Weve all heard the arguments for the age-old debate between Java and .NET, and as with many things, there are many factors to consider to determine what best suits your application. But what if we take it a bit deeper to the virtual machine level?

There are a handful of similarities between the CLR and JVM both are high performance software run times, both include methods for garbage collection, code-level security and rich frameworks and open source libraries. Both also employ stack-based operations, the most common approach to storing and retrieving operands and their results.

But there are also some very stark differences.

For every similarity that these VMs share, a difference in implementation can be found. Still, just as with programming languages, the development of these VMs advances in a kind of leapfrog-like motion. One implements something like the mark-sweep-compact approach to garbage collection, and the other is soon to follow. Below Ive broken down a few of the biggest distinctions.

SEE ALSO: A hands-on tutorial on how to test against 12 different JVMs using TestContainers

One potentially superficial difference between the CLR and JVM (though one that likely influenced the way they developed) is that the JVM was created to work primarily with Java, while the CLR was designed to be language-neutral. Conversely, the CLR was originally designed only to run on the Windows OS and hardware, whereas the JVM was designed to be transportable into multiple OS and hardware architectures OS-neutral. Times have changed though, as we all know, now there is CoreCLR which runs on Linux and Mac, and many more languages have been developed to work with the JVM.

This leads to the fact that, for the most part, the differences between the CLR and JVM are also signifiers of the differences between the languages that employ them. Or, you can say that some of the most significant differences between languages (for arguments sake, lets say C# and Java) really are implemented at the VM-level.

A big difference that we see at the VM-level is that although both use JIT (Just-in-Time) compilation, the compiler isnt called to run at the same time. The CLR compiles MSIL code into machine code when the method is first invoked during runtime. The JVM uses a specialized JIT compiler engine HotSpot to compile Java Bytecode into machine code. This method compiles the hot spots in the code that will actually be used in order to prevent long compile times at run-time.

Each of these compilation strategies has its own tradeoffs in terms of performance. Because the CLR compiles all of the machine code before it is executed, execution time can improve in the long run. But on the other hand, if only a small portion of the code will be needed for a method to run, Javas HotSpot compiler can save time. Hotspot can also apply advanced optimizations that have to do with adjusting the resulting machine code the dynamic behaviours of the code as it is executing.

All that said, there are actually dozens of ways to configure the JVM and CLR we are just scratching the surface in this article.

Another smaller difference is that the CLR was built with instructions for dealing with generic types and for applying parametric specializations on those types at runtime. Basically, that means that the CLR recognizes the difference between, for example, List and List, whereas the JVM cant. The CLR also allows users to define new value-types in the form of Structs, while value-types in JVM-based languages are fixed (byte, short, int, long, float, double, char, boolean), though there are plans in the works to change this.

There are a few more differences like this one that present more as differences at the language-level. Some of those include: closures, coroutines and pointers which are available in the CLR, and not in the JVM.

Although both include methods for exception handling, overall differences between the two can affect compatibility with different exception- and error-monitoring tools. This, in turn, affects troubleshooting strategies and workflows. The JVM has very robust bytecode instrumentation frameworks that support both both Java and C++ agents, and also allows for multiple agents to execute side by side. This enables developers to run multiple profilers, APMs as well as writing their own custom agents to fully understand and optimize the behaviour of their appications. The CLR agent is more limited and only allows for one .NET profiler to be attached to the CLR at run-time. The JVM even supports attaching and detaching agents at run-time via a built-in Java API.

Speaking of the competition, we know that .NET and Java both have strong communities backing them up. Within those communities, developers ask questions and engage in in-depth conversations on sites like StackOverflow. A quick search for the name of each VM reveals that CLR has been tagged 3,250 times compared to the JVM which has been tagged 8,628 times.

Outside of StackOverflow, there are also extensive communities that are cultivated by Microsoft and Oracle themselves. There, users can find additional information and resources related to more than just the CLR and JVM. Topics there include implementations in the cloud, troubleshooting questions and more.

Beyond this, though, the communities are definitely more centered around individual languages such as .NET, Java, C/C++, Scala, etc.

SEE ALSO: 7 JVM arguments of highly effective applications

Looking at these VMs at the highest-level, the differences between the CLR and JVM seem almost negligible. However, in many (if not most) cases, the differences at the VM-level mirror the key differences between the languages that use them. Because of the way these VMs, and their corresponding languages, were built, each functions slightly differently in order to provide the functional capabilities that their creators wanted to provide.

View original post here:

CLR vs JVM: Taking the Never-Ending Battle Between Java and .NET to the VM Level - JAXenter

KRAKOW, POLAND - 2018/11/13: In this photo illustration, the Bitcoin wallet app is seen displayed ... [+] on an Android mobile phone. (Photo Illustration by Omar Marques/SOPA Images/LightRocket via Getty Images)

One essential trait of cryptocurrencies that make them fundamentally different from the conventional banking system is the ability for users to have custody over their own crypto-assets. There is no ability to freeze funds or censor transfer of them if you have control of your own private key. There is no third party that can come in and seize your funds or stop you from using them in any way you see fit. Put shortly: your keys, your funds.

In effect, when you own bitcoin or other cryptocurrencies, you control your own part in a distributed ledger rather than being a manipulable data point in the centralized ledger of a bank.

You express the degree of privacy you want and the level of security you need to conduct transactions. You can choose to have a trusted third party custody your assets for you (and in so doing, be able to identify who you are in exchange for easy access to your funds) or you can choose to have your cryptocurrencies in your own wallet, run on open source code that seek neither to identify you or to sell you anything.

Yet recent proposed regulations in the United States may lead to this critical trait, the ability to choose different transactions and ways of dealing with cryptocurrencies and their wallet holders, to be under threat.

FinCEN (Financial Crimes Enforcement Network), a portion of the Treasury Department which is responsible for enforcing transparency requirements around financial flows and the Bank Secrecy Act, is looking to impose regulations that force regulated entities to keep records on identity when theyre looking to transact in cryptocurrencies specifically a $3,000 threshold for when there is a transaction with an unhosted wallet a wallet of somebody who hasnt gone through formal KYC/AML and which isnt hosted on an exchange or bank, and which is oftentimes in self-custody.

Cryptocurrency exchanges and banks that want to deal in cryptocurrency will have to create the technical capability to verify the identity of those behind certain wallets a difficult task in a realm of financial privacy where preventing wallet reuse might among other things, stop the spread of public keys and strengthen the chain against theoretical future attacks such as large quantum computers being able to double-spend. There are also possible significant implications when it comes to certain decentralized exchanges.

Tying together peoples identities when they express a higher desire for privacy (as is the case with end-to-end encryption) ends up amounting to a sort of warrentless surveillance that runs directly counter to the tenets of financial liberty and privacy of cryptocurrencies.

In effect, if the proposed rule is implemented fully, this may have the effect of significantly burdening the self-custody of cryptocurrencies as well as banks that want to get into cryptocurrency or cryptocurrency exchanges.

The petition to extend the comment period on this proposed rule, had an original goal of 2500 signatures, but is now above that and seeking 5,000 signatures as of the time of publishing. It is being started by the Chamber of Digital Commerce, a cryptoassets trade association with members including leading cryptocurrency exchanges and certain banks.

Part of the urgency stems from the shortness of the comment period. Usually, comment periods can extend up to 90 days, with a norm of 30 days, and a period that can stretch up to 60 days when there is a significant issue at hand. FinCEN has proposed a 15-day comment period, and stacked many of those days during the holidays making it very difficult to get any significant replies.

An extension of the comment period would allow organization such as the Electronic Frontier Foundation and Coin Center to conduct deeper diligence beyond their initial thoughts, and provide well-thought out comments as to how this rule may create unintended effects that significantly damper cryptocurrencies and their ability to create consensual, financial flows.

FinCEN claimed the shortness of the proposed comment rule was because of a number of reasons, from the foreign affairs implications of the rule, to its previous engagement with cryptocurrency industry executives yet its not so clear, beyond the transition to a new Administration, why there is such urgency in the first place.

The proposed rule from FinCEN aims to be one of the Trump Administrations final actions on cryptocurrencies. The Trump Administration has not been very favorable to cryptocurrencies in many instances, from tax regulations/rulings, to President Trump tweeting about he was not a fan of bitcoin.

Extending the comment period to between thirty to ninety days would potentially place the rule-making process in the hands of the new Administration which while inclined to more banking regulations and conventional financial constraints, may not have the exact same aggressive view towards cryptocurrencies as the current administration or may not have the same rules.

While banks are given sometimes years to comment and consider similar issues, this particular issue is being rushed through in order to give the current administration its own space to create rules that may never be reversed in the short time before it no longer has any power and which may have effect for years or perhaps even decades, constraining innovation that is yet to come and freedom that is already here.

The proposed FinCEN rule is a potential bridge to the dystopian society previewed in Hong Kong and Nigeria: places where cash in the former or bitcoin in the latter are the only options for peoples who are subjected to a ruling political class in control with access to monitor and censor whichever financial flows they see fit. It deserves more consideration than a last-ditch attempt to make rules from an outgoing Administration.

More here:

Petition Launched To Extend Comment Period On Cryptocurrency/Bitcoin Self-Custody Regulations - Forbes

As Sony pulls the much-hyped action role play game Cyberpunk 2077 from PlayStation after complaints of bugs and even a player getting a fit, we look back on gaming history, from "prehistoric" Pacman to worlds as limitless as a hacker's imagination.

One of the first consoles to bring the arcade experience to living rooms, Japan's Atari licensed PacMan in 1982. The simple game may seem prehistoric now -- a yellow circle head munching a maze of dots -- but it would prove to be a bestseller until 1992.

This fixed-shooter game that continues to inspire a world-famous street artist Invader pits a horizontally-moving cannon against an ever-descending army of invaders.

This racing game with its focus on the multi-player experience is credited with launching its own subgenre of video games. It has been released in eight versions and its 2008 edition for the Nintendo Wii was the best-selling racing game of all time.

The ultra-popular Japanese fighting game came to Nintendo's GameBoy in 1995 and has been released in multiple forms over the years.

In Doom, one of the first ever first-person shooter games, the player is a "space marine" who must fight off the screeching demons along his path to a transporter that will get him off a besieged moon base.

FIFA is the bestselling sports video game of all time with the latest hyper-realistic editions offering a choice of leagues, stadiums, and teams but also players and coaches. (You can even hold a post-match press conference.)

Known for its violence (the player can shoot police officers and run over prostitutes), Grand Theft Auto was the first to popularise the "open world" concept.

Players can go off piste to explore and interact with other characters and the landscape as they see fit.

Grand Theft Auto is also known as the only game ever to receive an adults-only classification.

Sometimes called "the greatest game ever made", this Japanese action-adventure saga boasts richly-detailed environments and a complex narrative that make it something of an artistic achievement.

But the first version -- "Ocarina of Time" -- also pioneered the capability to lock on enemies during fights.

At 200 million copies, Minecraft is the bestselling video game of all time by far.

Beloved by hackers and children alike, Minecraft is based on exploring an infinite realm where players can gather materials (through mining) and use them to create (crafting) -- either to stay alive in survival mode or to build whatever they want.

For many, the game functions as a virtual Lego set, and thanks to open-source code, players who access Minecraft through a computer can create their own custom game elements making infinite possible variations.

Fortnite is a cooperative survival game that is so popular that the launch of its fifth season generated five times more web traffic than the results of Donald Trump winning the US election in 2016.

Another game-changer is that players can interact from any device and have the same experience.

Go here to read the rest:

Before Cyberpunk: Video games that changed the world - Mumbai Mirror

Dinsan Francis has recently spotted a Chrome Cart feature being referred to in Chromium's code lines. While this feature isn't out yet, a deep dive into the code might allow us to take a glimpse into Chrome's future updates.

Google's no stranger to advertising. It's spent these past few weeks heavily promoting advertising venues such as Search Ads, relying on businesses auctioning for ad slots. Advertising does make up a significant chunk of the company's revenue stream, and so it only seems natural that Google would want an entire pit stop on its extremely popular browser service dedicated to online shopping. A trend which, it should be noted, has seen an unprecedented amount of growth owing to the COVID-19 pandemic. With the face of virtual marketing now altered, its time that businesses and brands adapt.

The Chrome Cart feature was identified as an experimental product in Chromium's code. Chromium, for those unfamiliar, is Google's open-source browser, with accessible code developers can use to build or expand upon their own browsers. Labelled NTP Chrome Cart Module, such a feature on it's own is not highly indicative of what the Cart is and what it entails for the browser. Chrome Cart could easily be a placeholder name for any marketing or advertising related features.

However, a tag was found, highlighting and grouping all code changes brought on by Cart. Lines such as Support Best Buy and Support Home Depot were quickly spotted and reported. With this in mind, one can begin to form an image of what Chrome Cart is aiming for.

Now while this is entirely theoretical, and things may pan out very differently, such a move will allow Chrome to place a very firm foot into the online shopping market. Google Chrome is a widely used browser service, with an estimated one billion active users currently. Brands get to tout their products on a popular landing page, Google gets a new income source. Seems like everyone wins.

As of yet, there is no offical news from Google regarding Chrome Cart. However, considering its code lines were spotted in open source Chromium browser, development on the feature may be well underway.

Read next: Google Chromes New Tab May Start Showing Product Recommendations

Read more:

A Chrome Cart Feature Has Been Alluded To In Chromium Code - What Could This Mean? - Digital Information World

TLDR: With 27 courses and over 270 hours of coursework, The Premium Learn to Code 2021 Certification Bundle is the one-stop shop for becoming a well-trained web developer.

If youre going to learn to play basketball, who should you assemble as your teachers? Michael Jordan, LeBron James and an all-star squad of talent who have scaled the heights of their sport? Or a bunch of guys just hangin out around your local rec court?

Anybody can teach you a skill, but not just anybody can teach you how to perform that skill well. For those who want to finally understand programming concepts and tools, the roster of experts assembled to lead the formidable Premium Learn to Code 2021 Certification Bundle ($59.99, over 90 percent off, from TNW Deals) can not only be described as the right instructors and institutions for the right job.

Premium only begins to do this massive 27-course collection its proper justice. Packed with over 270 hours of training, these courses bring together some of the most respected teachers in the field to cover everything from programming languages to building tools to pathways into some of technologys most fascinating job opportunities.

As a group, the instructors and outlets behind this training have amassed 4.2 to 4.5 out of 5-star reviews over the course of teaching over six million students.

If you want to learn how to build websites and mobile apps, you couldnt find a more suited guru than Rob Percival. InThe Complete Web Developer Course 2.0, the best-selling creator of Codestars breaks down coding basics, covering everything from the fundamentals of HTML5, CSS3 and Python to how to build responsive websites with jQuery, PHP 7, MySQL 5 and Twitter Bootstrap. In this course, students learn by actually doing, building 25 different websites and app projects from scratch.

Or you can follow the path of renowned web teacher Joseph Delgadillo. In The Complete Front-End Web Development Course, he helps shape real, employable skills on projects ranging from a simple HTML page to a complete JavaScript-based Google Chrome extension.

And those are just two of the 27 courses. More training found inside delves into every facet of modern-day coding, including JavaScript, Java, SwiftUI, Flutter, Dart, Ruby on Rails, and Django. Users get close examinations of some of the hottest industries in tech, including data science and machine learning. There are even instruction modules specifically focused on how to get employed as a full-scale web developer.

The 2020 edition of this course enrolled over 51,000 students, so you can expect a large scale, fullscreen coding education that leaves nothing behind. Covering over $4,000 worth of intensive training, you can get the complete Premium Learn to Code 2021 Certification Bundle now for less than $3 per course, just $59.99.

Prices are subject to change.

Read next: These are the plastic items that most kill marine animals

Go here to read the rest:

This 27-course bundle can help you learn to code this new year for just $60 - The Next Web

Recently, AWS announced a new version of its IoT Greengrass edge runtime and cloud service during the annual re:Invent. The latest version 2.0 comes with pre-built software components, local software development tools, and new features for managing software on large fleet devices.

The new version of IoT Greengrass comes three years after its version 1.0 release in 2017. AWS designed the service to help customers quickly and easily build intelligent device software as it enables local processing, messaging, data management, ML inference, and pre-built components to accelerate application development. Furthermore, it provides a secure way to seamlessly connect edge devices to any AWS service, as well as to third-party services.

With version 2.0, the public cloud provider provides an open-source edge runtime, a rich set of pre-built software components, tools for local software development, and new features for managing software on large fleets of devices. The characteristics,according to a blog post on the latest version of AWS IoT Greengrass, are as follows:

Source: https://docs.aws.amazon.com/greengrass/v2/developerguide/what-is-iot-greengrass.html

With the releases of AWS IoT Greengrass 2.0, industry-leading partners NVIDIA and NXP have qualified many of their devices for AWS IoT Greengrass 2.0, such as NVIDIA Jetson AGX Xavier Developer Kit, NVIDIA Jetson Nano Module, and NXP S32G-VNP-EVB. And all other partner device listings are available in the AWS Partner Device Catalog.

Holger Mueller, principal analyst and vice president at Constellation Research Inc., told InfoQ:

The edge is a challenging environment for software applications, giving platform capacity, power, connectivity, and physical conditions. Providing a more modular approach to the edge platform as AWS is doing with Greengrass 2.0 is a crucial step to allow device makers and enterprises to have the right side platforms for their demand on the edge to power next-generation applications in the IoT field. Equally key is moving to open-source platforms, allowing greater compatibility and uptake across vendors than proprietary platforms.

Currently, AWS IoT Greengrass 2.0 is available in various AWS Regions, and pricing details are available on the pricing page. The company offers customers access to Greengrass 2.0 at no cost for their first 1,000 devices through the end of 2021. Furthermore, developers can find more information through the developer guide.

Lastly, customers can migrate their existing AWS IoT Greengrass 1.x devices and workloads to AWS IoT Greengrass 2.0 leveraging the migration guide.

Read more here:

AWS Announces a New Version of AWS Iot Greengrass - InfoQ.com

Samsung has opened up pre-order reservations for the next Galaxy flagships aka the Galaxy S21 series in the US.

First spotted by XDA Developers in the Samsung Shop app, the reservations for the upcoming phones can also be made through this link on Samsungs website.

Get ready to jump to the next galaxy, reads Samsungs promotional webpage for Galaxy S21 reservations. Those who sign-up for the pre-order notifications via the website will get $50 in instant credits towards buying accessories for the Galaxy S21, S21 Plus, of S21 Ultra.

An extra $10 instant credit will be given to those who complete their pre-order using the Samsung Shop app.

Youll need to share details such as your name, email ID, phone number, and ZIP code to reserve your Galaxy S21 pre-orders. You can also select your preferred carrier or choose to get pre-order notifications for unlocked models.

Samsung has included a trade-in option that can fetch you an instant credit of up to $700 if you exchange your old phone for one of the new flagships. For instance, if you want to trade in any of your Galaxy S20 or Note 20 models, youll get the full $700 instant credit provided your device meets Samsungs trade-in criteria.

As per Samsungs website, the pre-orders for the Galaxy S21 phones will last till January 28, 2021. However, the reservation credit offers are only valid for customers who reserve their pre-orders till January 13, 11:59 PM ET and complete their pre-orders between January 14, 2021 and January 28, 2021. This sort of confirms that Samsung will launch the Galaxy S21 series on January 14 as expected. It also means that you can expect the phones to start shipping only by the end of January.

You can read all that we know about the Samsung Galaxy S21 series here. Some fresh details about the specs of the Galaxy S21 and S21 Plus also leaked recently. You can read those here.

Read the original post:

Samsung Galaxy S21 series pre-order reservations now open in the US - Android Authority

Micro is an API backend that allows developers to write code without worrying about managing backend services as well.

Micros team believes that developers should be empowered to build software at an accelerated pace without any limitations.

Too much time is being lost on walking the maze that is the CNCF landscape. Too much time is being lost to managing the complexity of cloud infrastructure. Developers need to get back to what matters, absolute productivity in the software theyre building. For us that means making backend developers super productive, the projects documentation states.

Key features of Micro include authentication, configuration management, key-value storage, an API gateway, service discovery, and PubSub messaging.

In addition to the free open-source project, there is also a managed version called M3O. The free version includes the ability to deploy from Git, connect from anywhere, zero infrastructure management, public API and private repository support, and a shared hosted environment. M3O adds perks like 2x increased resource limits, Slack and email support, and business day SLA response time.

The team also recently introduced Micro Services, which offers a set of building block services that can be used in Micro. The initial release includes 10 services: Helloworld, chat, posts, comments, tags, feeds, location, messages, notes, and users.

Continued here:

SD Times Open-Source Project of the Week: Micro - SDTimes.com

How do you weigh up the annus covidius horribilis of 2020 in words that dont have to be asterisked?

It was a year when a virus inflicted a brutal end on some businesses, and tortuous stop-starts or finance-draining freezes on others. Some were able to pivot to survive, others found silver linings amid the spike proteins. But for many the pandemic was the kind of extended disaster for which no amount of crisis planning could have helped.

Good King Wenceslas himself would have looked out the window at the state of 2020 and crawled back under his duvet.

With uncertainty the new certainty, employment was often precarious by default and forward-looking statements were rendered works of speculative fiction. By the time the second wave came along, once-buoyant businesses seemed weary and depleted and in the most Covid-wracked sectors, the despair was palpable.

Ryanair is the biggest airline in Europe, which in normal years is great, but in 2020 put it on the front line of an aviation standstill. At the start of March, Michael OLearys airline cut a quarter of its flights to and from coronavirus-hit Italy for three weeks because bookings had plummeted amid passenger nerves and a blizzard of travel advisories.

On the same day, Leo Varadkar assured that there were no plans to cancel the St Patricks Festival, but with the caveat that March 17th was still two weeks away, and a lot can happen between now and then.

Indeed, by the time St Patricks Day came round, Ryanair was stripping back its schedule by 80 per cent, three-quarters of Aer Lingus flights were not taking off and struggling regional airline Flybe, which operated four in five of the flights at Belfast City Airport, had collapsed into administration.

Ryanair flew into the pandemic with a relatively strong balance sheet but it still could have done without the tripling of its debt and a winter travel write-off that brought the closure of its Cork and Shannon bases. By this point, OLeary was railing against what he saw as government mismanagement of EU air travel.

Any holidaymakers who made it to Ireland this summer were at high risk of becoming prime Liveline fodder, which was bad news for hotels, restaurants and everyone from Airbnb hosts to the company behind the Viking Splash.

At the pub end of the hospitality trade, the bleakness was unavoidable. In Dublin, the third of pubs that werent in a position to produce 9 chicken wings never reopened while, outside Dublin, almost half of pubs could only do so for a fortnight.

For companies dependent on the night-time economy, dawn was forever postponed. How many people do we have to marry to open this place, read the signage on the Academy gig venue.

The Press Up hospitality group, which has built a veritable empire of 55 restaurants, bars and hotels, wasnt the only company aggrieved at public health policy, but it was the one with both the desire and resources to mount a legal challenge. The group, run by Paddy McKillen jnr and Matt Ryan, sued the Government, seeking both compensation and a High Court declaration that the restrictions were an unconstitutional interference in its business.

So could pubs forced to close claim on their insurance for business interruption? Not if FBD had anything to do with it. Despite the assurance of cover that one of its executives accepted he had given Lemon & Duke publican Noel Anderson, FBDs position was that it did not offer pandemic insurance and never had.

Early 2021 will bring a High Court judgment on four test cases brought by publicans, including Anderson, on FBDs refusal to pay out. But even if FBD wins, the dispute has left the bitterest of tastes.

With one-time office workers dispersed to attic desks and ironing-board workstations, it wasnt the best of years to be big in the food on-the-go market. As Christmas neared, Greencores website hosted an animated corporate video showing a tree being decorated with sandwich packs, which was certainly one use for them.

In November, as the Dublin-headquartered company conducted a share placing to raise cash, chief executive Patrick Coveney said Greencore had been absolutely smashed by the first lockdown and would not recover until at least 2022. Indeed, it was still reeling from the spring slump in sales of its pre-packed sandwiches when almost 300 workers at its Northampton factory tested positive for the virus.

In retail, it was a tale of two categories, essential and non-essential. Supermarkets rose to the challenge, their staff effectively becoming front-line workers during the first lockdown. Later, DIY chains like Grafton-owned Woodies were the beneficiaries of a home improvement boom: with nowhere to go, nesting was in vogue.

But for other bricks-and-mortar retailers, 2020 was miserable, and the list of casualties was long: Oasis, Warehouse, Monsoon, Pamela Scott, Mothercare Ireland and Cath Kidston all disappeared from Irish streets, while the administrators of Topshop owner Arcadia spent December trying to find buyers for its fashion brands.

The biggest loss, however, was department store chain Debenhams. The liquidation of its Irish operations in April inspired protests from former staff shocked that their years of service would not be treated with the respect of a redundancy payout.

Their fight was not entirely in vain: after an invention by a mediator, the Government will set up a 3 million training and upskilling fund to assist the 1,200 workers who lost their jobs. But the sad sight of black sacks covering the Debenhams sign on Dublins Henry Street, one sack for each letter, summed up the sorry end.

The surge in working-from-home / living-at-work was good news for those telecoms companies that could keep up with demand. Alas, this was not the case for Eir, which provided a textbook example of Covid-19 exposing organisational weaknesses that long predated it.

Frustrations about former State monopolys shortcomings on customer service spilled over in a year in which many people across the State were dependent on a decent broadband signal to keep their jobs and see their grandkids. Complaints rocketed exponentially.

We have never had fantastic [customer] care in Eir, admitted chief executive Carolan Lennon as she apologised for below par service. Unfortunately, her explanation of the challenges in bringing the function in-house included a declaration that establishing a customer care centre on a greenfield site in Sligo had been a mistake. Suffice to say, the remark did not go down well in Yeats country, where CEOs are best advised to tread softly.

Incredibly, there were some who had a 2020 to forget for reasons unconnected to Covid-19. Such was the case for the perennially under-resourced Data Protection Commission (DPC), led by commissioner Helen Dixon, which made Twitters day by fining it a mere 450,000 for a December 2018 data breach in which it inadvertently made some users private tweets public. Insert screaming-with-horror-face emoji here.

With this first fine under the EUs General Data Protection Regulation (GDPR) a mere 0.016 per cent of Twitters 2019 revenue, other more punitive-minded EU regulators are now said to be exploring ways to get around the DPCs status as lead regulator for the tech giants that have their European headquarters here. If they do, the office may no longer seem quite so under-resourced.

One leading Irish business, meanwhile, had its inner workings on dismal display at the London inquiry into the 2017 Grenfell fire tragedy in which 72 people died.

Kingspan chief executive Gene Murtagh told employees that it would take time to rebuild trust in the building materials company after undeniable historic shortcomings were revealed at the inquiry, which heard that Kingspan had some years previously relied on results from flawed safety tests to market its Kooltherm K15 insulation product. Some of it was used on Grenfells cladding.

The inquiry has not yet concluded, but Kingspans internal communications to surface in recent weeks including one senior figures suggestion that a builder who questioned K15s safety should f*** off have been distinctly grim.

But before we bin 2020 never to discuss it again, lets also look back on those who managed to rack up a bright note or two amid the general gloom.

It is 31 years since Anne Heraty co-founded recruitment company Computer Placement Ltd, better known as CPL, and 21 years since it was floated, making Heraty the first female chief executive of an Iseq stock. In November, CPL agreed to be taken over by Japanese group Outsourcing for about 318 million in an all-cash deal.

That put Heraty and her husband and fellow director Paul Carroll in line to receive 110.9 million for their combined 34.9 per cent stake. Not bad in the middle of a global recession.

Indeed, this was a positively upbeat year for Irish tech sector, which was cutting deals with the sort of modest confidence in which the numbers did the talking. Back in the before-times (January), for instance, Irish chipmaker Decawave was sold to US-based Apple supplier Qorvo for $400 million (361 million), putting its staff in line to share a 54.4 million payout.

The company, founded in 2007 by Ciaran Connell and Michael McLaughlin, specialise in a sort of Bluetooth on steroids that is now being used in iPhones. It has become a big boys game, said Connell.

Also sticking them with the pointy end was, well, Pointy. The company that helps small retailers make their online stock visible, founded by Mark Cummins and Charles Bibby in 2014, was sold to Google for a reported $160 million (135.9 million).

Amazingly, this was the second time that Cummins, who was once turned down for a job at Google, had found a buyer in the tech giant, which had earlier acquired his start-up Plink in a life changing deal.

Elsewhere, Apple acquired Peter Cahills voice recognition company Voysis for an undisclosed sum and is now using its technology to help improve its virtual assistant Siri, while 2017 Young Scientist winner Shane Curran raised $16 million (14.5 million) from Silicon Valley investors for his data privacy tech company Evervault an impressive achievement to rack up before you have even hit your 21st birthday.

Nine-year-old Waterford software solutions company NearForm, led by co-founder Cian Maidn, had a 2020 to remember thanks to its work with the HSE on the Covid Tracker Ireland app.

After getting the call on the sunny Sunday afternoon of March 22nd, the NearForm team pushed hard into the night to present a prototype the next morning and, after three months of intense yet fully remote development, the app was ready. Within 36 hours of its launch on July 7th, it had been downloaded more than one million times.

The apps open source code, Covid Green, is now being used around the world and, yes, the company is hiring. We did something really good this year at NearForm we really did, Maidn tweeted in December. So proud of everyone.

Its enough to make even the most jaded of hearts feel emotional.

Never Mind the B#ll*cks, Heres the Science could scarcely have been a more timely title for the bestselling new book by immunologist Luke ONeill. Prof ONeill was one of the leading voices on Covid-19, but he was in the news for another reason after Swiss drug giant Roche paid $380 million for Inflazome, the inflammatory diseases treatment company he co-founded in 2016 with Australian chief executive Matt Cooper.

The money was obviously nice, Prof Cooper told The Irish Times, but it wasnt what had motivated the biotech entrepreneurs. We do what we do because there are people that need the medicines and thats the most important thing.

Inflazome was the product of something that couldnt happen for most of 2020: a chance meeting in a bar after an international medical conference. For all the addictive magic of Zoom, the business world will see in 2021 hopeful that vaccines will bring about a return of lanyard-wearing days, airport priority queues and opportunistic coffees.

Reclaiming the ability to move safely around the world, free of the cycle of lockdowns and reopenings and without fear of sudden border closures, has never felt such a huge ambition.

Link:

Covidius horribilis: Business winners and losers of 2020 - The Irish Times

Join us for a look at 2020s top ten most prevalent exploits targeting web services leveraged in large scale attacks or reconnaissance campaigns as seen by Radwares Threat Research Center.

The Threat Research Center monitors and researches malicious traffic and vulnerability exploits using Radwares Global Deception Network, which is a network of globally distributed darknet deception agents honeypots running services that attract bots attempting to compromise, abuse, hack into computers, create new botnets and launch DDoS attacks. The deception network attracts hundreds of thousands of malicious source IPs that generate millions of events daily. The automatic analysis algorithms provide insights and categorization of various types of malicious activity from reconnaissance through password brute force attempts to injections and RCE.

Radware proprietary and patented algorithms running on the deception network are used to catalog and identify new and emerging threat actors, including web application attackers, botnets, IoT bots, and DNS attackers, as well as to analyze malicious behavior designed to hide the attacker such as spoofing and anonymizing.

Lets drill down into the top 10 Service exploits identified in 2020:

74.85% of all web services hits.Apache Hadoop Unauthenticated Command Execution via YARN ResourceManager.

Hadoop is an open-source distributed processing framework designed to manage storage and data processing for big data applications running in clustered systems. In October 2018 Radware discovered the DemonBot, a malicious agent designed to run on vulnerable Hadoop servers. The original bot was first seen in Radwares Threat Deception Network in September 2018 scanning and trying to execute the request to /ws/v1/cluster/apps/new-application, which is the first step to exploit exposed unprotected Hadoop server, today though rarely seen in the wild, its successors take first place in scanning attempts.

What is the risk? A successful attack could allow an unauthenticated attacker to execute commands on the vulnerable server which may lead to data leakage and complete takeover of the server.

[You may also like: Hadoop YARN: An Assessment of the Attack Surface and Its Exploits]

11.27% of all web services hits.Apache Tomcat Manager Application Upload Authenticated Code Execution.

Apache Tomcat is an open-source HTTP web server written in Java under license Apache License 2.0. This module can be used to execute a payload on Apache Tomcat servers that have an exposed manager application. The payload is uploaded as a WAR archive containing a JSP application using a POST request against the /manager/html/upload component.

What is the risk? This vulnerability can allow an attacker to abuse the server in many ways such as steal users data, use the server resources for crypto mining, establish continuous control over it, and/or use it to hack another server.

6.9% of all web services hits.Cisco routers without authentication on the HTTP interface.

Cisco Systems, Inc. develops, manufactures, and sells networking hardware, software telecommunications equipment, and other high-technology services and products. In Aug 2002 Cisco released Cisco IOS 11.2 for Cisco routers which offered a new HTTP interface that provided an HTTP 1.0-compliant Web server in the IOS. This HTTP server allowed a user to execute commands directly from a URL. Attackers keep trying to find the unprotected Cisco routers, those without authentication on the HTTP interface.

What is the risk? An exposed router may allow a remote unauthenticated attacker to execute commands directly from a URL to receive configuration files of Cisco routers, scan an internal network, and detect additional devices in the NAT. This activity can allow an anonymous attacker to explore and abuse the internal network hidden after a compromised router.

[You may also like: FireEye Hack Turns into a Global Supply Chain Attack]

1.56% of all web services hits.Sangoma FreePBX multiple vulnerabilities.

Sangoma FreePBX is a web-based open-source graphical user interface, GUI, that helps to install and configure an Asterisk-based (a voice over IP and telephony server) open-source phone system on a server or virtual environment. Starting in 2018, many requests for the resource /admin/assets/js/views/login.js were identified and captured in Radwares Threat Deception Network. This resource belongs to Sangoma FreePBX code and it looks like the attackers are trying to detect vulnerable FreePBX servers and exploit one of the known vulnerabilities.

What is the risk? The compromised server can be used to steal users data, crypto mining, or any other malicious usage.

1.2% of all web services hits.WIFICAM web camera multiple vulnerabilities.

Many cheap Wireless IP web cameras use the same genetic code based on the GoAhead code (the tiny, embedded web server). This code includes multiple vulnerabilities where the most serious one is command injection.

In May 2017 an article was published about the Persirai botnet which exploits the vulnerabilities of these cameras to spread itself and launch high volumetric distributed Denial-of-Service (DDoS) attacks.

What is the risk? This vulnerability allows a remote attacker to inject arbitrary commands and achieve a complete takeover of the camera. Spying the videos received from the camera, steeling the video records, usage the camera to explore the internal networks all those are a small part of possible activities available to attackers.

0.92% of all web services hits.Sonatype Nexus Repository Manager Remote Code Execution.

Nexus Repository Manager is an open-source Repository Manager that allows to a proxy collect and manage dependencies developed by Sonatype. In 2019-02-05, Sonatype Security Team released a Critical Security Advisory which covered CVE-2019-7238. Affected versions are Nexus Repository Manager 3.x OSS/Pro versions up to and including 3.14.0.

The vulnerability, CVE-2019-7238, allows a remote attacker to inject and execute code on the server that could potentially affect confidentiality, integrity, and availability by sending a specially crafted request to the Sonatype Nexus Repository Manager server. For further information see here.

What is the risk? In addition to other usages of the Remote Code Execution Vulnerability, in this case, there is an additional dangerous scenario an attacker can inject any code into the code storage and affect any product in its development stage.

0.48% of all web services hits.Apache Solr Directory traversal vulnerability.

Apache Solr is an open-source enterprise search platform built on Apache Lucene. On May 30, 2013, Apache foundation published security issue SOLR-4882 with was related to CVE-2013-6397, the affected version was 4.3. The issue was resolved in version 4.6 and a patch from September 21, 2013.

What is the risk? The vulnerability, CVE-2013-6397 allows a remote attacker to read arbitrary files on the Solr server via the tr parameter. This, when combined with other vulnerabilities, may lead to remote code execution on the victim server. Attackers are scanning the internet using the above URL to find the old and unpatched Solr servers that are still vulnerable to CVE-2013-6397. The attacker can use the potential of the Remote Code Execution on a compromised server.

[You may also like: Youre Only As Protected As Your Providers SOC]

0.42% of all web services hits.PHPUnit testing framework for PHP Remote Code Execution.

PHPUnit is a programmer-oriented testing framework for PHP language. Like other unit testing frameworks, PHPUnit allows PHP developers to find mistakes in their newly committed code. In Jun 2017, CVE-2017-9841 that addresses the vulnerability was issued.

What is the risk? The vulnerability, CVE-2017-9841 allows a remote attacker to execute arbitrary code on an affected PHPUnit server. A remote unauthenticated attacker can send a malicious HTTP POST request to /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI, which may lead to a complete takeover of a vulnerable PHPUnit server.

0.4% of all web services hits.Hudson continuous integration tool multiple vulnerabilities.

Hudson is a continuous integration tool written in Java, which runs in a servlet container, such as Apache Tomcat or the GlassFish application server. Over the years the project was replaced by Jenkins. The final release. 3.3.3 was on February 15, 2016. Today Hudson is no longer maintained and was announced as obsolete in February 2017.

What is the risk? Since Hudson is still in use (albeit it is no longer maintained), attackers keep trying to find and identify Hudson servers to attack unhandled security vulnerabilities.

1.99% of all web services hits.

In addition to the new items that we covered in this list, we have also seen items that we already saw and covered in our previous blog Top 10 Web Service Exploits in 2019 such as /ctrlt/DeviceUpgrade_1, /TP/public/index.php and /nice%20ports%2C/Tri%6Eity.txt%2ebak.

A whopping 75% of the hits in Radwares Deception Network were attempting to exploit the Apache Hadoop vulnerability, a well-known vulnerability from 2018 that was covered in Radwares blog New DemonBot Discovered. Today though DeamonBot is a rare sight, its successors and many other malicious bots are still exploiting this vulnerability.

As for the other attacks, although the trending vulnerabilities that attackers choose to exploit have changed, the focus is the same as last year. It is not necessarily on new attacks and new attack vectors as one would expect, but rather on popular technologies and devices with known and easy to exploit vulnerabilities, going back to vulnerabilities initially reported in 2013.

Organizations that lag so far behind with upgrading or patching these vulnerabilities, are recommended to implement patches on their assets as soon as possible.

Download Now

Read the rest here:

The Top Web Service Exploits in 2020 - Security Boulevard