Posted on

Kite adds support for 11 new languages to its AI code completion tool

When Kite, the well-funded AI-driven code completion tool, launched in 2019, its technology looked very impressive, but it only supported Python at the time. Earlier this year, it also added JavaScript and today, it is launching support for 11 new languages at once.

The new languages are Java, Kotlin, Scala, C/C++, Objective C, C#, Go, Typescript, HTML/CSS and Less. Kite works in most popular development environments, including the likes of VS Code, JupyterLab, Vim, Sublime and Atom, as well as all Jetbrains IntelliJ-based IDEs, including Android Studio.

This will make Kite a far more attractive solution for a lot of developers. Currently, the company says, it saves its most active developers from writing about 175 “words” of code every day. One thing that always made Kite stand out is that it ranks its suggestions by relevance — not alphabetically as some of its non-AI driven competitors do. To build its models, Kite fed its algorithms code from GitHub .

The service is available as a free download for Windows users and as a server-powered paid enterprise version with a larger deep learning model that consequently offers more AI smarts, as well as the ability to create custom models. The paid version also includes support for multi-line code completion, while the free version only supports line-of-code completions.

Kite notes that in addition to adding new languages, Kite also spent the last year focusing on the user experience, which should now be less distracting and, of course, offer more relevant completions.

Image Credits: Kite

Read More

Posted on

How Roblox completely transformed its tech stack

And now has full control of its technological destiny

Picture yourself in the role of CIO at Roblox in 2017.

At that point, the gaming platform and publishing system that launched in 2005 was growing fast, but its underlying technology was aging, consisting of a single data center in Chicago and a bunch of third-party partners, including AWS, all running bare metal (nonvirtualized) servers. At a time when users have precious little patience for outages, your uptime was just two nines, or less than 99% (five nines is considered optimal).

Unbelievably, Roblox was popular in spite of this, but the company’s leadership knew it couldn’t continue with performance like that, especially as it was rapidly gaining in popularity. The company needed to call in the technology cavalry, which is essentially what it did when it hired Dan Williams in 2017.

Williams has a history of solving these kinds of intractable infrastructure issues, with a background that includes a gig at Facebook between 2007 and 2011, where he worked on the technology to help the young social network scale to millions of users. Later, he worked at Dropbox, where he helped build a new internal network, leading the company’s move away from AWS, a major undertaking involving moving more than 500 petabytes of data.

When Roblox approached him in mid-2017, he jumped at the chance to take on another major infrastructure challenge. While they are still in the midst of the transition to a new modern tech stack today, we sat down with Williams to learn how he put the company on the road to a cloud-native, microservices-focused system with its own network of worldwide edge data centers.

Scoping the problem

Read More

Posted on

Microsoft commits to putting more water than it consumes back into the ecosystems where it operates by 2030

One good trend in 2020 has been large technology companies almost falling over one another to make ever-bolder commitments regarding their ecological impact. A cynic might argue that just doing without most of the things they make could have a much greater impact, but Microsoft is the latest to make a commitment that not only focuses on minimizing its impact, but actually on reversing it. The Windows-maker has committed to achieving a net positive water footprint by 2030, by which it means it wants to be contributing more energy back into the environment in the places it operates than it is drawing out, as measured across all “basins” that span its footprint.

Microsoft hopes to achieve this goal through two main types of initiatives: First, it’ll be reducing the “intensity” of its water use across its operations, as measured by the amount of water used per megawatt of energy consumed by the company. Second, it will also be looking to actually replenish water in the areas of the world where Microsoft operations are located in “water-stressed” regions, through efforts like investment in area wetland restoration, or the removal and replacement of certain surfaces, including asphalt, which are not water-permeable and therefore prevent water from natural sources like rainfall from being absorbed back into a region’s overall available basin.

The company says that how much water it will return will vary, and depend on how much Microsoft consumes in each region, as well as how much the local basin is under duress in terms of overall consumption. Microsoft isn’t going to rely solely on external sources for this info, however: It plans to put its artificial intelligence technology to work to provide better information around what areas are under stress in terms of water usage, and where optimization projects would have the greatest impact. It’s already working toward these goals with a number of industry groups, including The Freshwater Trust.

Microsoft has made a number of commitments toward improving its global ecological impact, including a commitment from earlier this year to become “carbon negative” by 2030. Meanwhile, Apple said in July that its products, including the supply chains that produce them, will be net carbon neutral by 2030, while Google made a commitment just last week to use only energy from carbon-free sources by that same year.

Read More

Posted on

Homeland Security issues rare emergency alert over ‘critical’ Windows bug

Homeland Security’s cybersecurity advisory unit has issued a rare emergency alert to government departments after the recent disclosure of a “critical”-rated security vulnerability in server versions of Microsoft Windows.

The Cybersecurity and Infrastructure Security Agency, better known as CISA, issued an alert late on Friday requiring all federal departments and agencies to “immediately” patch any Windows servers vulnerable to the so-called Zerologon attack by Monday, citing an “unacceptable risk” to government networks.

It’s the third emergency alert issued by CISA this year.

The Zerologon vulnerability, rated the maximum 10.0 in severity, could allow an attacker to take control of any or all computers on a vulnerable network, including domain controllers, the servers that manage a network’s security. The bug was appropriately called “Zerologon,” because an attacker doesn’t need to steal or use any network passwords to gain access to the domain controllers, only gain a foothold on the network, such as by exploiting a vulnerable device connected to the network.

With complete access to a network, an attacker could deploy malware, ransomware, or steal sensitive internal files.

Security company Secura, which discovered the bug, said it takes “about three seconds in practice” to exploit the vulnerability.

Microsoft pushed out an initial fix in August to prevent exploitation. But given the complexity of the bug, Microsoft said it would have to roll out a second patch early next year to eradicate the issue completely.

But the race is on to patch systems after researchers reportedly released proof-of-concept code, potentially allowing attackers use the code to launch attacks. CISA said that Friday that it “assumes active exploitation of this vulnerability is occurring in the wild.”

Although the CISA alert only applies to federal government networks, the agency said it “strongly” urges companies and consumers to patch their systems as soon as possible if not already.

Read More

Posted on

How the NSA is disrupting foreign hackers targeting COVID-19 vaccine research

The headlines aren’t always kind to the National Security Agency, a spy agency that operates almost entirely in the shadows. But a year ago, the NSA launched its new Cybersecurity Directorate, which in the past year has emerged as one of the more visible divisions of the spy agency.

At its core, the directorate focuses on defending and securing critical national security systems that the government uses for its sensitive and classified communications. But the directorate has become best known for sharing some of the more emerging, large-scale cyber threats from foreign hackers. In the past year the directorate has warned against attacks targeting secure boot features in most modern computers, and doxxed a malware operation linked to Russian intelligence. By going public, NSA aims to make it harder for foreign hackers to reuse their tools and techniques, while helping to defend critical systems at home.

But six months after the directorate started its work, COVID-19 was declared a pandemic and large swathes of the world — and the U.S. — went into lockdown, prompting hackers to shift gears and change tactics.

“The threat landscape has changed,” Anne Neuberger, NSA’s director of cybersecurity, told TechCrunch at Disrupt 2020. “We’ve moved to telework, we move to new infrastructure, and we’ve watched cyber adversaries move to take advantage of that as well,” she said.

Publicly, the NSA advised on which videoconferencing and collaboration software was secure, and warned about the risks associated with virtual private networks, of which usage boomed after lockdowns began.

But behind the scenes, the NSA is working with federal partners to help protect the efforts to produce and distribute a vaccine for COVID-19, a feat that the U.S. government called Operation Warp Speed. News of NSA’s involvement in the operation was first reported by Cyberscoop. As the world races to develop a working COVID-19 vaccine, which experts say is the only long-term way to end the pandemic, NSA and its U.K. and Canadian partners went public with another Russian intelligence operation aimed at targeting COVID-19 research.

“We’re part of a partnership across the U.S. government, we each have different roles,” said Neuberger. “The role we play as part of ‘Team America for Cyber’ is working to understand foreign actors, who are they, who are seeking to steal COVID-19 vaccine information — or more importantly, disrupt vaccine information or shake confidence in a given vaccine.”

Neuberger said that protecting the pharma companies developing a vaccine is just one part of the massive supply chain operation that goes into getting a vaccine out to millions of Americans. Ensuring the cybersecurity of the government agencies tasked with approving a vaccine is also a top priority.

Here are more takeaways from the talk, and you can watch the interview in full below:

Why TikTok is a national security threat

TikTok is just days away from an app store ban, after the Trump administration earlier this year accused the Chinese-owned company of posing a threat to national security. But the government has been less than forthcoming about what specific risks the video sharing app poses, only alleging that the app could be compelled to spy for China. Beijing has long been accused of cyberattacks against the U.S., including the massive breach of classified government employee files from the Office of Personnel Management in 2014.

Neuberger said that the “scope and scale” of TikTok’s app’s data collection makes it easier for Chinese spies to answer “all kinds of different intelligence questions” on U.S. nationals. Neuberger conceded that U.S. tech companies like Facebook and Google also collect large amounts of user data. But that there are “greater concerns on how [China] in particular could use all that information collected against populations other than its own,” she said.

NSA is privately disclosing security bugs to companies

The NSA is trying to be more open about the vulnerabilities it finds and discloses, Neuberger said. She told TechCrunch that the agency has shared a “number” of vulnerabilities with private companies this year, but “those companies did not want to give attribution.”

One exception was earlier this year when Microsoft confirmed NSA had found and privately reported a major cryptographic flaw in Windows 10, which could have allowed hackers to run malware masquerading as a legitimate file. The bug was so dangerous that NSA reported the vulnerability to Microsoft, which patched the bug.

Only two years earlier, the spy agency was criticized for finding and using a Windows vulnerability to conduct surveillance instead of alerting Microsoft to the flaw. The exploit was later leaked and was used to infect thousands of computers with the WannaCry ransomware, causing millions of dollars’ worth of damage.

As a spy agency, NSA exploits flaws and vulnerabilities in software to gather intelligence on the enemy. It has to run through a process called the Vulnerabilities Equities Process, which allows the government to retain bugs that it can use for spying.

Read More

Posted on

Decrypted: Hackers show off their exploits as Black Hat goes virtual

Every year hackers descend on Las Vegas in the sweltering August heat to break ground on security research and the most innovative hacks. This year was no different, even if it was virtual.

To name a few: Hackers tricked an ATM to spit out cash. A duo of security researchers figured out a way to detect the latest cell site simulators. Car researchers successfully hacked into a Mercedes-Benz. A Windows bug some two decades old can be used to plant malware. Cryptocurrency exchanges were extremely vulnerable to hackers for a time. Internet satellites are more insecure than we thought and their data streams can contain sensitive, unencrypted data. Two security researchers lived to tell the tale after they were arrested for an entirely legal physical penetration test. And, a former NSA hacker revealed how to plant malware on a Mac using a booby-trapped Word document.

But with less than three months until millions of Americans go to the polls, Black Hat sharpened its focus on election security and integrity more so than any previous year.

Here’s more from the week.


THE BIG PICTURE

A major voting machine maker is finally opening up to hackers

The relationship between hackers and election machine manufacturers has been nothing short of fraught. No company wants to see their products torn apart for weaknesses that could be exploited by foreign spies. But one company, once resistant to the security community, has started to show signs of compromise.

Election equipment maker ES&S is opening up its voting machines to hackers — willingly — under a new vulnerability disclosure program. That will see the company embrace hackers for the first time, recognizing that hackers have knowledge, insight and experience — rather than pushing them away and ignoring the problems altogether. Or, as the company’s security chief told Wired: “Hackers gonna hack, researchers gonna research.”

Read More

Posted on

Microsoft moves its Windows 10 Insider Program from rings to release channels

For the last few years, Microsoft has given Windows enthusiasts the ability to opt in to early release ‘rings,’ with the choice to pick between ‘fast’ and ‘slow’ rings, as well as a relatively stable ‘release preview’ option. Today, the company announced a major change to this program as it is moving to release channels, similar to what you’re probably familiar with from most browser manufacturers.

“We are transitioning and converting our current ring model, based on the frequency of builds, to a new channel model that pivots on the quality of builds and better supports parallel coding efforts,” writes Microsoft principal program manager lead Amanda Langowski in a blog post today.

She notes that the result of the ring-based system was that in the middle of 2019, for example, Windows Insiders were running builds from 3 different releases, depending on which ring they chose.

“As we continue to evolve the way we release Windows 10 and the diversity of Insiders we serve is greater than ever, it is critical that Insiders have a flighting option that is tailored to their needs,” she adds. “We believe the best way to do this is to shift focus from frequency to quality.”

Image Credits: Microsoft /

So starting later this month, the ‘fast’ ring will become the Dev Channel, the ‘slow’ ring the Beta Channel and the ‘release preview’ will now be known as the Release Preview Channel.

The Dev Channel is meant for users who want to get very early access to new features, which isn’t all that different from fast rings, but what’s important here is that this channel isn’t tied to any specific release. New features in this channel will make their way into releases once they are ready, whether that’s as part of a major update or a servicing release. Because of its unstable nature, Microsoft says this release is mostly meant for highly technical users.

As for the Beta Channel, the main different here is that it is really the beta version of a specific release and means for early adopters. And the Release Preview is exactly what you would think and meant to test relatively stable builds before they get shipped to the wider Windows 10 user base (and with that, IT admins can also test those releases ahead of their release to a company’s employees, too).

If you’re part of the Windows Insider program, those changes will be automatic and start with builds that are set to launch later this month.

Read More

Posted on

Don’t expect to see Windows 10X dual-screen devices this year

With Windows 10X, Microsoft introduced a new version of its flagship operating system last October that was specifically designed for dual-screen devices. The original plan was to launch the first set of Windows 10X dual-screen devices before the 2020 holidays and in February of this year, it announced a slew of tools to help developers get ready for this new form factor. Today, it announced that it is pivoting Windows 10X away from dual-screen devices for the time being. And that means we likely won’t see any dual-screen Windows devices anytime soon.

In a blog post today, Microsoft’s Windows and devices chief Panos Panay said that the company has made this decision because at this time, it wants to focus on what it’s customers need right now and to “focus on meeting customers where they are now.” While Panay doesn’t quite spell it out in his blog post, the idea here is clearly that given the unprecedented environment during the coronavirus pandemic, Microsoft doesn’t want to emphasize new form factors but put its efforts behind improving its existing tools and services.

[embedded content]

“With Windows 10X, we designed for flexibility, and that flexibility has enabled us to pivot our focus toward single-screen Windows 10X devices that leverage the power of the cloud to help our customers work, learn and play in new ways,” Panay writes. “These single-screen devices will be the first expression of Windows 10X that we deliver to our customers, and we will continue to look for the right moment, in conjunction with our OEM partners, to bring dual-screen devices to market.”

A single-screen Windows 10X device sounds a lot like a regular laptop, 2-in-1 or tablet. Microsoft declined to define what these first Windows 10X devices will look like and only told us that there’s “more to come.” We’ll be here when that happens.

In his post today, Panay also stressed that the company wants to accelerate innovation in Windows 10 “to ensure that Windows devices are the best way to work, learn and play.” He didn’t share any further details of what exactly that means.

What Panay did say, though, is that Microsoft users now spend 4 trillion minutes a month on Windows 10. That’s an increase of 75 percent year-over-year.

Read More