InfoWorld InfoWorld Tech Watch en-us Fri, 23 Mar 2018 13:19:39 -0700 Fri, 23 Mar 2018 13:19:39 -0700 InfoWorld 510 510 InfoWorld 796 288 ActiveState's Python taps Intel MKL to speed data science and machine learning Thu, 18 May 2017 09:10:00 -0700 Serdar Yegulalp Serdar Yegulalp

Last year Intel became a Python distributor, offering its own edition of the language outfitted with Intel’s Math Kernel Library (MKL). MKL accelerates data-science-related tasks by using Intel-specific processor extensions to speed up certain operations, a fine fit for a language that has become a staple in machine learning and math-and-stats circles.

The Intel Distribution of Python, a repackaging of Continuum Analytics’s Anaconda distribution, incorporated MKL support to give Python data science and machine learning packages a boost. Now ActiveState, producers of an enterprise-grade Python, (as well as Ruby, Node.js, and Golang distributions) has brought MKL into its own Python distro.

To read this article in full, please click here

]]> Machine Learning Analytics Data Science Open Source
CrateDB 2.0 Enterprise stresses security and monitoring—and open source Tue, 16 May 2017 12:09:00 -0700 Serdar Yegulalp Serdar Yegulalp

When open source SQL database CrateDB first debuted, its professed mission was to deliver easy, fast analytics on reams of machine-generated data, while running in containerized, cloud-native environments.

That mission hasn’t changed with the release of version 2.0, but it has been expanded by way of an enterprise edition with pro-level features. Rather than distribute the enterprise edition as a closed-source, binary blob, the maker of CrateDB is offering it as open source to help speed uptake and participation.

SQL, not slow-QL

CrateDB is designed to ingest high-volume, machine-generated data, whether logs from a fleet of servers or sensor data from IoT devices, and make that data accessible through traditional SQL queries. The data may be structured or unstructured; it can be a conventional table, or a freeform JSON document.

To read this article in full, please click here

]]> Database SQL NoSQL Open Source Internet of Things
Waah! WannaCry shifts the blame game into high gear Tue, 16 May 2017 03:00:00 -0700 Fahmida Y. Rashid Fahmida Y. Rashid

More and more, information security seems to be about finding someone to blame for the latest crisis. The blame game was in full gear within hours of the WannaCry ransomware outbreak, and even after a few days there’s still a lot of anger to go around. People want heads to roll, but that won’t help contain the current damage or spur improvements to minimize the impact of future attacks.

The WannaCry ransomware successfully infected so many machines because it crafted the malware to use multiple infection vectors, including traditional phishing, remote desktop protocol (RDP), and a vulnerability in the SMB protocol. It took advantage of the fact that people don’t always recognize phishing links, and that many systems aren’t running the latest versions of applications or the operating system.

To read this article in full, please click here

]]> Malware Security Networking Patch Management Windows
Faster machine learning is coming to the Linux kernel Mon, 15 May 2017 10:55:00 -0700 Serdar Yegulalp Serdar Yegulalp

It's been a long time in the works, but a memory management feature intended to give machine learning or other GPU-powered applications a major performance boost is close to making it into one of the next revisions of the kernel.

Heterogenous memory management (HMM) allows a device’s driver to mirror the address space for a process under its own memory management. As Red Hat developer Jérôme Glisse explains, this makes it easier for hardware devices like GPUs to directly access the memory of a process without the extra overhead of copying anything. It also doesn't violate the memory protection features afforded by modern OSes.

To read this article in full, please click here

]]> Machine Learning Linux Open Source Hardware
WannaCry ransomware slipped in through slow patching Mon, 15 May 2017 03:00:00 -0700 Fahmida Y. Rashid Fahmida Y. Rashid

The plain truth about security updates is that enterprises will always have a lag time between when patches are released and when they're deployed. Even so, too many organizations are taking too long to test and schedule, and they're paying the price.

As reported earlier, a new ransomware attack called Wanna Decryptor (WannaCry) struck tens of thousands of systems in more than a dozen countries around the world, including hospitals at the United Kingdom's National Health Service, KPMG, Spain's telecommunications company Telefonica, and banks BBVA and Santander. The ransomware has wormlike properties, as it spreads through network file shares, possibly using the vulnerability in the Windows SMB (Server Message Block) protocol (MS17-010) that Microsoft patched in March. The flaw is used by the EternalBlue exploit, which was part of the cache of hacking tools allegedly developed by the NSA and dumped by the Shadow Brokers group.

To read this article in full, please click here

]]> Patch Management Security Networking Windows Windows Server
Why snafus like HP’s keylogger will happen again Mon, 15 May 2017 03:00:00 -0700 Simon Phipps Simon Phipps

As Woody Leonhard explained last week, HP laptops have come with a little added extra ever since Christmas 2015: a keylogger. HP has confirmed to me that the report from Thorsten Schroeder of ModZero is correct and the company has been urgently working on fixes.

The keylogger is built into a device driver supplied to HP by Conexant Systems. It places every single keystroke you make in a log file on the computer. The file is deleted and a new one is started every time you log on to Windows, but if you use an incremental backup system or rarely reboot, there's a good chance that every password, credit card number, personal detail, and regretted communication you ever typed is stored safely waiting for a hacker or subpoena to make it public.

To read this article in full, please click here

]]> Security PCs Laptops
4 cool Kubernetes tools for mastering clusters Mon, 15 May 2017 03:00:00 -0700 Serdar Yegulalp Serdar Yegulalp

Kubernetes, the cluster manager for containerized workloads, is a hit. With the Big K doing the heavy lifting in load balancing and job management, you can turn your attention to other matters.

But like nearly every open source project, it's a work in progress, and almost everyone who works with Kubernetes will find shortcomings, rough spots, and annoyances. Here are four projects that lighten the load that comes with administering a Kubernetes cluster.


A key part of the Kubernetes success story is its uptake with IT brands other than Google. Cloud storage firm Box has picked up on Kubernetes and open-sourced some of the bits it's used to aid with its internal deployment; kube-applier is one such project.

To read this article in full, please click here

]]> Containers Application Virtualization Open Source
CoreOS's Linux platform bolsters enterprise Kubernetes features Fri, 12 May 2017 10:51:00 -0700 Serdar Yegulalp Serdar Yegulalp

Tectonic, CoreOS's Linux platform built to run containers, was revamped this week to version 1.6.2. Underneath that minor point revision label lie some significant changes.

According to an official CoreOS blog post, this version of Tectonic rolls in the latest version of Kubernetes (1.6.2) to create a CoreOS/Kubernetes combo that's easier to install in a variety of environments and has better separation of workloads, more robust auditing and logging, and boasts a major change a key underlying Kubernetes technology.

A more elastic etcd

That key technology is etcd, the distributed data store used by CoreOS generally and by Kubernetes in particular. With a new experimental feature, CoreOS can manage etcd with CoreOS Operators.

To read this article in full, please click here

]]> Containers Application Virtualization Open Source Linux
Windows Subsystem for Linux welcomes Suse and Fedora options Fri, 12 May 2017 03:00:00 -0700 Serdar Yegulalp Serdar Yegulalp

Fans of Windows Subsystem for Linux (WSL) love that it provides a native Linux experience, command line and all, to Windows users. But not all have been fans of the choice of Linux distribution—Canonical's Ubuntu Linux—and thus have launched projects to swap out Ubuntu.

ALWSL is one such project, and the Python-based WSL Distribution Switcher, which provides automated access to no fewer than 10 Linux distribution userlands, is a more sophisticated approach.

To read this article in full, please click here

]]> Linux Windows Open Source
Nvidia GPU Cloud bundles frameworks and tools for AI app dev Thu, 11 May 2017 10:44:00 -0700 Serdar Yegulalp Serdar Yegulalp

Over the past couple of years, every major cloud vendor added GPU resources as standard issue: Amazon, Microsoft, Google, IBM. In most every case, those GPUs come from Nvidia, the premier supplier of GPUs for high-performance computing and the de facto software standards for it.

To read this article in full, please click here

]]> Artificial Intelligence Analytics Cloud Computing Hardware
Why Microsoft's Cosmos DB represents the future of cloud databases Thu, 11 May 2017 03:00:00 -0700 Serdar Yegulalp Serdar Yegulalp

At first glance, Microsoft's new Cosmos DB Azure database seems like a rebadged successor to Azure's planet-scale NoSQL offering, DocumentDB. It's easy to read Cosmos DB as a point-revision version of its predecessor, down to the fact that existing DocumentDB users will be automigrated.

But what's most important about Cosmos DB is not where it's coming from, but where it's heading—and how it may be taking a sizable slice of the cloud-native database world with it. Here are four reasons why Cosmos DB is a harbinger of what's to come for cloud-native database technology and how it's a sign of what's already arrived.

To read this article in full, please click here

]]> Database Cloud Computing NoSQL Cloud Storage
Open source SQL database CockroachDB hits 1.0 Wed, 10 May 2017 09:25:00 -0700 Serdar Yegulalp Serdar Yegulalp

CockroachDB, an open source, fault-tolerant SQL database with horizontal scaling and strong consistency across nodes—and a name few people will likely forget—is now officially available.

Cockroach Labs, the company behind its development, touts CockroachDB as a “cloud native” database solution—a system engineered to run as a distributed resource. Version 1.0 is available in both basic and for-pay editions, and both boast features that will appeal to enterprises.

The company is rolling the dice with its handling of the enterprise edition by also making those components open source and trusting that enterprises will pay for what they use in production.

To read this article in full, please click here

]]> Database Open Source Cloud Computing Software Licensing
NoSQL, no problem: Why MySQL is still king Wed, 10 May 2017 03:00:00 -0700 Matt Asay Matt Asay

MySQL is a bit of an attention hog. With relational databases supposedly put on deathwatch by NoSQL, MySQL should have been edging gracefully to the exit by now (or not so gracefully, like IBM's DB2).

Instead, MySQL remains neck-and-neck with Oracle in the database popularity contest, despite nearly two decades less time in the market. More impressive still, while Oracle's popularity keeps falling, MySQL is holding steady. Why?

An open gift that keeps on giving

While both MySQL and Oracle lost favor relative to their database peers, as measured by DB-Engines, MySQL remains hugely popular, second only to Oracle (and not by much):

To read this article in full, please click here

]]> NoSQL Database Open Source Data Management Big Data Development Tools Software Development
Machine learning analytics get a boost from GPU Data Frame project Tue, 09 May 2017 10:11:00 -0700 Serdar Yegulalp Serdar Yegulalp

One sure way to find the limits of a technology is to have it become popular. The explosion of interest in machine learning has exposed a long-standing shortcoming: Too much time and effort are spent shuttling data between different applications, and not enough is spent on the actual data processing.

Three providers of GPU-powered machine learning and analytics solutions are collaborating to find a strategy for multiple programs to access the same data on a GPU and process it in-place, without having to transform it, copy it, or execute other performance-killing processes.

Data, stay put!

Continuum Analytics, maker of the Anaconda distribution for Python; machine learning/AI specialist; and GPU-powered database creator MapD (now open source) have formed a new consortium, called the GPU Open Analytics Initiative (GOAI).

To read this article in full, please click here

]]> Analytics Artificial Intelligence Open Source
Microsoft rushes emergency fix for critical antivirus bug Tue, 09 May 2017 04:39:00 -0700 Fahmida Y. Rashid Fahmida Y. Rashid

The point of antivirus is to keep malware off the system. A particularly nasty software flaw in Microsoft’s antivirus engine could do the exact opposite and let attackers install malware on vulnerable systems. 

The critical security vulnerability in the Microsoft Malware Protection Engine affects a number of Microsoft products, including Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Forefront Security for SharePoint, Microsoft Endpoint Protection, and Microsoft Forefront Endpoint Protection. These tools are enabled by default in Windows 8, 8.1, 10, and Windows Server 2012.

To read this article in full, please click here

]]> Endpoint Protection Security Malware Windows
MapD's GPU-powered database is now open source Tue, 09 May 2017 03:00:00 -0700 Serdar Yegulalp Serdar Yegulalp

MapD, creator of a GPU-accelerated database that scales both up and out, has open-sourced its core technology.

As announced in a press release and blog post, the core database and its "associated visualization libraries" are available under the Apache 2.0 license. But enterprise-level features like the high availability, LDAP, ODBC, and horizontal scaling functionality—many of which debuted in the 3.0 version released earlier this month—will be kept close to the chest.

To read this article in full, please click here

]]> Database Analytics Artificial Intelligence Open Source
How the Macron campaign slowed cyberattackers Tue, 09 May 2017 03:00:00 -0700 Fahmida Y. Rashid Fahmida Y. Rashid

In the wake of French president-elect Emmanuel Macron's victory over Marine Le Pen, IT armchair quarterbacks should look at the Macron campaign's security playbook for ideas on how to fight off targeted phishing and other attacks.

When 9GB of files belonging to the Macron campaign was dumped on file-sharing website Pastebin less than two days before the French election, it looked too much like what had happened during the U.S. presidential election last fall.

There isn't enough evidence to conclusively link the Russians to the Macron leak, and security experts believe some of the supposed clues are sloppy attempts at misdirection. The difference this time around seems to be the fact that Macron's team was prepared for the attacks and engaged in a disinformation campaign of its own, according to The Daily Beast.

To read this article in full, please click here

]]> Security Hacking
Java and C continue to decline in popularity Mon, 08 May 2017 13:00:00 -0700 Paul Krill Paul Krill

Keep on moving over, Java and C. Other languages are closing the popularity gap.

That's the gist of this month's Tiobe index, which gauges language popularity based on a formula assessing search-engine activity. While still ranking number one and two in the index, Java and C continue to see their shares dwindle as other languages capture attention.

"Java and C are in a heavy downward trend since the beginning of 2016. Both languages have lost more than [six percentage points] if compared to last year," according to report accompanying the index. Java's rating is 14.639 percent this month, down 6.32 points, more than 30 percent from May 2016. The situation is even more dire for C; it declined 6.22 points from a year ago to 7.002 percent, a decline of nearly 48 percent.

To read this article in full, please click here

]]> Software Development Java Development Tools
Buckaroo brings package management to C/C++ projects Mon, 08 May 2017 09:31:00 -0700 Serdar Yegulalp Serdar Yegulalp

While it’s fashionable to dump on C and C++ for being old school, they’re still hard to beat for sheer speed or power. But what’s often lacking is modern toolchain elements like a package manager. Go, Rust, Node.js, Ruby, and Python all have standard-issue methods to perform package management; C and C++ don’t—and that’s where third-party tools have an opportunity to step in.

One recent example is Buckaroo, which comes from LoopPerfect, creator of an interactive C++ development environment called Jyt. Buckaroo is an open source system for adding packages from a managed repository to a C/C++ project “in a controlled and cross-platform way.” Here, "cross-platform" means Windows, Linux, and MacOS, using whatever compiler is available.

To read this article in full, please click here

]]> Software Development Development Tools Open Source
Python 2 forever: 3 projects that will keep Python 2 alive Mon, 08 May 2017 03:00:00 -0700 Serdar Yegulalp Serdar Yegulalp

The switch from Python 2 to Python 3 has been rocky, but all signs point to Python 3 pulling firmly into the lead. It's broadly compatible with several libraries, a major third-party implementation of Python is keeping pace with version 3, and there's an encouraging rate of adoption by cloud providers for application support.

To read this article in full, please click here

]]> Development Tools Software Development
Elasticsearch stack wises up with machine learning Fri, 05 May 2017 12:02:00 -0700 Serdar Yegulalp Serdar Yegulalp

Elastic, the commercial company supporting the Elasticsearch stack for searches of real-time data, has added machine learning functionality to all the pieces of the Elastic stack.

Unlike some other companies, Elastic isn't claiming this addition is cure-all magic dust. Rather, it's for performing specific analysis for explicitly defined use cases.

In a blog post that went live yesterday, Elastic outlined examples of Elasticsearch's anomaly detection in action, such as detecting changes to a performance metric or analyzing many metrics together to determine when one is out of gamut.

To read this article in full, please click here

]]> Artificial Intelligence Predictive Analytics Analytics Open Source
NIST to security admins: You've made passwords too hard Fri, 05 May 2017 03:00:00 -0700 Fahmida Y. Rashid Fahmida Y. Rashid

Despite the fact that cybercriminals stole more than 3 billion user credentials in 2016, users don't seem to be getting savvier about their password usage. The good news is that how we think about password security is changing as other authentication methods become more popular.

Password security remains a Hydra-esque challenge for enterprises. Require users to change their passwords frequently, and they wind up selecting easy-to-remember passwords. Force users to use numbers and special characters to select a strong password and they come back with  passwords like Pa$$w0rd.

To read this article in full, please click here

]]> Security Passwords
Congress joins the FCC to kill net neutrality Fri, 05 May 2017 03:00:00 -0700 Caroline Craig Caroline Craig

The "Restoring Internet Freedom" meme spread to Congress this week, and foes of net neutrality seemed emboldened to dial up the volume in their campaign of misinformation.

Last week, FCC chair Ajit Pai revealed his plan to gut net neutrality regulations. This week, nine Republican Senators introduced a bill that would prevent the agency from ever trying to reinstate those rules. The Restoring Internet Freedom Act would "prohibit the Federal Communications Commission from reclassifying broadband internet access service as a telecommunications service and from imposing certain regulations on providers of such service."

To read this article in full, please click here

]]> Net Neutrality Internet Regulation
Google's Cloud Spanner melds transactional consistency, NoSQL scale Thu, 04 May 2017 11:06:00 -0700 Serdar Yegulalp Serdar Yegulalp

Earlier this year, Google offered a peek at Cloud Spanner, an automanaged database service that melds features from both conventional relational systems and NoSQL technologies.

Today, Google announced Cloud Spanner will be available to the general public later this month. It will compete not only with rival cloud databases, but also up-and-coming open source projects that address scale and reliability issues by using Google's own ideas.

To read this article in full, please click here

]]> Database Cloud Computing
Cloud portability? Keep dreaming Thu, 04 May 2017 03:00:00 -0700 Matt Asay Matt Asay

People talk about multicloud as if it's a choice. It's not. Multicloud is simply a fact of life.

Within any enterprise, developers move at different paces while dealing with years or even decades of legacy build-out. Some workloads will never go anywhere. Others simply fit a particular cloud best or migrate to the cloud where a certain dev group has already established a beachhead. Through whatever means those workloads arrive on AWS, Azure, Google Cloud, or another public cloud, and they'll very likely stay put once in place.

One factor keeping such workloads firmly rooted in place is data gravity. It's expensive to move data from one cloud to another (not to mention from an on-prem deployment to a public cloud). But that's not the biggest problem. The primary issue with multicloud deployments is that each cloud comes prebaked with unique services—and those services ensure lock-in as far as the eye can see.

To read this article in full, please click here

]]> Cloud Computing Software Development APIs
Google helps developers bind C++ to Python Wed, 03 May 2017 12:43:00 -0700 Serdar Yegulalp Serdar Yegulalp

Fans of C++ praise its power and speed, but even they admit its complexity can be daunting. That's true when you're writing libraries in the language, and it's doubly true when you want to make C++-authored libraries useful to other languages. Writing wrappers for C++ libraries is tough work.

CLIF, an open source project developed at Google (but not an official Google product), is a framework for automatically generating C++ library bindings for multiple languages. It's written in Python, and so far the only included language binding is for Python, both versions 2 and 3, but the plan is to allow other language parsers to be written for it.

To read this article in full, please click here

]]> Development Tools Software Development Open Source
Free search engine tool hunts down malware-infected computers Wed, 03 May 2017 09:46:00 -0700 Fahmida Y. Rashid Fahmida Y. Rashid

Internet search engine Shodan provides enterprise security teams a wealth of information about open ports on servers and other internet-connected devices. Now, as part of a partnership with threat intelligence company Recorded Future, security analysts and researchers can work with Shodan to uncover systems manipulated to control malware-infected devices.

Shodan’s specialized crawler doesn’t gather information about websites, but rather details about the connected devices, including servers, routers, webcams, and other internet of things devices. The new Malware Hunter crawler takes the scanning a step further and actively hunts for computers that are acting as remote access Trojan (RAT) command-and-control servers. As such, it is a powerful tool for threat analysts, security operations center (SOC) teams, and dedicated security personnel within the enterprise trying to proactively identify and defend against certain types of malware families, said Levi Gundert, vice president of intelligence and strategy at Recorded Future.

To read this article in full, please click here

]]> Malware Security Search Networking
3 takeaways from Red Hat's AWS deal for OpenShift Wed, 03 May 2017 03:00:00 -0700 Serdar Yegulalp Serdar Yegulalp

Red Hat and Amazon have long been framed as rivals, but only in the sense that anyone who provides on-prem Linux and PaaS products competes to some degree with a cloud provider. Really, they’re more like peanut butter and jelly.

Yesterday, Red Hat unveiled details about a new partnership with Amazon to support integrating some widely used AWS options into Red Hat’s OpenShift PaaS. The list of services covers basic infrastructure (AWS Route 53, AWS Cloudfront), data (AWS Redshift/Aurora/Athena), and cutting-edge technologies (AWS Lambda).

Here are three reasons why offering those services with OpenShift is big for Red Hat and its customers—and how it could potentially be big for other cloud vendors too.

To read this article in full, please click here

]]> Cloud Computing Open Source
Red Hat OpenShift adds containers and microservices features for developers Tue, 02 May 2017 11:31:00 -0700 Serdar Yegulalp Serdar Yegulalp

With OpenShift, Red Hat wants to make its PaaS as friendly to developers as to the rest of an enterprise team.

Hence, Red Hat is adding a pair of developer-focused features to OpenShift: a new cloud-native, browser-based development environment for building automatically containerized code and a set of runtimes for building microservices in OpenShift in a mix of common languages.

The revolution will be developerized

For starters, the new dev environment lets teams work together on code that's containerized automatically and deployed continuously. It's built with open source components, chiefly the Eclipse Che cloud-based IDE and in-browser code editor.

To read this article in full, please click here

]]> Cloud Computing PaaS
New project gives developers DIY tools for creating dynamic languages Mon, 01 May 2017 09:09:00 -0700 Serdar Yegulalp Serdar Yegulalp

The creator of the Higgs experimental JavaScript compiler has announced a new project: a virtual machine for dynamic languages that supports existing dynamic languages or make it easy to build new ones.

In the long run, the project has an even more ambitious purpose: allowing developers to create software that can still be run as-is decades from now.

The project, called ZetaVM, provides both a virtual machine and a JIT compiler with built-in support for features found in dyamic languages—dynamic typing, for instance, or flexible data types like arrays or extensible objects.

To read this article in full, please click here

]]> Software Development Open Source Development Tools