20 minute read

News Watch

NEWSNEWS WATCHWATCH

Automation enhancements come to Wind River Studio

Wind River Studio’s latest update adds a customizable automation engine, digital feedback loop, enhanced security, analytics with machine learning capabilities and a DevSecOps pipeline.

The platform also now offers customizable automation pipelines and integration with commonly used automation tools to help developers build connected intelligent systems such as airborne delivery drones, autonomous vehicles, and factory robots.

For the development stage, the new release offers a pipeline manager visual tool to monitor the CI/CD of collaborative projects for VxWorks and Wind River Linux. It also offers digital twin creation and synchronization to model resources, devices, and entire systems with Wind River Simics; quick emulation using QEMU; and simulation.

For the deployment stage, the new studio offers a modern cloud platform updated with new 5G vRAN accelerator support and GPU enabled for AI-on-5G and augmented reality application support.

It also offers a digital feedback loop and analytics powered by the digital feedback loop for real-time analysis, reporting, and alerting of infrastructure and application performance.

People on the move

n JFrog has named Sagi Dudai as its new executive vice president of product and engineering. He comes from Vonage where he held the position of chief technology officer. While at Vonage he drove the company’s technology vision, architecture, and design and oversaw technology development. He will report to JFrog’s CEO and co-founder, Shlomi Ben-Haim.

n Matt Johnson will become the new chief executive officer of Silicon Labs at the start of 2022. He will replace the current CEO, Tyson Tuttle, who is retiring. Johnson has been at Silicon Labs since 2018, first being brought on as senior vice president and general manager of IoT products before being promoted to president in April of this year, which is still his current role.

n ServiceNow is creating a new role called senior vice president of global alliance and channel ecosystems go-to-market operations. Erica Volini will fill this new role and will be working to help partners build a broad community of digital transformation leaders. Volini previously held the title of principal in Human Capital at Deloitte Consulting.

n WSO2 is welcoming two new hires this month: Shekar Hariharan as chief marketing officer and Gregory Stuecklin as vice president and general manager of North America. Hariharan has held marketing roles at Jitterbit, Oracle, and SugarCRM, and Stuecklin comes from Microsoft. According to WSO2, Hariharan and Stuecklin will play a key role in the company’s global expansion.

Rust 1.54 now available

The latest version of the programming language Rust is now available. Rust 1.54 introduces a few new stable features.

One new update is that attributes can invoke function-like macros. An example use case of it is including documentation from other files into comments. “For example, if your project’s README represents a good documentation comment, you can use include _ str! to directly incorporate the contents, ” the Rust team explained in a post.

According to the team, there were previously some workarounds that would allow for this functionality, but this makes it more ergonomic.

Another new addition is the move to stable for several intrinsics for the wasm32 platform. Unlike the x86 and x86 _ 64 intrinsics that are already stabilized, these don’t have a safety requirement where they can only be called if the appropriate target feature is enabled. This is because WebAssembly validates code safely before it is executed so instructions are guaranteed to either be decoded correctly or not at all.

Jetpack Compose reaches 1.0 release

Jetpack Compose is a UI toolkit for Android developers.

According to the team, Compose has been developed in the open for the past two years with participation from the Android community. As of this 1.0 release, there are already 2000 apps in the Play Store that have utilized Compose.

Jetpack Compose is designed to be interoperable with existing apps, integrate with Jetpack libraries, and offer Material Design components. Its Lazy components provide a simple and powerful way to display lists of data without requiring much boilerplate code, the team explained. Compose also has a selection of animation APIs to make it easier to build animations into Android apps.

This 1.0 release introduces Compose Preview, available in Android Studio Arctic Fox, which allows developers to see their Composables in different states, light and dark themes, or different font scalings. This makes component development easier since developers don’t have to deploy a whole app to a device to see what those changes look like.

Another new addition is Deploy Preview, which allows developers to test parts of the UI without having to navigate to that part of the app.

The Jetpack Compose team also unveiled its roadmap for the future of the toolkit. Going forward, the team will be focusing on performance, Material You components, large screen improvements, homescreen widgets, and Wear OS support.

IntelliJ IDEA 2021.2 focuses on experience

It includes a new project-wide analysis feature that allows developers to track errors before compiling the code.

JetBrains also added a number of actions that will activate when a project is saved. These include things such as reformatting code and optimizing imports.

Markdown support has also been improved. Developers will now be able to convert .md files to and from different formats, configure image sizes,

Microsoft sunsetting Xamarin Community Toolkit

Microsoft is revealing plans for the future of its Xamarin Community Toolkit as the .NET MAUI release nears. This year the company has been working to unify Xamarin SDKs into .NET, and it released .NET MAUI as an evolution of Xamarin.Forms with the ultimate goal of acting as a replacement.

Microsoft will be releasing two NuGet packages for .NET MAUI: CommunityToolit.Maui and CommunityToolkit.Maui.Markup. It is planning to release the first preview of these packages in August.

The team is currently in the process of bringing features from the Xamarin Community Toolkit to the .NET MAUI Community Toolkit. Microsoft recommends the .NET MAUI Community Toolkit as the toolkit for all .NET MAUI apps. Microsoft will also be releasing two .NET MAUI-compatible versions of the Xamarin Community Toolkit to help developers avoid breaking changes when porting Xamarin.Forms apps to .NET MAUI. According to the company, these will be almost identical to the current Xamarin Community Toolkit libraries, with the only difference being a change in the Xamarin.Forms dependency to .NET MAUI. In terms of sunsetting the Xamarin Community Toolkit, the company will continue to support it through November 2022. It will accept pull requests for bug fixes through the time, but it will only accept pull requests to add new features through September 2021.

and use drag and drop to add images. There is also a new Floating Toolbar and JetBrains fixed list formatting issues.

IBM Z systems get new OS

IBM z/OS V2.5 is designed to accelerate the adoption of hybrid cloud and AI as well as drive modernization initiatives. It features tightly integrated high performance AI functionality, which is designed to enable more informed decision making.

New security capabilities include expanding pervasive encryption to basic and large format SMS-managed data sets and anomaly mitigation capabilities that utilize Predictive Failure Analysis (PFA), Runtime Diagnostics, Workload Manager (WLM), and JES2.

The OS update also introduces new improvements for running on hybrid cloud. IBM z/OS V2.5 adds new Java and COBOL interoperability to extend existing programming models, enhanced performance and ease of use for z/OS Container Extensions, and transparent cloud tiering and Object Access Method cloud tier support to reduce capital and operating expenses.

Live Preview added to Visual Studio 2022 preview

The second preview release for Visual Studio 2022 is now available. Visual Studio 2022 Preview 2 is focused on providing capabilities for productivity, modern development, and innovation, according to Microsoft.

The first preview introduced the new Cascadia Code font, which was designed to be easier to read. In this preview, the team also updated icons to make them clearer and easier to distinguish.

Preview 2 is also fully localized and includes over a dozen language packs. Languages to choose from include English, Chinese (Simplified), Chinese (Traditional), Czech, French, German, Italian, Japanese, Korean, Polish, Portuguese (Brazil), Russian, Spanish, and Turkish.

Productivity improvements include Live Preview experiences for XAML and web apps that show changes to apps in real time and Force Run, which is a new debug command that allows developers to run an application to a specific point, ignoring other breakpoints and exceptions.

Visual Studio 2022 includes support for the latest version of the C++ build tools, new CMake integration, and seamless targeting for WSL2.

In addition, this preview adds an update to Hot Reload, adding C++ support. Developers will now be able to use Hot Reload to edit C++ or .NET apps while the app is running.

Python Extension for VS Code July 2021 release

roots. According to Microsoft, a common issue developers have is that developers see diagnostics under import statements when opening new projects, but they don’t know how to resolve them. Configuring project roots used to require the developer to set python.analysis.extraPaths to let Pylance know what search paths to use for import resolution.

Now developers can skip the step of manually changing settings.json and trying to find the right search paths to add. Pylance will now guide them through this process through the editor. To take advantage of this, developers can hover over the diagnostic and click the lightbulb icon or “Quick Fix” in the tooltip to have Pylance suggest search paths.

Another new change in the July 2021 release is that selecting an interpreter doesn’t modify workspace settings anymore. In the past, when a Python interpreter was selected or changed, the python.pythonPath setting was updated with the path as its value. The path is usually specific to the machine, so this caused problems when developers tried to share their VS Code settings in a GitHub repo.

This release also adds two new debugger features. The first is the ability to select which targets to step into. When the debugger stops at a breakpoint with multiple function calls, developers can pick the one to step into by rightclicking, selecting “step into targets, ” and choosing the desired target.

The second new debugger feature is function breakpoints, which allows developers to specify a function to inspect its behavior. The debugger will stop executing when it reaches that function. z

Internet Privacy and User Protection

There are many facets of internet privacy that must come together in order to provide the best possible protection for users, and it all starts with each application and platform doing their part. According to Curtis Simpson, chief information security officer at the cybersecurity platform provider Armis, the way organizations protect their users comes down to what kind of data the user is providing.

Understanding user data is the first step to proving strong privacy and security, Simpson said. “We ’ ve got to be looking at what personal information is flowing through our environment unprotected, ” Simpson explained. “Gaining visibility to that clear tech data that’ s linked to the landscape and first and foremost understanding that. ”

If applications and platforms that users rely on for protection understand the kind of personal data they are entrusted to protect, then it will make it exponentially easier for them to do so. Simpson cautioned, though,

“Unfortunately in most environments we see, a lot of that data is not encrypted. It’ s flowing through networks, going outside of the company and can be intercepted and stolen by anyone, ” he said. This can be a scary thought for many users. It is not uncommon to browse the internet assuming a certain level of anonymity will be provided and that is why it is so important for organizations to take crucial steps to grant users protection.

However, understanding data goes deeper than encryption. Simpson said there are many levels to personal user data, and platforms should strive to have a clear picture of all of them. “What we should be doing from there is taking a step back and looking at things like: where is this data coming from? Who is it being shared with? And really taking action, ” he began.

Simpson explained that a good way to gain knowledge on these things is for organizations to create data flow maps. These kinds of maps provide a physical representation of how data is created, who creates it, where it goes, and who needs access to it, making it easier for companies to more securely protect their users. “We ’ ve got to do that legwork because what we have to do is set a standard, monitor the standard, and continue to build controls around the standard, ” Simpson explains.

The burden of internet privacy doesn't fall solely on organizations though; users also hold some of the responsibility. According to Simpson, a one-sided approach to privacy will never be enough. He says that keeping track of and hiding passwords is the first thing users should be concerned with online. “There ’ s a lot of things users can do, but one of the first things I recommend is using a password management or password vaulting service where you can centrally manage passwords in one application,

BY KATIE DEE

requiring unique passwords for login, it can be challenging to keep track. Being overwhelmed with too many passwords in too many locations can result in carelessness and sometimes leave a metaphorical window open for hackers that may allow them to more easily gain access to user data and information. According to Simpson, storing passwords in a centralized and secure place helps to combat this and provide an extra layer of protection to users.

On top of this, Simpson also stresses the importance of having multi-factor authentication enabled when it is available. “It’ s particularly important in email because you think about when you hit a password reset button on almost any website, that password reset is going to that email address, ” he began. “If someone gained access to that email account, they can gain access to anything else associated with that email account. ” According to Simpson, this is how most user information becomes compromised on a regular basis. However, his most important tip to users looking to up their internet security is to simply think about what they are sharing. “If you don't need to share the information, if it’ s not a required field, don ’t share it. ”

According to Sri Mukkamala, senior vice president of security products at the IT automation platform Ivanti, the responsibility of internet privacy falls on both the organization and consumer equally. “It’ s a combination of both, because as an individual if you give up information, you ’ re almost signing a waiver, ” he began, “There ’ s something that says ‘I accept’ and you don ’t even read through it… and I wouldn ’t fully blame the consumer because at the same time a company should not just throw in legalities and take that waiver and do whatever they want. ” Mukkamala said that this is a key reason why we see regulations coming into play more and more now. Relying on just the consumers and organizations themselves to provide proper protection is no longer enough.

In recent years many applications have opted for biometric identification in place of passwords in pursuit of a more secure platform. According to Simpson, this has worked in many cases, but not to the scale necessary. “It’ s helped but it’ s not consistently implemented on a widespread basis that would provide it with the material impact that it could have. ”

Simpson accredits this lack of widespread adoption to the diversity we see in devices. With so many users employing a number of different technologies, creating a standardized kind of biometric identification has proved to be incredibly difficult. “Everyone is concerned about the business impact as well and the impact that [biometric identification] can have within the organization so these types of things can be scary, ” he added.

Another key aspect of implementing this kind of technology is assurance that organizations are doing it the right way. While Simpson believes that software like this paired with universal adoption would be a major step in the right direction for internet privacy, he also believes that taking shortcuts with such important technology will do more harm than good.

There is another side of the shift towards biometric identification, however. According to Mukkamala, using facial recognition or voice identification in place of passwords could result in hackers becoming savvier and gaining access to arguably even more personal information. Mukkamala explained, “The personally identifiable information has just expanded its scope… if I started collecting biometrics, whether that's facial recognition or voice recognition, where will that data go?”

This is an interesting point to look at. If organizations opt for this kind of identification, the data they are collecting from users becomes almost more personal and thus, has to be protected accordingly, which brings us right back around to the initial question of how organizations can ensure the best protection for users.

Regulatory controls for data use

In the last few years, internet privacy has been taken very seriously by many organizations. Back in 2016, the European Union announced the implemen-

continued on page 10 >

Swallowing third-party cookies

Google has announced that it will ban third-party cookies from the search engine in the name of internet privacy and protecting user data. According to Curtis Simpson, CISO of the cybersecurity platform Armis, this move away from third-party cookies will have a tremendous impact. “If you look at this whole acceptance model that was built around third-party cookies, that’s generally a joke, ” he explained. According to Simpson, most users are hitting “accept all” when pop-ups prompt them to do so, regardless of whether or not they understand what they are actually agreeing to. Once users allow cookies to access their data, it becomes much easier for it to fall into the wrong hands. “In most cases, they’re collecting more information than you want or need to share with them, ” Simpson warned. Google’s push away from thirdparty cookies will provide users with better privacy because they will no longer have to worry about what outside sources have access to their personal information.

Mukkamala, senior vice president of security products at the IT automation platform Ivanti, puts this into perspective. “If someone walks up to you on the street and says ‘show me your driver's license, ’ you’re going to ask why, ” he explained, “It’s the same thing online and you don’t even hesitate to give that personal information away. ” This comparison drives the point home. When websites like Google ask users to allow third-party cookies, and they do, it is essentially the same as giving a stranger on the street your information. The user has no real knowledge of what websites are going to do with that information or where it could end up. The internet should operate the same as the real world in this way: question why websites want users to grant access to cookies and respond in the same way you would if this were an interaction in the real world. z

< continued from page 9 tation of The General Data Protection Regulation (GDPR) which was designed to better protect internet users. According to Simpson, GDPR is the first set of laws regarding internet privacy that enterprises really took seriously.

“In many cases, enterprises see it’ s cheaper to be non-compliant than to be compliant, but GDPR changed all of that due to their findings, ” Simpson explained. He believes that this widespread compliance with the regulations GDPR put into place is the reason why it has been so effective. However, that does not mean that every organization is following all of these rules. Simpson explained that GDPR was effective because many companies were enforcing these laws due to a fear of repercussions if they did not. Unfortunately, this kind of fear-based acceptance may not be a sustainable model. “If we don ’t continue to see penalties, due to inaction, I think we ’ re going to see a slowdown around some of those privacy elements, ” he said. While Simpson believes that if organizations become more lenient with GDPR regulations, it could lead to stricter enforcement and more fines, he also predicts that until penalties become more consistent and more public, privacy issues may fall to the back burner.

On the bright side though, Simpson also predicts that in the near future, we will see an increase in regulations like GDPR being implemented on a national scale. “Whether it’ s [an adoption of GDPR] or other similar regulations, we ’ re going to see across the globe that everyone ’ s going to care and mandate minimum standards, ” he said. Once organizations start to care more about internet privacy and putting regulations in place to protect users, we will see a real change. “As we ’ ve seen, this really does have a general impact on society as we continue to see these breaches at scale affecting hundreds of millions of people, ” he began, “We can ’t continue to have that happen because it’ s disrupting services and capabilities within countries because when this happens at scale, it has a much larger impact. ”

California was the first state to go the extra mile in terms of internet privacy when it enacted The California Consumer Privacy Act (CCPA). This set of laws used GDPR as a guide to help better implement and enforce these regulations. According to Simpson, while CCPA operates on a smaller scale than GDPR, it is still generally effective. CCPA striving to meet GDPR requirements has caused many organizations to look at their own privacy guides and adjust them. “In many cases, companies are just finding the lowest common denominator, ” he explained. These companies and organizations are looking at GDPR and CCPA regulations and trying to enact similar standards on a smaller scale, which will ultimately be a positive for users.

Mukkamala said that one way companies and organizations can ensure user privacy outside of enacting new laws is to simply collect less information and be more careful with what they do collect from users. “Companies collect way too much information, ” he began, “The company should be very careful about what they to use it. ” If companies took a step back and reevaluated how much personal user information they are collecting, they could rid themselves of what they deem unnecessary. Doing this would make for more secure platforms because organizations would be more intentional about what they are collecting and storing from users.

Mukkamala referred to the excessive amount of personally identifiable information (PII) websites and organizations collect, and the possible misuse of said info as privacy debt. In recent years this has become a bigger problem as more and more privacy debt is incurred by companies. “Because of privacy debt, during transactions, during IPO, during their SEC disclosures, privacy is becoming a very important risk factor to be considered, ” Mukkamala said. All this is to say that organizations that are taking more information than needed from their users, while not taking the best steps to protect consumers may end up paying the price for it in the long run. Collecting personal information from users requires proper guidelines for how to use, store, and share said information, whether that be at a company, state, or global level. z

Disposing of user data

Lisa Plaggemier, interim executive director at the National Cybersecurity Alliance, said that she believes one of the biggest challenges facing internet privacy today is the issue of disposing user data once websites no longer need it. “What happens in a lot of companies is there will be a particular initiative and when that program is over, nobody thinks about what happens to that data, ” she said. According to Plaggemier, this is one of the biggest blindspots organizations face in terms of user protection. If companies are taking data and personal information from consumers with no proper disposal plan in place, it can become a real risk. User personal information can easily fall into the wrong hands if it is stored or disposed of improperly once it is no longer needed.

Plaggemier spoke specifically about a data breach involving Mercedes-Benz and a third-party company. According to Plaggemier, the data compromised was from years before the breach took place long after Mercedes had stopped working with the third-party company involved. “It brings the question to my mind: are you still using that data? Why is it still out there?” she said. This breach left many consumers vulnerable and if the proper user protection and data disposal systems had been in place, it may never have happened. When consumers give online companies their personal information they are placing their trust in them and if organizations don’t properly dispose of this data when it is no longer needed, they are betraying that trust. z

This article is from: