Eric Munson/THE REVIEWOn Sept. 15, the Delaware Division of Public Health (DPH) released a new coronavirus contact tracing app called COVID Alert DE.

BY ERIC MUNSONAssociate News Editor

On Sept. 15, the Delaware Division of Public Health (DPH) released a new coronavirus contact tracing app called COVID Alert DE.

In an email statement to The Review, Jennifer Brestel, the chair of community relations for DPH, said that COVID Alert DE is a free anonymous exposure notification mobile app.

The app is available to everyone 18 and older with an apple [sic] or android [sic] phone, who lives, works or goes to college in Delaware, Brestel said in the statement.

According to a press release from the Office of the Governor, the app does not collect personal information or GPS location data to track its users. However, COVID Alert DE uses Bluetooth Low Energy technology, which allows phones with the app to recognize when it is near other phones also running the application.

Users of COVID Alert DE may receive an exposure notification if they were in close proximity of someone who tested positive for COVID-19, and also has the app downloaded on their phone, the press release reads. Close proximity is defined as within six feet for 15 minutes or more.

The app was created by NearForm, an Irish software developer headquartered in the small seaside town of Tramore, located in County Waterford, Ireland.

In an email statement to The Review, Colm Harte, the technical director of NearForm, said the company specializes in globally accelerated solution delivery for the likes of Cond Nast, IBM and EY [Ernst & Young].

Harte said that NearForm was approached by the Irish government to create a contact tracing app for the Health Service Executive, Irelands public health authority. The prototype of the app was completed within 10 days of the request.

According to Harte, the Irish version of the app was launched on July 7 and 25% of the population downloaded it within the first 36 hours. The download rate continues to climb.

The success of the app led NearForm to create similar apps for Northern Ireland, Scotland, the Island of Jersey and Gibraltar. 22% of Scottish people downloaded the app within the first week, Harte said.

In the US we have engaged with a number of states, including Delaware and Pennsylvania, who have seen the success of the app in Ireland and parts of the UK, Harte said in the statement.

Harte said COVID Alert DE is interoperable between Delaware and Pennsylvania, meaning the app still works when crossing state borders. Harte also said that 70,000 Pennsylvanians have already downloaded it. The Irish version is also interoperable with Northern Ireland, as people frequently travel between the two, Harte went on to say.

Making these apps interoperable with as many other states as possible will provide people with an additional layer of protection as they travel to work and to visit family, Harte said in the statement. We are also working on a wider European interoperability project.

Harte said that what makes the app unique is its privacy technology in that all the code is open-source and eligible for peer review. The source code is currently catalogued by the Linux Foundation Public Health, under the code name COVID Green. Harte said that this allows others to see how the code works and to demonstrate its privacy first approach.

According to Harte, when two phones with the app are in a close proximity for 15 minutes or more they exchange a digital handshake or anonymous keys.

If the user of one of those phones later tests positive for COVID-19 the public health authority will ask them if they have the app, and if they are willing to upload a random six-digit code to anonymously notify those apps they have exchanged anonymous keys with, Harte said in the statement. The important thing to note is that it is all completely private and voluntary. The app doesnt know who you are, and doesnt use GPS or track your location.

According to Harte, the app stores this data for 14 days, after which it is automatically deleted. He said this can help to notify those that are unable to remember being in contact with someone, especially someone they do not know.

Harte also said that the app is fully customizable end-to-end so that different states and countries are able to tailor language, information, look and feel to be consistent with the needs of their citizens. The app can also be easily integrated into manual contact tracing systems thanks to its one-time verification code.

The app puts the power in peoples hands to join the fight against the spread of COVID-19, and to protect themselves and their loved ones, Harte said in the statement. Once the app is deployed it starts working to break transmission chains immediately. The more people who download the app the better.

Harte cited a recent report from the University of Oxford showing that a 15% uptake of contact tracing apps can help reduce Covid-19 infections.

Dr. Karyl Rattay, the director of the DPH, said that the app complements [the DPHs] contact tracing efforts.

This is a crisis, Rattay said. None of us have ever seen over 200,000 individuals in our country die from [an] infection.

According to Rattay, Delaware has seen an increase in COVID-19 cases. As of the publication of this article there are almost 20,000 cases.

Over the last couple of weeks we have seen more significant increases that we had previously, Rattay said. A number of those cases are related to University of Delaware students, but were also seeing increased cases in other areas of Delaware as well.

According to the State of Delawares Coronavirus (COVID-19) Data Dashboard, of the 19,625 total named contacts, 11,478 have been reached by contact tracers at a rate of 58%. Of the 11,478 contacted, 2,697 are cases with known exposure to another case, a rate of 26%. This works out to an average of 3.0 contacts per case. This data goes all the way back to June 27.

Rattay said that some major issues with contact tracing are remembering names, the length of contact, exact timeframes and whether the people are strangers or not. This makes contact tracers jobs harder as they are unable to use the typical contact tracing methods.

Rattay reiterated Hartes statement about giving citizens responsibility to help prevent the spread of coronavirus.

So this [app] really puts the power in the hands of the citizens to know if they have possibly been exposed from an infected individual and then take the necessary steps to protect themselves from the spread of infection, Rattay said.

According to Rattay, the DPHs contact tracing program began in May and became permanent in late June. She said that when somebody tests positive, the contact tracers call each and every individual who may have been exposed from them.

Its an incredibly important tool, not just for us to know who they may have spread it to, but also to better understand how its spreading in the community, Rattay said.

Rattay affirmed that the primary focus of the app is information and communication, especially since there is not a vaccine available at the moment.

Rattay said that since the app is completely anonymous, the DPH has no way of knowing who you are, where you are, [or] what your behaviors are, but it gives people knowledge of what they need to do such as quarantining, social distancing and getting tested.

Rattay believes that the app will be helpful in the long-run especially when dealing with future respiratory illnesses and pandemics.

We may very well begin to use this more for other infections to better understand if youve been exposed in the future, Rattay said. I think its an exciting breakthrough for public health to be able to use technology like this.

Rattay said that whether we want to or not everybody has a role to play in preventing the spread of the coronavirus. She implored people to answer the phone when they get a call from a contact tracer.

When all it takes is just answering the phone so that youre informed about whether or not you might be infectious, and how best to address the situation, its really all of our responsibility, Rattay said.

See original here:

Delaware releases new contact tracing app to help control virus's spread The Review - University of Delaware Review

SAN FRANCISCO, Sept. 29, 2020 /PRNewswire/ --Coiled, the modern solution for seamlessly scaling data science, machine learning, and AI in Python, today announced it has raised a $5 million Seed round co-led by Costanoa Ventures and IA Ventures, with other backers including Kaggle co-founders, Anthony Goldbloom and Ben Hamner, and Techammer, spearheaded by Cloudera co-founder, Jeff Hammerbacher.

Coiled boasts an impressive and reputable leadership team including CEO and Founder Matthew Rocklin, who is best known for creating Dask, as well as Hugo Bowne-Anderson and Rami Chowdhury, both of whom are long-time leaders in the open-source community.

Dask has become the leading Python way to natively scale out open-source technology, including:

But up to now, the open-source software ecosystem did not provide the tools for enterprises to do Dask work in a secure, collaborative way. That is why Rocklin started Coiled--to enable existing Python workflows for data science and machine learning to scale in a way that works better for enterprises. Coiled's initial product will:

"As data science goes from prototyping to production, it's crucial to be able to scale workloads. Dask (and Coiled) allow data scientists to scale using workloads using the libraries they know and love. That's why I'm excited to be an investor in Coiled."

-Anthony Goldbloom, CEO and Cofounder of Kaggle

**************************************************

"I'm excited to see the Dask community growing with Coiled building products around this essential scaling technology. I was so proud to be associated with the creation of Dask at Anaconda that arose from our broad efforts to scale the PyData community. At Quansight and OpenTeams, we look forward to partnering with Coiled to ensure Dask continues to grow as a trusted backbone for scaling data science and machine learning workflows."

-Travis Oliphant, Creator of SciPy, NumPy, and Numba

**************************************************

"The Coiled team are world experts in scaling Python and are deeply aware of the pain points data scientists face everyday. It has been a pleasure

collaborating with Matt and Dask developers in recent years in our work on Apache Arrow, and we're excited for what's up next for this open source ecosystem."

-Wes McKinney, creator of Pandas and Apache Arrow

**************************************************

"There is a huge gap between tools that data scientists love and those that are fit for the enterprise. Coiled brings these two together and will be the crucial connective tissue that enables organizations to do productive data science at scale."

-Tony Liu, Senior Associate at Costanoa Ventures

**************************************************

"It's rare to get the caliber team that founded the original open source project to lead it's commercialization for enterprises. Matt Rocklin knows exactly what needs to be done and has the credibility with the PyData community to make Coiled a great company."

-Greg Sands, Managing Partner at Costanoa Ventures

**************************************************

"When Matt originally developed Dask as an open-source project, his vision was to enable every data scientist to scale their python code. Today, it is relied on by tens of thousands of users globally. Coiled builds on this framework to provide a complete solution for individuals and enterprises alike to simply and seamlessly scale their machine learning code and data from local workstations to data centers, traditional clouds, and even GPU clusters. Coiled's rapid ascent is impressive and we at IA are thrilled to be partnering with the team on this journey."

-Brad Gillespie, General Partner , IA Ventures

About Coiled

Founded by the creator of Dask, Coiled products ensure that data infrastructure scales at maximum speed, minimum cost, and with the Python tools data scientists already use. Coiled makes it easy for teams and organizations to collaborate and ensures reproducibility with data of any size and simplifies working in the cloud. Coiled's team has helped scale data work from workstations and laptops to compute clusters and GPUs using Dask. These Dask projects range from machine learning and ETL pipelines to demand forecasting and statistical modelingfor Barclays, Capital One, Harvard Medical School, Los Alamos National Labs, Novartis, USGS, Walmart, Grubhub, and more. To learn more, please visit https://coiled.io/.

SOURCE Costanoa Ventures

http://www.costanoavc.com

Read more:

Coiled Announces $5M Seed Funding to Meet the Needs of Modern Data Teams - PRNewswire

Remember when being digital-first or pure play was a thing? Operating online gave a brands cache, reach, flexibility and saved a hell of a lot on rental costs. Digital touchpoints allowed consumers to engage as and when they pleased with brands, and brands could adapt their communications and front-end accordingly. This was all thanks to teams of developers coding away. The complexity and often cumbersome nature of their work created the illusion of sleek, responsive websites and straightforward consumer experiences

And then Covid-19 happened. Retail community Bazaarvoice Network registered a 25 percent increase in page views of members sites in March 2020 vs March 2019. In the same month, registrations to use the NHS App increased by 111 percent. Netflix added a record 15.77 million paid subscribers globally in the first quarter. We headed online in our droves, in order to access essential services just as much as we did to enjoy housebound entertainment. Suddenly, what had appeared in the past to be an enjoyable or passable engagement with a brand, was under intense scrutiny. Brands were under pressure to deliver strong, engaging customer experiences at speed. This burden fell on teams of already stretched developers, many of whom were also tasked with design and content tasks, and who were under-resourced for the level of work needed.

Brands now have to have an online presence and offer online services. These have to be accessible, relevant, continuously updated and consistent across channels. Businesses have to be quick on their feet, spin up new apps and websites, launch new services. If they cant, theyll quickly fall to a competitor capable of offering the kind of joined up, seamless experience customers either want (Netflix et al) or desperately need (education, healthcare, benefits, food!). Of course, weve had the dotcom boom and social engagement phenomenon and digital disruption. But its the onset of the pandemic, the subsequent lockdown, and now the worlds gradual re-emergence that has been the real catalyst for digitalization.

Its not over yet, either. To say the state of play for many global industries is volatile is somewhat of an understatement. While some sectors are opening up (travel, hospitality, education), many are just as quickly being forced to shut down (travel, hospitality, education).

When we couldnt travel abroad, we sought the staycation. Between 1 January to 24 February booking site Independent Cottages, for instance, saw an average 40 percent jump in web visitors compared with 2019. Then Europe opened: Spain-holiday.com, the third biggest holiday rental site in the country, reported a report-breaking day of site visits. Following the UK governments travel announcement at the end of July, however, one can imagine the brands web traffic looks somewhat different.

Almost all sectors face the ongoing threat of restrictions tightening again. New health and safety regulations, changes to employment laws, personal finance and benefits, and localized messaging are all changing rapidly. Yet in the midst of this turbulence, consumers expect the same streamlined experiences and brand interactions that theyve become accustomed to.

Being digital-first or pure-play is no longer a niche and innovative thing. Its a pre-requisite for businesses, public services, and governments. Developers are a critical part of this, equipped with the technical skill needed to create digital experiences. However, the need for every business and every one to digitalize has prompted a rise in DIY platform-building tools. Adopting tools like Wix and Squarespace have helped to democratize the web, allowing non-developer users to create and rapidly update websites using simple drag and drop tools. The downside? Its not just the tools that are simple: the websites themselves are pretty basic too.

These websites also lack the control and governance tools required to manage their creation and operation. Without these tools build into a development platform, brands risk jeopardizing the security of website users and their data. Basic tools lack the roles and permissions features which enable developers, designers, marketers and agencies to have access to specific sites, components, and design elements. In absence of these, the situation is a free-for-all, with the risk of sites being created that dont meet a brands security or brand identity guidelines.

At the other end of the scale are larger enterprises using different - but equally unfit-for-purpose - tools and approaches to website creation. Developers are still coding and play a crucial role in developing these websites and ensuring engaging user experiences, but at the same time they are tasked with doing design and content creation work. This is frustrating for many and an inefficient use of talent and resources by businesses. Having to do the latter two tasks means developers have less time to do coding work.

Businesses do need the ability to democratize technology and roles. But they also need to retain the ability to still set guardrails around brand, security, workflow and so on.

Fortunately the Wix way isnt the only way. The development of basic no-code tools for consumers and SMEs revolutionized small-scale web development. Now, the sophistication of enterprise-level is extending these benefits across the entire business ecosystem. Organizations can digitalize at pace, adapt websites quickly and easily, scale to support fluctuations in web demand, edit and add content and launch new digital services.

Low-code tools feature visual interfaces much like the drag-and-drop style of basic solutions with the technology behind the platforms doing the hard graft of converting this into robust code. Templates can be created via a component-based design system that serves as a kind of pattern library for a team. Users can then create new content using the components from the library.

This doesnt mean that developers will be out of a job though; quite the reverse. As more (non-technical) team members are empowered to create and edit websites themselves, developers can concentrate their time and effort on more complex, value-add tasks. After all, its these kinds of problem-solving tasks (versus updating content and design work) that drew many to coding roles in the first place.

Low-code is also gaining ground due to the investment and backing of some of the biggest names in the game. Google and Amazon now offer various low-code tools, and were recently joined in the space by AWS with its launch of Honeycode, a managed service that allows users to build mobile and web apps.

The traditional ways of working with developer bottlenecks means that larger companies often deliver at the speed of their technology infrastructure. Adopting enterprise-grade platforms that democratize tasks means that even larger companies can move at the speed of their customers. This is crucial when events like Covid mean that customer behavior and expectation are changing every day.

Open platforms are now giving IT teams the power to do more with less by providing enterprise functionality, easy-to-use web components and low-code site-building solutions that let teams re-assemble digital experiences as required without the burden of a total replatforming. Backed by open-source technologies, low-code tools are the future, opening up the market to all businesses and services to digitalize on-demand. And its just as well: delivering superior online customer experiences in this way will be a critical factor in business prosperity post-Covid.

Drew Griffiths, Cohesion CEO, Acquia

Continued here:

Opening digitalization to all with low-code open source approaches - ITProPortal

What does FOSS in Its FOSS mean? What is FOSS?

I have been asked this question numerous time in the past. It was about time that I explained what is FOSS in Linux and the software world.

The distinction is important because FOSS is a generic world and it could mean different depending on the context. Here, I am discussing the FOSS principle in software.

FOSS means Free and Open Source Software. It doesnt mean software is free of cost. It means that source code of the software is open for all and anyone is free to use, study and modify the code. This principle allows other people to contribute to the development and improvement of a software like a community.

In the 60s and 70s, computers were hardware focused and the hardware were expensive. They were mainly used by academics in universities or researchers in labs. The limited amount of software used to come for free or with their source code and the users were allowed to modify the source code to suit their need.

In the late 70s and early 80s, the manufacturers stopped distributing source code in an attempt to not let their software run on their competitors computers.

This restrictive licensing led to the inconvenience and dislike of peoplewho were used to and fond of modifying software. In the mid 80s, Richard Stallman started the Free Software Movement.

Stallman specified four essential fundamental freedom for a software to be Free and Open Source Software.

I am rephrasing them for easier understanding:

If interested, I would advise reading this article on the history of FOSS.

As you may have noticed, the free in Free and Open Source Software doesnt mean it is free of cost. It means freedom to run, modify and distribute the software.

People often wrongly think that FOSS or Open Source software cannot have a price tag. This is not correct.

Most Free and Open Source Software are available free of cost because of a number of reasons:

To avoid the emphasis on free some people use the term FLOSS. FLOSS stands for Free and Libre Open Source Software. The world libre (meaning freedom) is different than gartuit/gratis (free of cost).

Free as in free speech, not free as in free beer.

It is a myth that open source projects dont make money. Red Hat was the first open source company to reach the billion dollars mark. IBM bought Red Hat for $34 billion. There are many such examples.

Many open source projects, specially the ones in the enterprise sectors, offer support and enterprise oriented features for a fee. This is main business model for Red Hat, SUSE Linux and more such projects.

Some open source projects like Discourse, WordPress offer hosted instance of their software for a premium fee.

Many open source projects, specially the desktop applications, rely on donations. VLC, GIMP, Inkscape and other such open source software fell in this category. There are ways to fund open-source programs but usually, youll find donation links on project websites.

Making money with open source software may be difficult but it is not entirely impossible.

This is a valid question. You are not a software developer, just a regular computer user. Even if the source code of the software is available, you wont understand how the program works.

Thats fine. You wont understand it but someone with the necessary skill sets will and thats what matter.

Think of this way. Perhaps you wont understand a complicated legal document. But if you have the freedom to look at the document and keep a copy of it, you can consult someone who can check the document for legal pitfalls.

In other words, open source software has transparency.

Youll often come across terms FOSS and open source. They are often used interchangeably.

Are they the same thing? It is difficult to answer in yes and no.

You see, the term free in FOSS is confusing for many as people incorrectly assume that it as free of cost. Enterprise executives, higher ups and decision makers tend to focus on free in Free and Open Source. Since they are business people focused on making money for their company, the term free works as deterrence in adopting the FOSS principles.

This is why a new organization named Open Source Initiative was created in the mid 90s. They removed the Free from Free and Open Source Software and created their own definition of open source. and their own set of licenses.

The term open source got quite popular specially in the software industry. The executives are more comfortable with Open Source. The adoption of open source grew rapidly and I believe removal of free term did play a role here.

Got questions?

This As I explained in the article what is Linux Distribution, the FOSS/open source concept played a big role in the development and popularity of Linux.

I tried to explain the concept of FOSS and open source in simpler terms in this jargon buster article. I have tried to avoid going too much in detail or technical accuracies.

I do hope you have a better understanding of this topic now. If you have got questions or suggestions, feel free to leave a comment and continue the discussion there.

Like what you read? Please share it with others.

More:

What is FOSS? What is Open Source? Are They the Same Thing? - It's FOSS

News comes overnight that the Windows XP source code has been leaked. The Verge says they have verified the material as legitimate and that the leak also includes Windows Server 2003 and some DOS and CE code as well. The thing is, it has now been more than six years since Microsoft dropped support for XP, does it really matter if the source code is made public?

As Erin Pinheiro pointed out in her excellent article on the Nintendo IP leak earlier this year (perhaps the best Joe Kim artwork of the year on that one, by the way), legitimate developers cant really make use of leaked code since it opens them up to potential litigation. Microsoft has a formidable legal machine that would surely go after misuse of the code from a leak like this. Erin mentions in her article that just looking at the code is the danger zone for competitors.

Even if other software companies did look at the source code and implement their own improvements without crossing the legal line, how much is there still to gain? Surely companies with this kind of motivation would have reverse engineered the secret sauce of the long dead OS by now, right?

The next thing that comes to mind are the security implications. At the time of writing, statcount pegs Windows XP at a 0.82% market share which is still going to be a very large number of machines. Perhaps a better question to consider is what types of machines are still running it? I didnt find any hard data to answer this question, however there are dedicated machines like MRIs that dont have easy upgrade paths and still use the OS and there is an embedded version of XP that runs on point-of-sale, automated teller machines, set-top boxes, and other long-life hardware that are notorious for not being upgraded by their owners.

From both the whitehat and blackhat side, source code is a boon for chasing down vulnerabilities. Is there more to be gained by cracking the systems or submitting bug fixes? The OS is end of life, however Microsoft has shown that a big enough security threat still warrants a patch like they did with a remote desktop protocol vuln patch in May of 2019. I wonder if any of this code is still used in Windows 10, as that would make it a juicy tool for security researchers.

As for dangerous information in the leak, there have been some private keys found, like the NetMeeting root certificate. But its hard to say how much of a risk keys like this are due to the age of the software. You should stop using NetMeeting for high-security video conferencing if you havent already it was end of life thirteen years ago so theres nothing surprising there.

I think the biggest news with a leak of code like this is the ability to learn from it. Why do people look at the source code of open source projects? Sure, you might be fixing a bug or adding a feature, but a lot times its to see how other coders are doing things. Its the apprenticeship program of the digital age and having source code of long-dead projects both preserves how things were done for later research, and lets the curious superstars of tomorrow hone their skills at the shoulder of the masters.

Why dont companys get out in front of this and publish end-of-life code as open source? This would vouch for the validity of the code. As it stands, how do you verify leaked code acquired from the more dimly lit corners of the Internet? Publishing the official source code for end of life projects preserves the history, something the Internet age has never given much thought to, but we should. Weve heard the company promoting the message that Microsoft loves open source, heres another great chance to show that by releasing the source code since its already out there from this leak. It would be a great step to do so now, and an even better one to take before leaks happen with future end of life products.

This is a pie-in-the-sky idea that we often trot out when we encounter stories of IoT companies that go out of business and brick their hardware on their way out. In those cases, the source code would allow users to roll their own back-end services that no longer exist, but Microsoft would be likely to frown on a LibreWinXP project based on their own code. Its likely that the company still has a few long-term contracts to provide support for entities using XP hardware.

This is Ask Hackaday so we want to know your take on this. When old source code leaks, is it a bad thing? Are there any compelling reasons for keeping the source code from projects that have seen their last sunset a secret? And now that the XP code is out there somewhere, what do you think may come for it? Weigh in below!

Excerpt from:

Ask Hackaday: Is Windows XP Source Code Leak A Bad Thing? - Hackaday

Ever since cofounders Bill Gates and Paul Allen launched Microsoft's first product in 1975, programming languages have been a key part of its strategy to win over customers.

Microsoft's first product was Altair BASIC, used to run the BASIC programming language on Altair computers. Since then, Microsoft has developed several other new programming languages, including Visual Basic, C#, .NET, and TypeScript.

Over the years, building these programming languages has been crucial to bringing more developers to its products, particularly now, as it races against Amazon Web Services and Google in the cloud.

"The most important thing is that as the industry moves, we want to meet developers where they are," corporate vice president of Microsoft's developer division, Julia Liuson,told Business Insider.

While Microsoft has always invested in building these languages, its strategy has changed over time, most prominently through its shift towards developing open source software, as shown in 2012 when it launched TypeScript as a more powerful alternative to JavaScript. While Microsoft previously only built proprietary products, TypeScript was totally open source from its beginning. Today, open-source development is key to growing its cloud.

"Microsoft's investment in languages is good it's steady," VP and principal analyst at Forrester, Jeffrey Hammond, told Business Insider. "They're turning over and investing in modern languages. It's had real benefit to their products. The ability to introduce modern concepts as needed but also embrace concepts from outside the organization is one reason we've seen strong growth of Azure."

Here's how emphasizing language development and changing its tune on open source has helped Microsoft win over developers:

Back when Anders Hejlsberg first joined Microsoft 24 years ago, it was a "very different company," he said. Now a technical fellow in Microsoft's developer division, Hejlsberg has helped the company build three programming languages: Delphi, C#, and TypeScript.

"Lots of people love to work on new programming language innovations, but very few people build a programming language that can attract millions," Microsoft's Liuson said. "Anders has done a hat trick: He has done it three times."

While Microsoft has changed in many ways since Hejlsberg joined for example, the development process was much slower and engineers would release products every two years, rather than on a weekly or monthly cadence like they do one major shift stands out: When Microsoft changed its opinion on open source.

Bill Gates is seen in October 2019. Nicolas Liponne/NurPhoto via Getty

At the beginning, all of Microsoft's products were closed source, and it even actively crusaded against open source software in the 1990s and early 2000s, waging war against open source projects like the operating system Linux. While it gradually began doing some open source work, launching TypeScript in 2012 was a turning point, as it was its first programming language that was open source from the very start.

"I've seen transformation that occurred in the company in the last 5-8 years," Hejlsberg said. "It is truly profound. It is truly a different company. These last eight years have seen so much fun because it is so energizing."

Now, Microsoft has made a complete turnaround. It develops its languages in the open and acquired GitHub, the bustling heart of open-source projects around the world. It even made its own legacy programming languages like C# and .NET (which is used for building Windows applications) available as open source.

GitHub CEO Nat Friedman (left) and Microsoft CEO Satya Nadella (right) Microsoft

With open source development, Microsoft's engineers can easily communicate with the users of the languages to learn what they want. Someone may submit a suggestion through GitHub to fix a bug, and it's possible for an engineer to fix that bug the day of. This was "unheard of in the old days," Hejlsberg says.

"C# is now 20 years old but our development process on C# is every bit active as it always has been," he said. "We're devoted to staying in it in the long term."

Open source also allows developers to build better products faster, Hejlsberg says, as people around the world can contribute to the language remotely. What's more, open source programming languages attracts developers who are sensitive to getting locked into one vendor and want a language that can easily be used on any platform.

"Writing code is the manifestation of the investment you make in your applications," Hejlsberg said. "The code is the artifact that comes out of that. If that code can somehow only function as long as you license with somebody else, that can be problematic. For that reason, there's a strong incentive for developers to view the world through an open-source lens."

Ultimately, the firm's switch to "entirely open source" has been "tremendously important for our accelerated adoption," Hejlsberg said.

Today, JavaScript is the most popular programming language according to GitHub, and it's used to build web applications. As JavaScript continued to grow in popularity, TypeScript emerged as a strong contender for building modern web applications.

"JavaScript programmers wanna write in JavaScript," Hejlsberg said. "Why is it that JavaScript isn't suitable for large scale development? What can we do to fix that but stay in the ethos of the JavaScript community?"

To fix these problems and make a language that's like JavaScript, but more powerful for running large scale applications, Microsoft came up with TypeScript. It's similar to JavaScript and compatible with it, but it also helps developers catch issues and bugs more easily so that their apps run smoothly in web browsers.

And because TypeScript is available as open source, this allowed the language to spread quickly among developers. Today, it's the second most loved programming language, according to the developer Q&A site Stack Overflow.

"I think if you have to look at the modern Microsoft, TypeScript is probably the next big successor to the history of successful Microsoft languages," Forrester's Hammond said.

Hammond only expects TypeScript to keep growing as web technology advances. He says that every time Microsoft designs a new language, it "gets a bit better."

"I think TypeScript is a reflection of that," Hammond said. "In some ways, it's almost like the three bears: Not too firm, not too soft, it's just right."

For Microsoft, it's not just about building its own programming languages. It's also about investing in its developer tools and supporting outside languages as well. For example, Microsoft's Visual Studio Code, a platform for developers to write and edit code, has become the most popular open source project on GitHub.

Read more: Here's why 8.5 million users love Visual Studio Code, the free software that's helping Microsoft win over programmers in the cloud wars with Amazon

Again, all this helps Microsoft lure more developers as customers. And recently, a Gartner report said that Microsoft has the greatest market share of application developer tools.

"Often you'll see someone talk about how wonderful this programming language is and then you discover that the tools are horrible," Hejlsberg said. "Unless you invest both in the language and in the tools, it is very very hard to get growth."

And besides Microsoft languages, the company also supports several other popular programming languages, including Python, C++, Java, Rust, and more. And even though Microsoft didn't build these languages, it still embraces them. Since they are open source, Microsoft can actively contribute to these languages to fix bugs and add new features.

Overall, building and investing in programming languages helps Microsoft bring in more customers. All this has helped accelerate Microsoft's cloud, bolstered by its strong relationships with enterprise customers as well as its investment in attracting developers.

"Azure would be nothing without the interesting applications of developers that run in there," Liuson said. "Having a great set of programming languages and tools to write applications faster and help them deploy Azure will help our cloud strategy."

Relying on open source also let it avoid missing out on any big trends.

"One of the more interesting areas where there might be a weakness from a Microsoft perspective in artificial intelligence," Hammond said. "Python has taken over as the dominant language. While it was not invented at Microsoft, they embrace it strongly."

Not all of Microsoft's languages have become a smash hit. For example, F#, which can be used for app develop, and Q#, which is used for quantum computing, have not yet gained much traction. Still, as quantum computing continues to grow, Q# could become Microsoft's next big language, Hammond says. It, too, is open source.

"Future wise, we are deeply devoted to this continuous journey of investing in open source," Hejlsberg said. "We have gotten much much better and understanding what our customers want because we have this much deeper engaged conversation through the open development process."

Got a tip?Contact this reporter via email atrmchan@businessinsider.com, Signal at646.376.6106,Telegram at @rosaliechan, orTwitter DM at@rosaliechan17. (PR pitches by email only, please.) Other types of secure messaging available upon request.

The rest is here:

Microsoft programming languages and open source help win customers - Business Insider

TikTok just cant seem to catch a break as it faces multifaceted scrutiny from around the world. While the ongoing battle in the United States continues, the ByteDance owned company has now vowed to an Australian government committee that it will open its source code and algorithm for tests and review by government officials. By doing so it hopes to prove its innocence in the matter.

Executives from the companys Australian operations appeared before the committee on Foreign Interference through Social Media, today. In this meeting, they promised to provide the algorithm of the platform for inspection by the committee. TikTok has invited qualified government personnel to its transparency and accountability centers in Los Angeles and Washington or a virtual tour of these centers, to test its source code and review the algorithm.

Roland Cloutier, Global Chief Security Officer at ByteDance said, (It will be) available in a public setting for regulators, governments, commercial entities to come in and to test our code. He further added that TikToks source code is not the same as its Chinese counterpart Douyin, contrary to popular belief.

Governments across the globe are questioning TikToks credibility and its links to the Chinese government, accusing the app of helping the CCP mine users data through the platform. India, the platforms former largest market, has already banned the platform, and prospects in U.S. dont look very good either. Thus, its not very surprising that TikTok is going on a transparency drive

Moreover, to solve this issue of distrust, a deal between TikTok, Oracle and Walmart was brought into the picture, resulting in the formation a new entity, TikTok Global. The new deal would have allowed Oracle to have access to TikToks source code. However, TikTok Global hit a wall when ByteDance and Oracle claimed contradicting views on the ownership of the new TikTok Global. ByteDance said that it will retain a majority in the platform whereas, Oracle claimed that the new TikTok platform will be majorly owned by American firms with zero Chinese interference. Moreover, China has suggested that it wont allow the deal to happen, and now, we are back to square one.

The deal is still not off the table, but it might run into some large delays, if it ever happens in the first place.

See the original post here:

TikTok says it would open its source code and algorithm to an Australian committee for inspection - The Tech Portal

ARMONK, N.Y., Sept. 28, 2020 /PRNewswire/ --Call for Code Founding Partner IBM (NYSE: IBM) and Creator David Clark Cause today announced the top five worldwide finalists for the 2020 Call for Code Global Challenge. Call for Code unites hundreds of thousands of developers to create and deploy applications powered by open source technology that can tackle some of the world's biggest challenges. This year, developers around the globe were asked to create solutions to help communities fight back against climate change and COVID-19.

Now in its third year, the Call for Code global competition has generated more than fifteen thousand solutions built using a combination of open source-powered products and technologies, including Red Hat OpenShift, IBM Cloud, IBM Watson, IBM Blockchain, data from The Weather Company, and APIs from ecosystem partners like HERE Technologies and IntelePeer. Since its launch in 2018, this movement has grown to more than 400,000 developers and problem solvers across 179 nations, reflecting the reality that challenges like climate change and COVID-19 demand solutions that work on the local level, but also have the ability to scale and help any community, anywhere.

"This year of crisis underscores the need for the world's developers and business leaders to apply the power of hybrid cloud, AI and open source technology to address society's most pressing issues," said Bob Lord, Senior Vice President, Cognitive Applications, Blockchain, and Ecosystems, IBM. "For the third year in a row, the developer community has answered the Call for Code in overwhelming numbers, creating extraordinary solutions powered by open source technology. As a leader in open source with a long history of driving tech for good, it is incredibly gratifying for us at IBM to see how the broader tech community continues to come together, unified in purpose to make a tangible difference in the lives of so many."

Call for Code Global Top Five

These five finalists were chosen from an elite group of top solutions from each region of the world:

Each year, the Call for Code Global Prize winner receives $200,000 and hands-on support from IBM, The Linux Foundation, and other partners to expand the open source community around their solution and to deploy their solution in areas of need. This year's grand prize winner will be selected by an elite group of judges, including some of the most eminent leaders in human rights, disaster risk reduction, business, and technology.

Path to Deployment

The IBM Service Corps and technical experts helped incubate and deploy the previous two Global Challenge winning solutions. Last year's Call for Code Global Challenge winning team, Prometeo, created a wearable device that measures carbon monoxide, smoke concentration, humidity, and temperature to monitor firefighter safety in real-time as well as to help improve their health outcomes in the long-term. The solution was incubated and completed its first wildfire field test earlier this year during a controlled burn with the Grups de Refor d'Actuacions Forestals (GRAF) and the Grup d'Emergncies Mdiques (GEM) dels Bombers de la Generalitat de Catalunya near Barcelona, Spain. Prometeo was developed by a team comprising a veteran firefighter, an emergency medical nurse, and three developers.

Project Owl, the winning solution from Call for Code 2018, provides an offline communication infrastructure that gives first responders a simple interface for managing all aspects of a disaster. The physical "clusterduck" network is made of hubs that create a mesh network that can send speech-based communications using conversational systems to a central application. Together with the IBM Service Corps, Project Owl has been piloted across Puerto Rico, focusing on areas that were hit hard by hurricanes.

Both projects, as well as others, continue to be incubated through the Call for Code deployment pipeline.

Call for Code University Edition

This year, IBM partnered with the Clinton Global Initiative University (CGI U) to launch a dedicated University Edition within Call for Code. Together, IBM and CGI U reached more than 53,000 students around the world to help create solutions to fight COVID-19 and climate change. The 2020 Call for Code Challenge University finalists are: Kairos App (Latin America); Lupe (Europe); Pandemap (Asia Pacific); Plant-it (North America); and Rechargd (Asia Pacific). Solutions in the University Edition are competing for a grand prize of $10,000. The grand prize-winning team and runner-up will also receive the opportunity to interview for a potential role at IBM.

"This year, we launched the dedicated University Edition within the Call for Code Global Challenge so university students around the world could apply their learnings from the classroom, life experiences and imagination to tackling climate change and COVID-19 in sustainable, equitable and innovative ways," said Chelsea Clinton, Vice Chair, Clinton Foundation. "These finalist solutions are outstanding, and we look forward to announcing a winner on October 13th."

Growing Ecosystem

Call for Code's growth and success is a product of the unique ecosystem that IBM and David Clark Cause have convened to unite the technology development community with humanitarian organizations ensuring that solutions are robust, efficient, innovative, and easy-to-use. This community includes the United Nations Human Rights Office, The Linux Foundation, United Nations Office for Disaster Risk Reduction, Clinton Foundation and Clinton Global Initiative University, Cloud Native Computing Foundation, Verizon, Persistent Systems, Arrow Electronics, HERE Technologies, Ingram Micro, IntelePeer, Consumer Technology Association Foundation, World Bank, Caribbean Girls Hack, Kode With Klossy, World Institute on Disability, and many more.

"We are facing a time of unprecedented crisis," said Laurent Sauveur, Chief, External Relations, UN Human Rights "While the COVID-19 pandemic puts lives and livelihoods at immediate risk, climate change is an existential threat for humanity. By triggering global engagement, initiatives like Call for Code open up the potential for developers and problem solvers around the world to put their skills to use to create inclusive and effective response solutions that can be deployed quickly yet have long-term impact."

The grand prize and University Edition winners will be announced on October 13 via a digital event, the 2020 Call for Code Awards: A Global Celebration of Tech for Good.

About Call for Code Global Challenge

Developers have revolutionized the way people live and interact with virtually everyone and everything. Where most people see challenges, developers see possibilities. That's why David Clark Cause created Call for Code in 2018, and launched it alongside Founding Partner IBM and their partner UN Human rights. This five-year, $30 million global initiative is a rallying cry to developers to use their mastery of the latest technologies to drive positive and long-lasting change across the world through code. Call for Code global winning solutions are further developed, incubated, and deployed as sustainable open source projects to ensure they can drive positive change.

MEDIA CONTACTS

Deirdre Leahy[emailprotected]845.863.4552

Chris Blake[emailprotected]415.613.1120

SOURCE IBM

Continue reading here:

2020 Call for Code Global Challenge Finalists Selected for Innovative Solutions to Take on COVID-19 and Climate Change - PRNewswire

After auditing the security of Instagram's apps for Android and iOS, security researchers from Check Point have discovered a critical vulnerability that could be used to perform remote code execution on a victim's smartphone.

The security firm began its investigation into the popular social media app with the aim of examining the 3rd party projects it uses. Many software developers of all sizes utilize open source projects in their software to save time and money. During its security audit of Instagram's apps, Check Point found a vulnerability in the way that the service utilizes the open source project Mozjpeg as its JPEG format decoder for uploading images.

The vulnerability was discovered by fuzzing the open source project. For those unaware, fuzzing involves deliberately placing or injecting garbled data into a specific application or program. If the software fails to properly handle the unexpected data, developers can then identity potential security weaknesses and address them before users are put at risk.

To exploit the vulnerability in Instagram's mobile apps, an attacker would only need to send a potential victim a single, malicious image via email or social media. If this picture is then saved to a user's device, it would trigger the exploitation of the vulnerability once a victim opens the app which would then give an attacker full access to their device for remote takeover.

The vulnerability discovered by Check Point's researchers gives an attacker full control over a user's Instagram app which would allow them to read direct messages, delete or post photos or change a user's account profile details. However, since Instagram has extensive permissions on a user's device, the vulnerability could be used to access their contents, location data, camera and any files stored on their device.

Upon their discovery, the firm's researchers responsibly disclosed their findings to Facebook and the social media giant then described the vulnerability, tracked as CVE-2020-1895, as an Integer Overflow leading to Heap Buffer Overflow. Facebook then issued a patch to address the vulnerability while Check Point waited six months to publish a blog post on its discovery.

Head of cyber research at Check Point, Yaniv Balmas provided further insight on the potential dangers of using 3rd party code, saying:

This research has two main takeaways. First, 3rd party code libraries can be a serious threat. We strongly urge developers of software applications to vet the 3rd party code libraries they use to build their application infrastructures and make sure their integration is done properly. 3rd party code is used in practically every single application out there, and it's very easy to miss out on serious threats embedded in it. Today it's Instagram, tomorrow who knows?

Via SecurityInformed.com

Read the original here:

Nasty Instagram vulnerability could have given hackers the keys to the kingdom - TechRadar

A remote code execution (RCE) flaw found in Instagram that lets bad actors potentially take over a victims phone by sending a malicious image shines a spotlight on the vulnerabilities tied to third-party apps and image files.

Researchers from Check Point crashed Mozjpeg, open source software that Instagram uses as a decoder for images uploaded to the photo-sharing service, to exploit CVE-2020-1895, according to a blog post. Although the bug was discovered on an Android device, Check Point said iOS devices are also at risk.

Yaniv Balmas, Check Points head of cyber research, said Instagram made a mistake in how it integrated Mozjpeg into the Instagram app. Balmas said the image parsing code used as a third-party library wound up being the weakest part of the Instagram app, noting that researchers were able to crash it 447 times. Check Point has notified Instagram owner Facebook of the vulnerability and it has since been fixed.

Every modern application uses third-party libraries it would make no sense to develop otherwise, Balmas said. But that doesnt mean you have to blindly trust it. Moving forward, developers need to treat third-party libraries like their own code.

The Synopsys Cybersecurity Research Centre found that open source software makes up on average 70 percent of the code in audited commercial applications, and 99 percent of all applications have some aspect of open source code attached to them.

In the case of the Check Point discovery, development teams must treat images as unvalidated input and test for the effects of corruption, said Tim Mackey, principal security strategist at the Synopsys. He said development teams should treat any abnormal behavior during these tests with the same level of priority given to a SQL injection or other unvalidated input weakness in code.

Open source has many benefits, but carries with it a shared use responsibility, Mackey said. If you are using an open source component, and its critical to the success of your app or business, then you need to manage it properly. One part of that responsibility is to test that your chosen components are securely used in your applications. If there turns out to be an issue, then its your responsibility to report it to the authors, but ideally if youre able to provide a fix do so The security of all software is only as good as the weakest component.

Chris Olson, founder and CEO of The Media Trust, said security pros should consider a CVE discovery at a big platform like Facebook/Instagram a red flag.

The big platforms spend a lot of resources protecting their ecosystems, so if it could happen there, thats significant, Olson said. What I worry about more is that most companies are focused on protecting their own infrastructures and not on the consumers who mostly use third, fourth and fifth parties to run the big platform applications. The vast majority of the cyber attacks are on the third, fourth and fifth-party apps. Its the biggest miss in cyber and too many companies dont even know its an issue.

Tim Erlin, vice president of product management and strategy at Tripwire, was more low-key, saying that theres nothing new about exploitations of third-party libraries. Erlin said the unique vulnerability Check Point uncovered was cause for concern because Instagram has millions of users and organizations such as publishers, corporate marketing departments, ad-networks and radiology labs use thousands of images every day.

My advice to developers is to run a vulnerability scan on all third-party apps theyre using to process images, as well as all third-party apps on the website, Erlin said. They should also do the vulnerability scans on a regular basis. For companies that dont want to slow things down and run the scans, find tools to automate the process.

Read more:

Instagram flaw shows importance of managing third-party apps, images - SC Magazine