submitted by /u/scorpion_mk
[link] [comments]
from programming http://bit.ly/2Kj8TUa
Friday, May 31, 2019
Apple bumps the App Store cell connection download cap up to 200 MB
Good news: Apple now allows you to download bigger apps over a cellular connection than it used to.
Bad news: there’s still a cap, and you still can’t bypass it.
As noticed by 9to5Mac, the iOS App Store now lets you download apps up to 200 MB in size while on a cell network; anything bigger than that, and you’ll need to connect to WiFi. Before this change, the cap was 150 MB.
And if you’ve got an unlimited (be it actually unlimited or cough-cough-‘unlimited’) plan, or if you know you’ve got enough monthly data left to cover a big download, or you just really, really need a certain big app and WiFi just isn’t available? You’re still out of luck. That 200 MB cap hits everyone. People have found tricky, fleeting workarounds to bypass the cap over the years, but there’s no official “Yeah, yeah, the app is huge, I know.” button to click or power user setting to toggle.
The App Store being cautious about file size isn’t inherently a bad thing; with many users only getting an allotment of a couple gigs a month, a few accidental downloads over the cell networks can eat up that data quick. But it really does suck to open up an app you need and find it’s requiring some update that exceeds the cap, only to realize you’re nowhere near a friendly WiFi network. At least give us the choice, you know?
On the upside, most developers seem to be pretty aware of the cap; they’ll hack and slash their app install package until it squeaks under the limit, even if it means downloading more stuff through the app itself post-install. Now, at least, they’ve got 50 more megabytes of wiggle room to start with.
from TechCrunch https://tcrn.ch/2Z0SpnS
Best Performance Practices for Hibernate 5 and Spring Boot 2 (Part 1)
Item 1: Attribute Lazy Loading Via Bytecode Enhancement
By default, the attributes of an entity are loaded eager (all at once). Are you sure that you want that?
Description: If not, then is important to know that attributes can be loaded lazily, as well via Hibernate bytecode instrumentation (another approach is via subentities). This is useful for column types that store large amounts of data: CLOB, BLOB, VARBINARY, etc.
from DZone.com Feed http://bit.ly/30UcWMD
Introduction to the Hexagonal Architecture in Java
To start with, the hexagonal architecture is nothing but a design pattern. Every design pattern solves some problem, right? That is why it originally came into existence. So, what more does hexagonal architecture bring to the table?
Well, a very common problem is encountered whenever an application tries to interact due to huge dependencies over factors such as UI, the testing environment, DBs, external APIs, and so on.
from DZone.com Feed http://bit.ly/2VYr3wx
Thursday, May 30, 2019
How to git squash in 6 Steps
When using a source code management system, we mostly intend to create a new branch to implement functionalities rather than always pushing everything to the main branch. In my opinion, this is the right way to do it — spoiling the branch history with every small commit might make things very hard, especially when there are a number of developers working together.
But how can we keep the main branch history tidy?
from DZone.com Feed http://bit.ly/2EGKkNg
What Is an IoT Networking Architecture?
We all have heard of IoT, or the Internet of Things, and many of us even use it on a regular basis. From smart security systems and wearable watches to automatic comfort controls in our homes, IoT has started enabling us with auto-adapting, user-centric devices, pioneering the next stage in the Internet’s evolution.
This is the reason why many companies have started realizing IoT's importance and become keen on investing in connected technology. There are many ways an entity can begin its IoT journey. But the important thing is not to let the perceived complexity of the Internet of Things obscure the possibility to embark on more rewarding projects for companies.
from DZone.com Feed http://bit.ly/2Xdol7S
What Is Session Tracking in Servlets? [Video]
In the video below, we take a closer look at session tracking in Java servlets. Let's get started!
from DZone.com Feed http://bit.ly/2EIK0gY
Exploring Elasticsearch Vulnerabilities
You’ve probably heard of a recent data breach involving Elasticsearch. Indeed, not a month goes by where we don’t come across an article or research showcasing a set of sensitive information exposed on an Elasticsearch cluster.
A substantial amount of this research into vulnerable Elasticsearch instances is conducted by Bob Diachenko, a security analyst and consultant at Security Discovery. For example, a big discovery at the beginning of the year involved millions of sensitive files, including home loan applications, credit reports, bankruptcy records, and more.
from DZone.com Feed http://bit.ly/2WevDvD
Common Challenges In Selenium Automation and How to Fix Them
Selenium is one of the most popular test frameworks used to automate user actions on a product under test. Selenium is open source and the core component of the selenium framework is Selenium WebDriver. Selenium WebDriver allows you to execute test across different browsers like Chrome, Firefox, Internet Explorer, and Microsoft Edge. The primary advantage of using the Selenium WebDriver is that it supports different programming languages like .NET, Java, C#, PHP, and Python.
Though Selenium makes a website or web-app testing simple, there are a fair number of challenges in Selenium automation that developers face while using the framework. Let’s have a look at some of the most common challenges faced in Selenium, along with their resolutions.
from DZone.com Feed http://bit.ly/2I7bpKp
Advancing Application Performance with NVMe Storage, Part 1
With big data on the rise and data algorithms advancing, the ways in which technology has been applied to real-world challenges have grown more automated and autonomous. This has given rise to a completely new set of computing workloads for Machine Learning which drives Artificial Intelligence applications.
AI/ML can be applied across a broad spectrum of applications and industries. Financial analysis with real-time analytics is used for predicting investments and drives the FinTech industry's needs for high-performance computing. Real-time image recognition is a key enabler for self-driving vehicles, while facial recognition is used by law enforcement across the globe. Manufacturing uses image recognition technology to spot defects in materials, organizations such as NOAA use satellite imagery to spot changes in weather, while social media platforms use image recognition to tag photos of friends and family.
from DZone.com Feed http://bit.ly/2WbN0xm
Introduction to Dockers and Containers
We have been hearing a lot about Dockers and containers; they are said to be the next big things in the world of technology. I decided to explore the enigma that was Docker and I must say it's really impressive.
Introduction
What is Docker?
Whenever we have to install software, we have to take care of a lot of things. There are lots of different versions of software available for different operating systems and their different versions. You have to go through the documentation and choose the correct fit for your needs and then run the executive file. Even after that, you may need to complete some other steps before you are able to use that software. Docker runs containers, which contain the software plus the dependencies that the software requires to run. Just use a docker run command with the name of the image that you want to install, and your software runs in its own container, using its own resources. You do not have to worry which version of the software suits your operating system. I will demonstrate this with an example of a MongoDB installation.
from DZone.com Feed http://bit.ly/2I6Ioib
Don’t Try This at Home: The Dangers of DIY Toolchain Integration
Remember that time when your partner flagged a leak under the sink and suggested calling a plumber? "How hard can it be," you asked. A few grunts and speculative twists and bangs (and a few choice words) later, not to mention a generous application of duct tape, the leak had stopped. Disaster averted (at least until the problem resurfaced a few weeks later). And it was even worse that time. The kitchen flooded, causing more damage than Vesuvius.
DIY, unless you genuinely know what you’re doing, always comes at a cost. Sure, you can learn to become a better plumber. But plumbing is a specialty — and an expensive service — for a reason. On average, it takes nearly a decade to learn the ins and out of the trade.
from DZone.com Feed http://bit.ly/2wtvh5i
Everything You Need to Know About AI and ML in the Insurance Industry
The rising impact of digital technologies is well and truly providing enterprises with a huge amount of data, thus opening up various avenues to Big Data and Analytics. Analytical models can predict results, discern patterns and accentuate outliers amongst another set of business cases.
By definition, insurance happens to be an industry that is predominantly built around risk & companies greatly depend on their ability to predict what risks a person, company, or organization represents. With a large repository of accurate data, they are more likely to make a correct prediction, saving themselves money or earning extra revenue
from DZone.com Feed http://bit.ly/2WeqkfH
Apple, Google, Microsoft, WhatsApp sign open letter condemning GCHQ proposal to listen in on encrypted chats
An international coalition of civic society organizations, security and policy experts and tech companies — including Apple, Google, Microsoft and WhatsApp — has penned a critical slap-down to a surveillance proposal made last year by the UK’s intelligence agency, warning it would undermine trust and security and threaten fundamental rights.
“The GCHQ’s ghost protocol creates serious threats to digital security: if implemented, it will undermine the authentication process that enables users to verify that they are communicating with the right people, introduce potential unintentional vulnerabilities, and increase risks that communications systems could be abused or misused,” they wrire.
“These cybersecurity risks mean that users cannot trust that their communications are secure, as users would no longer be able to trust that they know who is on the other end of their communications, thereby posing threats to fundamental human rights, including privacy and free expression. Further, systems would be subject to new potential vulnerabilities and risks of abuse.”
GCHQ’s idea for a so-called ‘ghost protocol’ would be for state intelligence or law enforcement agencies to be invisibly CC’d by service providers into encrypted communications — on what’s billed as targeted, government authorized basis.
The agency set out the idea in an article published last fall on the Lawfare blog, written by the National Cyber Security Centre’s (NCSC) Ian Levy and GCHQ’s Crispin Robinson (NB: the NCSC is a public facing branch of GCHQ) — which they said was intended to open a discussion about the ‘going dark’ problem which robust encryption poses for security agencies.
The pair argued that such an “exceptional access mechanism” could be baked into encrypted platforms to enable end to end encryption to be bypassed by state agencies would could instruct the platform provider to add them as a silent listener to eavesdrop on a conversation — but without the encryption protocol itself being compromised.
“It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call. The service provider usually controls the identity system and so really decides who’s who and which devices are involved — they’re usually involved in introducing the parties to a chat or call,” Levy and Robinson argued. “You end up with everything still being end-to-end encrypted, but there’s an extra ‘end’ on this particular communication. This sort of solution seems to be no more intrusive than the virtual crocodile clips that our democratically elected representatives and judiciary authorise today in traditional voice intercept solutions and certainly doesn’t give any government power they shouldn’t have.”
“We’re not talking about weakening encryption or defeating the end-to-end nature of the service. In a solution like this, we’re normally talking about suppressing a notification on a target’s device, and only on the device of the target and possibly those they communicate with. That’s a very different proposition to discuss and you don’t even have to touch the encryption.”
“[M]ass-scale, commodity, end-to-end encrypted services… today pose one of the toughest challenges for targeted lawful access to data and an apparent dichotomy around security,” they added.
However while encryption might technically remain intact in the scenario they sketch, their argument glosses over both the fact and risks of bypassing encryption via fiddling with authentication systems in order to enable deceptive third party snooping.
As the coalition’s letter points out, doing that would both undermine user trust and inject extra complexity — with the risk of fresh vulnerabilities that could be exploited by hackers.
Compromising authentication would also result in platforms themselves gaining a mechanism that they could use to snoop on users’ comms — thereby circumventing the wider privacy benefits provided by end to end encryption in the first place, perhaps especially when deployed on commercial messaging platforms.
So, in other words, just because what’s being asked for is not literally a backdoor in encryption that doesn’t mean it isn’t similarly risky for security and privacy and just as horrible for user trust and rights.
“Currently the overwhelming majority of users rely on their confidence in reputable providers to perform authentication functions and verify that the participants in a conversation are the people that they think they are, and only those people. The GCHQ’s ghost protocol completely undermines this trust relationship and the authentication process,” the coalition writes, also pointing out that authentication remains an active research area — and that work would likely dry up if the systems in question were suddenly made fundamentally untrustworthy on order of the state.
They further assert there’s no way for the security risk to be targeted to the individuals that state agencies want to specifically snoop on. Ergo, the added security risk is universal.
“The ghost protocol would introduce a security threat to all users of a targeted encrypted messaging application since the proposed changes could not be exposed only to a single target,” they warn. “In order for providers to be able to suppress notifications when a ghost user is added, messaging applications would need to rewrite the software that every user relies on. This means that any mistake made in the development of this new function could create an unintentional vulnerability that affects every single user of that application.”
There are more than 50 signatories to the letter in all, and others civic society and privacy rights groups Human Rights Watch, Reporters Without Borders, Liberty, Privacy International and the EFF, as well as veteran security professionals such as Bruce Schneier, Philip Zimmermann and Jon Callas, and policy experts such as former FTC CTO and Whitehouse security advisor, Ashkan Soltani.
While the letter welcomes other elements of the article penned by Levy and Robinson — which also set out a series of principles for defining a “minimum standard” governments should meet to have their requests accepted by companies in other countries (with the pair writing, for example, that “privacy and security protections are critical to public confidence” and “transparency is essential”) — it ends by urging GCHQ to abandon the ghost protocol idea altogether, and “avoid any alternative approaches that would similarly threaten digital security and human rights”.
Reached for a response to the coalition’s concerns, the NCSC sent us the following statement, attributed to Levy:
We welcome this response to our request for thoughts on exceptional access to data — for example to stop terrorists. The hypothetical proposal was always intended as a starting point for discussion.
It is pleasing to see support for the six principles and we welcome feedback on their practical application. We will continue to engage with interested parties and look forward to having an open discussion to reach the best solutions possible.
Back in 2016 the UK passed updated surveillance legislation that affords state agencies expansive powers to snoop on and hack into digital comms. And with such an intrusive regime in place it may seem odd that GCHQ is pushing for even greater powers to snoop on people’s digital chatter.
Even robust end-to-end encryption can include exploitable vulnerabilities. One bug was disclosed affecting WhatsApp just a couple of weeks ago, for example (since fixed via an update).
However in the Lawfare article the GCHQ staffers argue that “lawful hacking” of target devices is not a panacea to governments’ “lawful access requirements” because it would require governments have vulnerabilities on the shelf to use to hack devices — which “is completely at odds with the demands for governments to disclose all vulnerabilities they find to protect the population”.
“That seems daft,” they conclude.
Yet it also seems daft — and predictably so — to suggest a ‘sidedoor’ in authentication systems as an alternative to a backdoor in encrypted messaging apps.
from TechCrunch https://tcrn.ch/2Wx9cBd
Ekasbo’s Matebot may be the cutest cat robot yet created
If Shrek saw Matebot, no amount of sad-eyes could win him back to Puss in Boots’ side. Created by Shenzhen-based robotics company Ekasbo, Matebot looks like a black and white cartoon cat and responds to your touch by wiggling its ears, changing the expression in its big LED eyes and tilting its head.
Built with voice recognition, infrared technology and seven moving parts, the Matebot is designed to serve as an interactive companion, including for people who can’t keep pets, creator Zhang Meng told TechCrunch at Computex in Taiwan.
Met Matebot the cat robot today! pic.twitter.com/jJaa5EhKC8
— Computex Shu (@CatherineShu) May 30, 2019
The Matebot is controlled with a smartphone app and can be integrated with Android voice control systems. Its price starts at about 4,999 yen or about $45 USD.
from TechCrunch https://tcrn.ch/2WcEldT
Ulo is an adorable security camera that interacts with you while keeping watch over your home
Tired of home security cameras that add nothing to your home (besides, well, surveillance)? The Ulo, created by Luxembourg-based Mu Design, adds a touch of whimsy. The owl-shaped surveillance camera has two big interactive LCD eyes that follow your movements, and its two lenses—a HD camera and motion sensor camera—discreetly hidden in its beak, made of one-way mirrored glass, that capture high-resolution images. .
Mu Design founder Vivien Muller, who is currently showing off Ulo at Computex in Taipei, said he wanted to create a security camera that feels like a pet and makes its owners happy. The Ulo, with its huge, expressive eyes, is certainly adorable. Ulo runs on a Qualcomm Snapdragon 212 series processor and is made with an internal microphone, WifFi and Bluetooth models and an orientation sensor. It can use rechargeable NiMH batteries or be charged with a standard micro USB charger. Ulo also boosts 8GB eMMC and a microSD card clot.
Ulo is controlled by iOS or Android apps. Like other cameras, it can send images to your email when movement is detected, send data to secure devices if requested and stores a few minutes of video locally.
The camera is currently out of stock, but available for pre-order and costs 199 euros, or about $220.
from TechCrunch https://tcrn.ch/2JMy4PD
Kurly, a grocery e-commerce startup in Korea, closes upsized $113M Series B round
Kurly, a startup that operates a grocery delivery service in Korea, said today that it has closed an upsized Series D round that reached a total of $113 million.
The company announced the round in April when it was $88 million led by investors that include Sequoia China, however it has now increased by $25 million. That’s thanks to an injection from China’s Hillhouse Capital, a firm which counts Tencent, Meituan and JD.com among its most successful investments.
Launched in 2015 by former Goldman Sachs and Temasek analyst Sophie Kim, its Kurly Market service is designed to provide groceries and produce to customers who don’t have the time or interest to visit regular retail stores for their shopping.
Kurly Market delivers orders by 7am each morning with customers given until 11pm the previous day to place their order.
Korea is the place for speedy deliveries, if that’s your thing. Coupang, a company backed by SoftBank’s Vision Fund that’s widely seen as ‘the Amazon of Korea’ — and valued at $9 billion, to boot — has built out an impressive network that allows same- and next-day delivery for its “millions”of customers.
Coupang CEO Bo Kim told TechCrunch last year that his company was “approaching” $5 billion in revenue for 2018 with 70 percent annual growth. Additionally, he said, one in every two adults in Korea have the Coupang app on their phone and, having started out in Amazon-like areas, Coupang is doubling down on fresh produce with its own cold chain logistics network.
That represents a direct challenge to Kurly, which differentiates itself by operating through its own brands, unlike Coupang, which runs using a marketplace model to connect retailers with consumers. Kurly is also focused on convenience over cost savings, indeed its service began in Seoul’s high-end Gangnam neighborhood but has since expanded more widely.
Kurly Market products are focused on quality and convenience over price
Still, investors are bullish on Kurly and its laser focus on produce and groceries.
Kurly said its revenue grew three-fold year-on-year to reach $131 million in 2018, although it did not provide profit/loss figures.
“The latest round of investment is a major endorsement of the progress we’ve made differentiating ourselves in the market through our cold-chain fulfillment infrastructure and unique offering of premium, curated products. Our focus is on further strengthening our relationships with our suppliers, developing our fulfillment infrastructure and continually improving our customer experience,” Kim said in a statement.
from TechCrunch https://tcrn.ch/2K7VNJo
EV Growth closes $200M fund to cover Southeast Asia’s Series B funding gap
East Ventures has long been known as one of Indonesia’s longest-serving and most active seed-stage investors, but now it has officially moved up the food chain after it announced a final close of its growth fund at $200 million.
Called EV Growth, the fund is a joint venture between East Ventures, SMDV — the VC arm of Indonesian conglomerate Sinar Mas — and YJ Capital, which is associated with Yahoo Japan. The fund was first announced last year with a target of $150 million, but this final close has already surpassed that thanks to contributions from LPs that include SoftBank Group, Pavilion CapitaI and Indies Capital.
EV Growth is already active, with 40% of the fund deployed to date, according to East Ventures’ founding partner Willson Cuaca, who serves as partner for the new fund alongside Roderick Purwana from SMDV and YJ Capital’s Shinichiro Hori.
“We thought ‘There’s a gap in Series B in Southeast Asia, many of our portfolio is good so why not do this together?'” Cuaca told TechCrunch in an interview. “SMDV and YJ Capital have been our long-term partners in Japan and Southeast Asia so it’s the perfect partnership… the chemistry is already there.”
“We are more seed and product market fit focused but our two partners bring their capabilities on financial modeling so it becomes a complete set,” he added.
Lofty ambitions: the EV growth team in front of Monas, the National Monument that symbolizes the fight for Indonesia and is one of the tallest landmarks in capital city Jakarta
Beyond chemistry, East Ventures also has a track record.
The firm was one of the first to focus on Indonesia, Southeast Asia’s largest economy, and encourage its companies to dominate that market rather than rapidly expand across the region. East Venture’s portfolio includes unicorns Tokopedia and Traveloka, while ride-sharing Grab and Go-Jek acquired two of its companies, Kudo and Loket, respectively.
According to data from Preqin, the fund is among the top performing in the world. East Ventures is one of six firms worldwide to have three funds ranked in Preqin’s top quartile, that puts it alongside names like Benchmark Capital while it is the sole representative from Southeast Asia in that category.
Cuaca said EV Growth will continue the focus on Indonesia, but he admitted that there is scope to invest outside of the region if the right opportunity pops up.
Operating at seed and further down the investment pipe throughs up the possibility of conflicts of interest. EV Growth is aimed at filling a funding gap that does genuinely exist in Southeast Asia so it is bound to touch on East Ventures’ portfolio companies, but Cuaca is ready for that scenario. While he will source and fetch potential EV Growth deals, he must recuse himself from a decision on any East Ventures company, leaving his partners to make the final call. That’s fairly standard in the investment world, but new to Southeast Asia where growth funds are just taking off.
SoftBank Corp — CEO Masayoshi Son is pictured third from right — is one of the LPs backing EV Growth… and potentially the follow-up that is already being planned
That development is a sign of the maturity of the region’s venture ecosystem, and East Ventures isn’t the only one pursuing a ‘growth fund’ strategy.
Singapore’s Golden Gate Ventures is currently raising a growth fund with Korea’s Hanwha as the anchor LP, while TechCrunch has heard plenty of rumors linking a number of other investors with interest in doing the same, albeit that they are unfulfilled at this time.
It isn’t just new funds that are springing up, those that were once seed-stage investors are also scaling to cover unfulfilled Series B demand. Jungle Ventures, for example, recently hit the first close on its newest fund that’s aimed at $220 million. Others stepping into the void include Vertex Ventures, which has a new $230 million fund.
Added to that, there will be more to come from EV Growth.
Cuaca told TechCrunch that discussions are already underway for a follow-up growth fund with “interest still coming in” from prospective LPs. That makes sense given that the current fund’s deployment is nearly at the halfway point. Watch this space for more.
from TechCrunch https://tcrn.ch/2MgQpWS
Microsoft hints at a new “modern” operating system designed to support different form factors
In a week where AMD, Intel and Qualcomm have already made major announcements, Microsoft’s keynote yesterday at Computex in Taipei was relatively lowkey. Instead of revealing new products, the company hinted at what it wants in a modernized operating system. Intriguingly, Microsoft’s blog post about the keynote does not mention Windows, lending credence to speculation that it is developing a new “super-secure” OS.
According to the blog post by Nick Parker, corporate vice president of consumer and device sales, a modern OS should enable “form factor agility” by being flexible enough to be integrated into different types of devices, which is noteworthy because last year the company hinted at new additions to the Surface lineup, which some have speculated might mean the line is adding a smartphone.
He added that a modern OS should include seamless updates, done invisibly in the background without forcing people to stop using their computers and be secure by default, preventing attacks by separating the state from the operating system and the compute from applications.
A modern OS would constantly be connected to LTE 5G and use AI to help make apps more efficient. It would also support different kinds of input, including pen, voice, touch and even the ability to use your eyes to control apps or write—two things that likely to fuel more speculation that the new OS will be developed with mobile products (like a possible Surface Phone) and lightweight or dual-screen laptops in mind.
from TechCrunch https://tcrn.ch/2Kl5QuT
Subscribe to:
Posts (Atom)