may not be seeking to pilfer code. They may be after something far more sinister.

While everyone is concerned about source code being stolen by individuals with unauthorized access, the real danger is that the code can divulge a blueprint of the application architecture. Where critical information is stored and what other resources are being leveraged. This information can be used to mount devastating asynchronous attacks that result in the exfiltration of large volumes of PII or cause debilitating operational disruptions.

In an article published by Wired magazine on August 23, 2022, the author notes, Al Sutton, cofounder and chief technology officer of Snapp Automotive, was a Twitter staff software engineer from August 2020 to February 2021.

The article also carried a tweet from Al Sutton himself which stated, An aspect Ive not seen discussed much about my long-past-leaving membership of the Twitter GitHub group, is that it left me with access to the private and public membership list of the group which could have been used as a social engineering starter list (33 public, 267 private).

The Wired article further mentions that Twitter never removed him from the employee GitHub group that can submit software changes to code the company manages on the development platform. Sutton had access to private repositories for 18 months after being let go from the company.

Access to repositories by developers and operations teams is a key tenet to developing a more comprehensive view of code security. In order to understand risk from code, BluBracket believes that enterprise teams must seek answers to three key questions:

What high risk content is present in your code?

Who has access to your code?

Where is your code going?

It is clear from above that unmonitored access to code repos can lead to both external and insider threat. Malicious code can be introduced into repositories and become a threat to the organizations most critical assets.

In addition to identifying exposed secrets like passwords, credentials and API tokens in source code, BluBracket enforces policies for trusted access to repositories. BluBracket also monitors developer access to repositories with built-in support for single sign-on (SSO) and multi-factor authentication (MFA).

BluBrackets solutions help developer and application security teams Identify who has access to what, calling out the best-practice configuration of everything from git hooks to branch protection rules helps guide teams to continuous improvement and ongoing operational security. When teams know they can automatically and continuously audit access, theyre both more productive because they can more easily grant access, and more secure because they have tools to revoke access when employees roles change, they leave or are terminated.

For more information on the BluBracket code security solution, please visit https://blubracket.com/products/enterprise-edition/

To get started for free with BluBracket please visit https://blubracket.com/contact/get-started/

*** This is a Security Bloggers Network syndicated blog from BluBracket: Code Security & Secret Detection authored by Pan Kamal. Read the original post at: https://blubracket.com/how-unauthorized-access-to-git-became-a-big-headache-for-twitter/

Read the original post:

How unauthorized access to Git became a big headache for Twitter - Security Boulevard

Dylan Field, co-founder and CEO of Figma, speaks at the startup's Config conference in San Francisco on May 10, 2022.

Figma

Microsoft and Adobe have been friendly bedfellows for decades. Microsoft's dominant PC operating system has been the gateway for Adobe to reach millions of business users with its design software.

The companies' CEOs even attended the same high school in India, and both moved to the U.S. in the 1980s for graduate school in computer science. They share a common bond over the successful transition from desktop software to the cloud.

But inside Microsoft, an emerging challenge to Adobe is catching fire and raising questions about the future of one of the tech industry's most intimate relationships.

Figma, a San Francisco-based startup that celebrated its 10th anniversary in August, is being used by tens of thousands of employees inside Microsoft and, for many, is at the heart of their daily work. The number of users has steadily increased in recent years, though neither company will say how many of them are editors with paid accounts.

The cloud-based design software came in the door in 2016, when Microsoft acquired mobile app development platform Xamarin and brought in a 350-person team that, months after the deal closed, would become Figma power users. The product has since become so central to how Microsoft's designers do their jobs that Jon Friedman, corporate vice president of design and research, said Figma is "like air and water for us." It's also used by engineers, marketers and data scientists across Microsoft.

"Figma's become, I would say, sort of the No. 1 common tool we use to collaborate across all of the design community in the community and beyond," said Friedman, who's worked at Microsoft for over 18 years. It's "really great at helping us collaborate at scale, and at global scale. I can collaborate with teams we have in India, China, Europe, Israel and Africa."

Venture investors have been all in on the growth.

In June 2021, during the heyday of mega financings, Figma was valued at $10 billion in a funding round that included participation from Morgan Stanley's Counterpoint Global. That was before the 2022 market plunge sent many cloud stocks down by more than half and largely halted pre-IPO rounds.

Figma hasn't announced plans for a stock market debut, and shareholders aren't pressing for one anytime soon, in large part because the market for new offerings has dried up this year.

The company, backed by the likes of Index Ventures, Greylock Partners and Kleiner Perkins, now has the size and growth trajectory to land solidly on the radar of public investors. Annualized recurring revenue has more than doubled in consecutive years and is poised to top $400 million in 2022, according to people with knowledge of the company's financials who asked not to be named because the numbers are confidential. Figma's workforce has swelled to 800.

While Microsoft has served as a growth driver for Figma, spending millions a year on its deployment, the company's software has also taken off at Google, Oracle and Salesforce, where it started small and grew organically as fans touted it to their colleagues. Other customers include Airbnb, Dropbox, Herman Miller, Stripe and Twitter.

After Figma founder and CEO Dylan Field tweeted earlier this month about the company turning 10 years old, he received flattering responses from Salesforce co-CEO Bret Taylor and Atlassian co-CEO Mike Cannon-Brookes. Taylor started his response with, "I [heart emoji] Figma."

For Figma, getting traction inside big companies, particularly within Microsoft, has required going head-to-head with Adobe's competing XD program, and winning its fair share of deals. That doesn't mean the market has completely flipped, or that Adobe is being fully supplanted.

"We're still heavy on Adobe Illustrator, Photoshop and XD," Friedman said.

Adobe and Microsoft have worked together for more than two decades. In addition to Adobe gaining ubiquity by distributing across Windows machines, the two companies have been syncing their products in desktop, cloud and mobile computing, with over 50 integrations listed on Microsoft's website.

Penetrating that alliance has not always been smooth for Figma. In 2016, Microsoft acquired Sunrise, a startup with a popular calendar app. The Sunrise team relied on Figma and continued to use it after the deal closed.

Sunrise co-founder Jeremy Le Van said his employees were among the lucky ones at Microsoft. He said some Microsoft staffers weren't able to use Figma because of the business relationship with Adobe and were stuck using products such as Photoshop and XD. Despite executive resistance in certain departments, some designers snuck out of the Adobe ecosystem to use Figma anyway, said Le Van, who stayed on as a design director at Microsoft until 2018.

Friedman said he wasn't aware of examples of Figma being shut out. "We have a great relationship with Adobe as well and love their products for many use cases at Microsoft," he said.

The same year of the Sunrise deal, Adobe said it would make Microsoft's Azure its preferred cloud for Creative Cloud, as well as the Marketing Cloud and Document Cloud. To mark the occasion, Microsoft CEO Satya Nadella and Adobe CEO Shantanu Narayen, who both went to high school at India's Hyderabad Public School, appeared at Microsoft's Ignite conference for IT professionals under a banner declaring that Adobe loves Azure.

Figma's collaborative capabilities are central to its popularity. Multiple editors of a document can see one another working in real time, and non-editors can view designs and leave comments. Companies pay for Figma based on the number of editors they have for their files.

"Any designer, product manager or engineer can jump in and see the design system at play in any particular product," Friedman said.

Last week, Figma released a version of its service that people can use in Microsoft's Teams communication app, removing the need to open a browser tab.

"We both wanted it," said Field, who started Figma after scoring a Thiel Fellowship, which came with a $100,000 grant from venture investor Peter Thiel on the condition that he drop out of college (Brown University) and pursue a new project.

The Teams integration is a tool that benefits any user of Microsoft products, not just employees. Adobe, which offers Teams apps for Acrobat and Creative Cloud, knows all about the power of tying into the Microsoft ecosystem. It's been a big part of the company's success in its 40-year run up to almost $17 billion in annual revenue.

Figma had to start small. Like many organizations, Microsoft began using it for free. Today, a customer can pay Figma each month based on the number of people who make changes to files, while a more limited version of the service is available at no cost.

In 2017, a year after the Xamarin acquisition, Field hosted Friedman at his company's San Francisco headquarters. Field says he remembers asking Friedman why Microsoft didn't want to keep using the free version of Figma.

"'Look, we're all worried you're going to die as a company," Field recalled Friedman telling him. "We can't spread it inside Microsoft as a company even though we like it, because you're not charging."

It wasn't just about keeping Figma alive. As a big-spending customer, Microsoft was in position to start asking for more features.

A workspace inside Building 21 at the Microsoft campus in Redmond, Washington, on March 3, 2022. Microsoft Corp. has begun calling employees back to its headquarters in recent weeks, but its return-to-office strategy hinges on hybrid work.

Chona Kasinger | Bloomberg | Getty Images

Field said Microsoft's feedback led to several improvements. For example, Figma engineers worked to make it easier to move from screen to screen in a single Figma file. The company also added support for input from Xbox game controllers and made prototype previews work faster on mobile devices.

Ultimately, Microsoft's requests helped Figma develop its top-tier enterprise plan, Field said, adding to the free version and paid monthly premium packages that range from $12 to $45 per editor per month. The enterprise package runs at $75 per editor and includes dedicated account managers and advanced password management.

Vclav Vanura remembers when things were very different.

Vanura was a senior designer at Xamarin, whose software helped companies build Android and iOS apps with Microsoft's C# programming language.

When Figma announced its launch in late 2015, Vanura was impressed with the company's idea for shared design component libraries. He signed up for a preview release and received access in the summer of 2016. He encouraged his colleagues to jump on board, starting with David Siegel, Xamarin's head of design.

Vanura and Siegel encountered snags while sharing files from design competitor Sketch. After one Xamarin employee uploaded a file to a Dropbox folder, their teammates sometimes struggled to get it running on their computers, either because they didn't have the right fonts installed or because they had different versions of the software.

Unlike Sketch, which was only available on MacOS, Figma was on the browser. That meant fewer sharing issues. You grant others access by copying a link or entering their email addresses, just like in Google Docs. But performance was a problem.

Vanura made complex designs in Figma, causing the software to slow down, freeze and crash. The Xamarin workers sent Vanura's files to Figma engineers, who made Figma speedier and more stable.

In 2017, Vanura flew from the Czech Republic, where he lives, to Seattle, and then made the short trek to Microsoft's headquarters in Redmond. He took the opportunity to show Figma to his team, many of whom were accustomed to working in Photoshop and Illustrator.

"It was amazing. It was like watching Formula 1," Vanura said. "There were so many mouse pointers on the screen, and everybody designed something, even if it meant they were pasting GIFs or drawing rectangles. All of them were so blown away. I think that was the moment these people figured out this was a huge time saver."

Siegel, who had become Microsoft's head of design for developer services, wanted to get the word out more broadly that Microsoft was evolving and wasn't stuck to its old isolated ways. In 2018, he posted a manifesto of sorts online.

"We use PCs, Macs, Figma, Sketch, GitHub, JavaScript, ZEIT, and other modern tools to design, prototype, and build the future of software development," Siegel wrote on Xamarin's website. There was a link to a Figma file that Microsoft employees could open.

The website reached the front page of Hacker News, a discussion board for software developers.

"This is some incredible self-awareness," one commenter wrote.

Soon after, Benedikt Lehnert, a Microsoft product design director, told Friedman that the company needed everyone on the same program, whether it was Figma or XD. Microsoft chose Figma, Lehnert said.

Scott Belsky, chief product officer and executive vice president for Creative Cloud at Adobe and then a venture partner at Benchmark, speaks onstage at the TechCrunch Disrupt conference in San Francisco on Sept. 13, 2016.

Steve Jennings | TechCrunch | Getty Images

Vanura said that at Microsoft, "Figma spread across the company so fast that I don't think Adobe was even able to catch up."

Figma isn't shy about going up against an industry heavyweight. On its website, Figma says, "Dont sync to the cloud with Adobe XD. Work in the cloud withFigma." It asserts that designers are moving away from Adobe's Creative Cloud bundle, the product that accounts for 59% of Adobe's revenue.

in 2020, Adobe added Figma to the list of competitors it publishes in its annual report.

Analysts have raised questions about Figma to Adobe executives on at least three occasions this year. Alex Zukin of Wolfe Research asked during a January fireside chat with Adobe executives Scott Belsky and David Wadhwani if Figma was taking market share.

Belsky, Adobe's product chief and executive vice president for Creative Cloud, didn't answer the question directly. But he acknowledged that venture capitalists have been funneling money into the space.

"ItisexcitingthatVCsseethesamethingwe're seeing," Belsky said. "Five-plus years ago, you didn't see any material dollarsgoingintothecreativetools.Ithinknoweveryoneseesthat."

Belsky said Adobe can take advantage of an opportunity to bring Creative Cloud to the web, which it's done for Illustrator and Photoshop but not XD, a product that was launched in preview in 2016.

An Adobe spokesperson declined to talk about plans for a web version of XD, and said the company will talk about plans for Creative Cloud at its Max conference in October.

"We do not see an impact to the Photoshop business resulting from players in the product design category," the spokesperson said. "We developed and have evolved Adobe XD to address the needs of our core design customers, who are designing marketing experiences for screens, rather than the distinct category of product design and development."

Still, the pressure on Adobe is intensifying.

In the past three months, Figma's app for iOS devices has consistently ranked above Adobe XD in the graphics and design section of Apple's App Store, according to figures from Data.ai, formerly known as App Annie.

Wells Fargo analyst Michael Turrin said Figma has potential to expand.

"What Figma is trying to create is more of a broader platform that could become more of a system of record within this market, and that's why I think this could become more important," he said.

Figma isn't the only upstart in the space making waves. An open-source alternative called Penpot, which can automatically generate the underlying source code for designs people make in the software, is also gaining momentum.

Microsoft employees are using Penpot and have contributed to it, said Pablo Ruiz-Muzquiz, who co-founded the project. Of the people who test Penpot, almost 20% are coming from Figma, he said.

Penpot's code lives on GitHub, which Microsoft owns, under an open-source license, allowing people to download the code, modify it and run it on their own servers. That's not true of Figma, which keeps its own source code private.

But Figma is evolving. One job description suggests Figma is considering a significant update to its iPad app that would provide a space to make new designs and not just view or share them.

And Figma has been busy expanding its executive ranks. In June, the company promoted Praveer Melwani, its head of business operations and finance, to the finance chief position. The next month, former Deutsche Bank and Goldman Sachs executive Kate DeLeo joined Figma as vice president of investor relations and business operations.

As the company marches toward an eventual introduction to Wall Street, getting more out of its relationship with Microsoft presents an opportunity for growth. Expanding the number of ways Figma gets used is one avenue.

"It works great as a presentation tool," Friedman said.

Figma probably won't ever replace Microsoft's homegrown PowerPoint software or Adobe's PDF format, but Field said his product boasts distinct advantages. For one, Figma avoids the problem of the non-stop back-and-forth emailing of a presentation by letting people simply share a link. A Microsoft spokesperson said PowerPoint users can also use links to send documents.

"I'd be surprised if there's no salespeople at Microsoft that use it. My guess is there's some," Field said, regarding Figma. "Is it significant? No, probably not."

Not yet, anyway.

WATCH: Adobe CEO reacts to Q1 earnings: Our fundamentals continue to be extremely strong

See the article here:

Microsoft employees love Figma, and it's testing the company's cozy relationship with Adobe - CNBC

This site may earn affiliate commissions from the links on this page. Terms of use.

Google added support for 64-bit Android apps back in 2014 with the launch of Android 5.0 Lollipop, but it has continued to offer tacit support for 32-bit apps ever since. The end of the 32-bit era may be coming soon, though. Hints in the Android 13 source code show that Googles upcoming Pixel Tablet may be the first Android hardware to specifically disallow 32-bit apps, and the next version of Android may do the same.

At the dawn of the smartphone era, the apps on Android, iOS, and dearly departed platforms like webOS were all 32-bit. We didnt even have 64-bit hardware support on smartphones until the ARM v8 architecture arrived in 2011. Slowly but surely, developers have moved to 64-bit apps, leaving some 32-bit software in the dust. There are still plenty of these abandoned apps lurking in the Play Store, but maybe not for long.

Android is an open-source project, so the release of Android 13 earlier this week also came with a big dump of code. Hidden inside are a few commits that may reveal Googles app plans. One comment mentions a device called Tangor, which is the code name for Googles upcoming Pixel Tablet. Move tangor to 64-bit only, it reads. If indicative of the final device, this would make it the first known Android device to disallow loading 32-bit apps.

Another commit talks about ARM v9 CPU cores, which are the latest revision in chips like the Snapdragon 8 Gen 1. The code discusses a test to verify devices only execute 64-bit code, but this only applies to Android U. If Google continues with the pattern it has used so far, that means Android 14 could drop support for 32-bit apps entirely when it launches in about a year.

A 64-bit app is more efficient and improves memory usage, which is why both Android and iOS have worked so hard to prod developers to make the change. Apple dropped 32-bit support entirely several years ago, and now it looks like Google is doing the same. And not a moment too soon.

The move to eliminate 32-bit apps should not come as a surprise. The latest high-end smartphone processors, like the Snapdragon 8 Gen 1, only have three CPU cores that are even capable of executing 32-bit apps. Apps developed in Java or Kotlin for Android are already 64-bit, and Google started to require native 32-bit apps to include a 64-bit package in 2019. Thus, the only apps in the Play Store that are only 32-bit are those that havent been updated in several years. Perhaps not coincidentally, Google recently announced plans to hide old, abandoned apps in the Play Store.

Now read:

View original post here:

Android 13 Source Code Hints at 64-bit Only Apps Starting in 2023 - ExtremeTech