A weekly roundup of tech news and all things related to modern software development.
NEW - November 16th, 2018
DevOps platform CircleCI has unveiled their new package manager, Orbs, that is “designed specifically for configuration of software delivery automation.” Orbs is focused on giving CircleCI’s users the ability to package the commands, executors, and jobs that make up their CI/CD workflow and share them among teams and projects. CircleCI also has its own set of 25 standardized Orbs for popular pipelines.
Google has launched Cloud Scheduler, a service for their cloud platform for running batch jobs. The service works the same as command-line cron services while improving the process thanks to the ease of running a managed service in the cloud. You get three free jobs per month while each additional one costs 10 cents.
After 14 months of cities competing to be the location of the next Amazon HQ, the tech supergiant has announced the 50,000 jobs that would bring between two areas: Long Island City close to NYC and Crystal City close to Washington, D.C. Both the cities have been considered potential choices for a while due to their rich talent pools and local cultures attracting tech professionals.
Making a move on the transition older servers will have to undergo when service for Windows Server 2008 and 2008 R2 ends in 2020, Docker has launched a toolkit as part of its Docker Enterprise 2.1 release that can containerise and secure legacy applications, Windows Server Application Migration Program.
To help with moving legacy infrastructures in Europe to Google Cloud Platform, Google has begun a beta of 100TB transfer devices they will mail to your company that you can fill up with your company’s data and mail back. Google will then upload the data themselves, conceptually saving the time and trouble of moving large amounts of data securely to the cloud.
November 2nd, 2018
IBM is notorious for a recent love of Apple products, having increased the number of Macs used by employees in 2015 from zero to 30,000 within six months and explaining in 2016 how each Mac could save the company up to $535 over a 4-year period. At the Jamf Nation User Conference last week, the company announced the code used for IBM employee onboarding during macOS setup would be made available for anyone to use. The code allows employees to further customize their Macs during setup by providing extra information about themselves and selecting apps or bundles of apps to install right away. You can watch a demo of the setup process when using Mac@IBM here and you can check out the code here.
IBM is just as notorious for recent poor performances in the stock market, so the announcement that it was buying the Linux provider and supporter Red Hat for $34 billion at a 62% markup on the current Red Hat stock price shows how committed the company is to reinventing itself to focus on subscription software and hybrid cloud providing. Red Hat itself is unlikely to change anytime soon, with the deal expecting to close in the second half of 2019 and management staying the same.
Following up on their release of the Oracle Blockchain Cloud Service earlier this year, Oracle has released a new suite of four use-case-specific SaaS applications built with the service that are designed to enable more secure and efficient transactions using the blockchain. To see a real world example of the software being used, you can check out this video of a brewery using it to track their business operations.
HashiCorp Vault, the “secret management” open source security tool designed to protect sensitive data, has received a plugin for GCP’s Cloud Key Management Service. The plugin streamlines the management of the service’s keys along with the encryption/decryption and signing/verifying of data through the Vault API. You can watch HashiCorp Vault’s presentation at Cloud Next 2018 here to learn more about how the software runs with Kubernetes.
In order to get an impression of the current status of the software testing industry and whether it’s moving towards automation testing or somewhere else, mabl is asking any software team members (whether developers, testers, project or product managers) to take the 6 minute survey here. The main intention is to see how DevOps has shaped teams’ workflows and how new processes like DevSecOps and DevTestOps will impact them in the future.
October 19th, 2018
On Thursday, Atlassian announced a vastly improved version of Jira Software Cloud. After a necessary move to AWS, Atlassian found the new cloud services at their disposal would allow them to radically change Jira, so they did just that, adding multiple new features. One of those is Roadmap, which presents a chronological view of ongoing tasks for dev teams to organize their workflow in terms of time. The software also has new APIs for tools including Bitbucket Pipelines, Jenkins, InVision, Adobe, Sketch, Slack, Gmail, and Facebook for Work. You can check out the official Atlassian post on the new Jira Software Cloud here.
The Cloud Foundry Foundation announced two new Kubernetes-focused projects at its EU Summit in Switzerland. One of these projects, Eirini, will make it possible for vendors to use Kubernetes as the container scheduler for the Cloud Foundry Application Runtime. The other project, CF Containerization, aims to give operators the ability to deploy the Cloud Foundry Application Runtime into existing Kubernetes clusters.
Puppet is developing applications to provide operational insights and vulnerability assessments for devops. The Puppet Insights tool, now in private beta, measures the impacts of devops investments by aggregating and analyzing data across the tool chain, and the dashboards will help identify the velocity, quality, and impact of software delivery teams and processes. Puppet’s security vulnerability remediation tool, set to launch in a private beta on October 23rd, will link data gathered from vulnerability scanners such as Qualys and Tenable to the Puppet Discovery suite, for identifying IT resources.
October 5th, 2018
Yesterday, GitHub revealed a new version of their recently built Jira integration. Since the ability of Jira to manage large software projects and of GitHub to host the code for them placed them at a crossroads where a connection solution was nonexistent, the GitHub team decided to build a Jira integration from the ground up a few months ago. Better performance and user experience come with this new update, making it easier to view all pull requests, commits and branches that are associated with a Jira issue. You can read the official GitHub release note here.
On Wednesday, CircleCI became authorized for use by the government’s developer community, making it the first CI/CD tool to pass the FedRAMP’s examination process. FedRAMP was created in 2010 to standardize the process for integrating new cloud technologies to the government, an area where each agency had previously had its own separate policies. The assessment involved a master inventory of all infrastructure, a four day stay by a third-party auditor with a top secret security clearance, and a final review by a federal security team that ultimately granted CircleCI authorization. You can download CircleCI from the FedRAMP Marketplace here.
JFrog has closed a $165 million Series D funding round, bringing their valuation over $1 billion and their total funding raised to $226.5 million. This is another major funding round of tech players led by Insight Venture Partners, which recently helmed Sysdig’s $68.5 million series D. JFrog’s end-to-end software release system is focused on integrating with as many different kinds of development environments as possible. JFrog is looking to expand its workforce by 150 employees over the next year, so you can see if they have any positions for you here.
On Monday, Kubernetes announced that DigitalOcean, which was available in Early Access, is now accessible as Limited Availability. DigitalOcean simplifies the container deployment process that accompanies plain Kubernetes and offers Kubernetes container hosting services to reduce the headache involved in setting up, managing and securing Kubernetes clusters. Benefits for users of Limited Availability include the ability to provision Droplet workers in many more regions with full support, add worker pools of various Droplet sizes, attach persistent storage using DigitalOcean Block Storage, and expose Kubernetes services with a public IP using Load Balancers. You can request access here.
Yesterday at KotlinConf2018, JetBrains and Google co-announced the creation of the Kotlin Foundation, with the primary goal of proliferating both the Kotlin language, and ensuring it can be relied upon for years to come. The foundation’s mission statement states their aim is “to protect, promote and advance the development of the Kotlin programming language. The Foundation secures Kotlin’s development and distribution as Free Software, meaning that it is able to be freely copied, modified and redistributed, including modifications to the official versions.”
Red Hat attempts to bridge the gap between old-style server management tools and DevOps with Red Hat Satellite 6.4. The new management tool comes with a deeper integration with Red Hat Ansible Automation’s automation-centric approach to IT management, enabling sysadmins to use the Red Hat Satellite interface to manage RHEL with Ansible's remote execution and desired state management. Red Hat says this integration "is designed to help not only identify critical risks but then create enterprise change plans and automatically generate Ansible playbooks to better remediate those risks."
September 21st, 2018
Last week, introduced a new server focused on handling AI and ML workloads, ranging from data collection and analysis to data preparation and training to real-time inference. Dubbed the Cisco UCS (Unified Compute System) C480 ML, the rack server contains 8 Nvidia Tesla V100-32G GPUs along with a plethora of other high end hardware. You can go into the nitty gritty details of the server here, although you can’t buy it until Q4 2018.
Last Thursday, a post by Max Justicz, the creator of bug bounty system Bountygraph, detailed a remote-code execution flaw in Alpine Linux, a popular distro for Docker containers, that allows a malicious user to inject arbitrary code. The user would have to have man-in-the-middle (MITM) network access or be operating a malicious package mirror, but having either would allow them to inject arbitrary code via apk, which is Alpine’s default package manager, into the kind of Docker images Alpine is commonly used. This potentially means an attacker could have their code unpacked and run within a Docker container without those who started the image building knowing, “gaining control over what the container running from that image does in the future” (Justicz). Thankfully, Alpine has been updated with the apk fixed, so please rebuild any Docker images with the updated Alpine version if you were using the distro. You can find Max Justicz’s blog post here.
On Monday, SmartBear announced the latest update of SoupUI Pro, the world’s most popular testing platform for REST and SOAP APIs. The update allows the platform to easily run inside Docker containers, integrate with several popular CI servers like Jenkins, TeamCity, and VSFS, and expand it’s automatic test creation. The platform can now also connect to Slack for increased collaboration. To find out more about the update, you can watch SmartBear’s webinar explaining it here.
Amazon is experimenting with a machine-learning powered shopping tool Scout, which allows you to “like” or “dislike” items in a search to help you find more items tailored specifically to your likes. At this time, you can use Scout to search for furniture, kitchen, dining products, home décor, patio items, lighting, and bedding, as well as women’s shoes. An Amazon spokesperson says that the idea of Scout really solves two problems. “I don’t know what I want, but I’ll know it when I see it” and “I know what I want, but I don’t know what it’s called.” Scout is meant to simplify shopping for users and help them find products they like faster, rather than scrolling through millions of results. You can check Scout out yourself here.
Closely following the developer beta, Apple released the first public beta of iOS 12.1 to testers on Thursday, September 20th. A big feature update that was much anticipated is Group FaceTime, allowing you to FaceTime with up to 31 friends at a time. Other than adding support for the Xcode 10.1 beta, Group FaceTime appears to be 12.1's only major new change. To download and update your iPhone to iOS 12.1 public beta 1, you first need to be a public tester with a valid configuration profile. 12.1 updates will join a long list of excellent new features that iOS 12 brought to the table such as notification grouping, Screen Time, Siri commands with Shortcuts, and more.
September 7th, 2018
Last week, SmartBear, maker of software testing, monitoring, and developer tools, announced it was acquiring Zephyr, known for its software test management solutions including DevOps and CI/CD testing. Through the acquisition, SmartBear now controls Zephyr for Jira (native test management) and Zephyr Enterprise (enterprise testing). SmartBear has ambitions to build “the most comprehensive set of test management solutions in the market,” with the Zephyr acquisition acting as their latest step in that journey. You can read the official release here.
On Tuesday, OpsGenie announced it had signed a definitive agreement to be acquired by Atlassian for $295 million. OpsGenie helps DevOps and IT-operations teams manage critical IT alerts and incidents, making it a good fit for Atlassian’s focus on team-collaboration and productivity. OpsGenie co-founder and CEO Berkay Mollamustafaoğlu agrees, saying, “We share Atlassian’s vision of empowering teams through open work and collaboration and believe that together we can revolutionize the manner in which IT incidents are addressed throughout the entire response lifecycle.” You can read Atlassian’s blog about the acquisition here.
The same day Atlassian announced their acquisition of OpsGenie, they launched a new addition to their Jira suite of project management tools, Jira Ops, at their Summit 2018 conference in Barcelona. Jira Ops stitches together commonly used tools into one coherent product that can manage everything from reporting to resolution to post-mortem analysis. This is a marked improvement from the current state of the standard incident response system, which jumbles together services from different companies like PagerDuty, Atlassian, Slack, and OpsGenie (although this would now technically be from Atlassian as well). Jira Ops doesn’t get rid of these tools, but integrates with them to deliver a single coherent dashboard for your team to share. Jira Ops is free until 2019 and you can sign up for it here.
To enable the exploration of smart contract analytics, Google Cloud’s BigQuery made all of Ethereum’s historical data available for analysis on Monday. You can find all of Ethereum’s source code on their ETL GitHub project and enter it into BigQuery, where the tool’s OLAP features enable the analysis of blockchain data in aggregate. Previously, Ethereum’s software contained APIs that allowed for random access of functions like checking wallet balances, but complete blockchain data analysis was not easily achieved. This new availability has opened up opportunities for many kinds of visualizations and smart contract analytics, such as determining the most popular smart contracts and tokens by transaction volume. You can find Google’s official announcement here.
Gremlin, the “chaos engineering” company that uses injected failures to proactively find and fix unknown weak points in systems, last week announced new features focused on improving Docker container resilience. DevOps teams using the platform can identify their containers using Container Discovery and subsequently simulate real-world outages on them with the Multiple Attacks feature. Utilizing these features in the dev environment will hopefully improve the reliability of the targeted containers in production, where a Gartner report estimates an average hour of downtime costs $300,000. You can request a demo of Gremlin here.
August 24th, 2018
Google knows that bad news can really wear a person down by the end of the day. Google Assistant’s newest update features a new voice command. To activate the feature, Assistant users in the U.S. can say, “Hey Google, tell me something good” to kick off the daily briefing of happy stories. “Good news” may include, like a story about how Georgia State University stopped students from slipping through the cracks; or how backyard beekeepers in East Detroit are bringing back the dwindling bee population; or how Iceland curbed teen drinking. The feature arrives at a time when many people are feeling overwhelmed by the news, much of which is negative and troubling. Maybe this experiment can brighten some of that darkness surrounding news today.
Last week Google’s Firebase announced updates and new features, deeper integrations, and a few design updates. One of these updates is the launch of in-app messaging, which will allow developers to send targeted and contextual messages to users as they use the app. Developers can customize the look and feel of these in-app notifications, which are rolling out today, but what’s even more important is that this feature is integrated with Firebase. Additional updates include a Jira integration, a deeper connection to Crashlytics, and support for multiple websites in a project in Firebase Hosting.
In their 2018 State of virtualisation in the cloud report, Druva found that while 41% of companies were runnings virtual machines in the cloud, a gain of 10 percentage points from 2017, 53% of those companies said the move had not saved them any money. The report states that this lack of savings could be the result of several factors, including an over-reliance on scripted cloud orchestration procedures that are prone to error, which creates risk and hurts efficiency. Dave Packer, vice-president of products and alliances at Druva, stresses this point by saying “the visibility and data management requirements [of using the cloud] are higher to ensure organisations realise cost savings”, so companies lacking a strict discipline over their cloud operations can potentially be doing more harm than good when it comes to finances.
Following Accenture’s acquisition of Real Time Analytics Platform, which uses AI technologies to analyze every stage of the software development life cycle, Accenture is super-boosting their Touchless Testing Platform, a suite of testing tools with advanced analytics and computing tech. It seems everyone who’s already embraced DevOps is embracing AI, recognizing that setting up a DevOps toolchain can be accelerated with AI technologies, eliminating much of the complexity involved in the adoption of DevOps processes. Accenture and mabl are no different in this regard, and we both believe that it won’t be long before every application incorporates some form of an AI model.
August 10th, 2018
On Monday, Google announced that Android P is Android Pie, During the beta testing phase, Android P was made available on the Sony Xperia XZ2, Xiaomi Mi Mix 2S, Nokia 7 Plus, Oppo R15 Pro, Vivo X21, OnePlus 6, and Essential PH‑1. Android Pie includes a “heaping helping of artificial intelligence baked in to make your phone smarter, simpler, and more tailored to you.” These new features include built-in support for notches, updated Quick Settings, Adaptive Battery and Brightness, and privacy enhancements to limit what apps can do in the background.
Near the end of July, Docker released an announcement related to their Modernize Traditional Applications (MTA) program from April 2017, designed to bring the vast back catalog of applications to modern container platforms. The first guides cover two scenarios, migrating an Oracle WebLogic application with Oracle Database and an IBM MQ with WebSphere LIberty onto either Docker Desktop or Docker EE. Besides migrating them, instructions for orchestrating with both Docker Swarm or Kubernetes are included. You can find the guides, with diagrams included, here.
Google Cloud users and service providers in search of a backup for their mission critical applications and virtual machines have just been graced with an easily adoptable system in the form of HYCU for GCP. The data protection service was built with cloud operations management as the main focus, combining the full value of GCP’s many features with the ease of use and impact-free applications backup of HYCU. You can subscribe to HYCU for GCP right from the GCP Marketplace here.
On July 31st, Mozilla announced Dweb, a project for a decentralized internet. In centralized systems, one entity has control over the participation of all other entities. In decentralized systems, power over participation is divided between more than one entity. In distributed systems, no one entity has control over the participation of any other entity. Mozilla wants you to be in control of your experience online, and that’s where Dweb comes in. Projects will cover social communication, online identity, file sharing, new economic models, as well as high-level application platforms. All of this work is either decentralized or distributed, minimizing or entirely removing centralized control.
In an effort to make establishing and practicing enterprise Value Stream Management (VSM) feasible, CollabNet VersionOne has released a new version of their VS solution designed to scale agile and extend DevOps across the enterprise. The service does this by bringing together planning, Git version control and DevOps to close the disconnects that had hampered team communication. You can check out the solution here.
July 27th, 2018
Last Thursday, Microsoft announced TextWorld, an open-source framework that can generate games to train neural networks by creating text adventures, or interactive stories, which can be extremely challenging for AI bots. Other types of games may have complex graphics or controls, but they don’t create an opportunity to train an AI’s natural language skills. Text adventures like those presented in TextWorld present a multidimensional challenge, since the neural network has to first parse the text information on the screen, then figure out how to proceed, and finally formulate and decide on its answer in a complete, cohesive sentence, in order to succeed. Some text adventures require even more advanced processing capabilities, like needing to find and hold onto a certain item in order to clear a later level, which requires the ability to plan ahead.
GitHub has launched new features for the enterprise tier of its code hosting platform, aiming to ease the day-to-day work of software teams. The biggest new feature is probably a unified search tool, which lets developers directly browse and access outside code repositories for the first time. Previously, there was no straightforward outlet to interact with project hosted outside a company’s private deployment. This is significant because it is estimated that 96% of applications use open-source software, often hosted on GitHub, and by making it easier for developers to interact with outside code repositories, GitHub is making it easier to access a very important asset. This feature and the few others that were announced represent the biggest update to GitHub since its acquisition by Microsoft.
Atlassian has decided to sell its corporate chat software, HipChat, to Slack as it hasn’t been able to keep pace with the likes of Slack and Microsoft’s Slack competitor, Teams. HipChat was always missing features such as audio and visual conferencing, and project tracking. In turn, Stride was added to Atlassian’s portfolio to offer those services. Despite the added features, HipChat and Stride didn’t get the user-base Atlassian was hoping for. Acknowledging the crowded space that the chat market is, Slack and Atlassian are teaming up to make it easy for Atlassian customers to switch over to Slack if they want to, while Atlassian will be maintaining their chat service up until February 2019.
At Google’s Cloud Next conference, they announced a new product called the Google Titan Key, a security key to authenticate logins over Bluetooth and USB. Built to the FIDO specification, a number of apps and browsers can be logged into using this key, and backs Google’s Advanced Protection program which requires that all employees to use physical Security Keys in place of passwords and one-time codes. Google has been using Yubico Yubikeys since early 2017, and the system seems to be working, as they announced that the they haven’t had a single successful account takeover since implementing the policy in early 2017. This multifactor Universal 2nd Factor (U2F) authentication coming from Google should bolster more sites to incorporate the FIDO specification, allowing even more sites to be logged into with security keys.
Another announcement at Google’s Cloud Next Conference, Google announced the expansion of Cloud AutoML, the machine learning platform that enables developers with limited machine learning expertise to train high quality models by leveraging Google’s transfer learning, and Neural Architecture Search technology. Google revealed that around 18,000 customers have expressed interest in their AutoML Vision, a graphical drag-and-drop tool that lets users leverage Google’s cloud computing backend to train self-learning object recognition and image detection models. Starting this week, AutoML Vision available as a public beta. Google also announced updates to existing APIs like Cloud Vision API, which will soon be able to recognize handwriting, support PDFs and TIFF files, and recognize where and object is located within an image. AI is no longer niche in the tech world, and Google is making it easier for any development team to leverage the technology.
July 13, 2018
One of the biggest services for managing cryptocurrencies, MyEtherWallet, has suffered a breach in security for the second time this year after the free VPN service Hola was compromised for five hours. MyEtherWallet (MEW) is used to access crypto wallets and send/receive tokens to/from other wallets. MEW warned its users today that users of MEW who utilize the Hola VPN may have been caught in a malicious attack to steal cryptocurrency. During a period of five hours, Hola users who navigated to MEW to access their wallet with the VPN may have been affected and they are encouraged to transfer all their tokens to a new wallet, if they still have access to them. They assured regular users of MEW were not impacted, as the MEW service itself was not compromised. While there isn’t yet a number of users who were hit or an amount of crypto stolen at this time, a similar DNS attack in February saw that at least $365,000 of cryptocurrency was stolen from MEW users.
Today Microsoft introduced Immutable Blob storage, a new “tamper-proof” storage service in its Azure platform for safekeeping sensitive data. This service could be useful in any industries where firms have strict regulations in place on how they manage information. Building on Azure’s existing object storage, Immutable Blob Storage adds many new security features including the ability to configure an environment so that the records within cannot be deleted, even by the administrators who maintain the deployment. This is a very unique feature that could help heavily regulated organizations prove the the validity of their records and data. The price will be the same as Azure’s object service and the two products are integrated with each other to create simplicity in storage management. Read Microsoft’s announcement here.
Github uses MySQL as a backbone for many of its critical services like the API, authentication, and their website itself. The latest setup at Github includes Orchestrator, Consul for service discovery, and the Github Load Balancer. When a client application looks up the master’s IP on DNS via its name, it is resolved via Anycast. The advantage of this is that while the name is resolved to the same IP address in every data center, the client traffic to that IP will be routed to the nearest master, co-located in the same data center. A Github infrastructure engineer mentions that although the new setup provides "between 10 to 13 seconds" of max outage time in most cases, there are some scenarios that need more work, like data center isolation leading to a split-brain or a Consul outage at the time of failover. Github’s new setup is a move away from traditional techniques based on networking, to ones based on proxying and service discovery.
This week Google Cloud announced Endpoint Verification which would give enterprises two valuable features. First, Endpoint Verification would allow the ability to create an inventory of devices within the enterprise that access corporate data. Endpoint Verification would also allow access to the device information, including disk encryption, OS version, and screen lock. Positioned as a lightweight alternative to conventional mobile management platforms, Endpoint Verification is likely to be easier to deploy and is appealing to smaller firms for that reason. Available to all G Suite Business, G Suite Enterprise, Google Cloud Platform (GCP), and Cloud Identity customers, Endpoint Verification seeks to improve device security. Read GCP’s introduction to the new tool.
Cloudability, the True Cost cloud management platform, announced its new partnership with Atlassian on Monday, and the launch of its Jira Rightsizing integration. Without cost optimization, businesses could be overspending by over 80 percent. A proven way to cut these costs has been rightsizing cloud instances. With this integration, Jira Cloud can now receive Cloudability’s cost-saving rightsizing recommendations directly through its Jira workflows. The Rightsizing Recommendations Engine uses statistical modeling and risk measurement algorithms to provide multiple recommendations sorted by the instances that would deliver maximum savings for the organization. This enables DevOps teams to integrate cloud spend optimization into their processes. The Coudability Righsizing Jira integration is now available in the Atlassian MArketplace at no charge for Cloudability and Jira Cloud customers.
June 29, 2018
Gitlab announced on Tuesday that it’s moving to Google Cloud Platform for its main storage provider and migrating away from Microsoft Azure. This news comes three weeks after the acquisition of GitHub by Microsoft for $7.5 billion in stock. Gitlab has reported a 10-fold increase in traffic since the announcement. The deal was not the only factor in the decision, however, as Gitlab desires to run itself on Kubernetes and chose GCP for the robust and mature support GKE (Google Kubernetes Engine) can provide them. To try out Gitlab for free, you can go to their main site: https://about.gitlab.com/
Datadog has accelerated it’s highly automated DevSecOps process by working with the secure infrastructure company, Cyxtera Technologies, to add AppGate SDP. AppGate dynamically creates encrypted, one-to-one network connections for secure user access, which is perfect for Datadog, as they are looking create a simplified, cohesive platform to manage user access. AppGate uses the “zero-trust” networking model to reduce the vulnerability of enterprise networks. Datadog and Cyxtera are having a live webinar on Thursday the 28th at 11 am EST where you can learn more about Datadog's journey towards a Zero Trust model to access their AWS environment, and you can register here.
On Tuesday, Atlassian announced two “feature flag” integrations for Jira with LaunchDarkly, a feature management platform designed for DevOps teams, and Rollout, another feature management platform aimed at the enterprise and designed to minimize risks. This new integration incorporates automatic feature flagging into the platforms, where teams would have to manually manage, track and remove them previously. While feature flags are a simple concept, the context they provide for each step makes the development process just that much easier for teams. To read the official Atlassian release, go here.
Google is moving ahead with AI Assistant Duplex, the human sounding artificial intelligence designed to make calls on your behalf. Google is beginning public testing on Duplex with a small group of “trusted testers” and business that have agreed to receive calls from Duplex, starting with calling for business hours and holiday hours such as on the Fourth of July. Later in the summer, testers will be able to book reservations with Duplex. On Tuesday, Google invited press to Oren's Hummus Shop in Mountain View, California, a small Israeli restaurant two-and-a-half miles away from its corporate campus, to see the first live demos of the project and try out the product. Google revealed exactly how it will let people know they're talking to an AI. After the software says hello to the person on the other end of the line, it will immediately identify itself: "Hi, I'm the Google Assistant, calling to make a reservation for a client. This automated call will be recorded." To see how the service stacked up against a tester trying to trip it up, go here.
On Tuesday, Google announced they were developing a new cloud storage option for devs, Cloud Filestore, that they will be able to beta test next month. In a similar manner to Atlassian’s simplification of an existing dev technique, Cloud Filestore does away with the work devs would have to do if they wanted access to a standard file system, involving rigging up a physical file server with a persistent disk, and moves the whole operation to the cloud. To sign up for the beta, go here.
June 15, 2018
Last week, Microsoft announced it’s purchase of GitHub for $7.5 billion in Microsoft stock. In recent years, Microsoft has made up the ground between itself and Amazon to become the No. 2 cloud computing services provider with its Azure service. The GitHub community, consisting of 28 million programmers, has had varying responses to the deal, from devs expressing concern that a company as large as Microsoft will disrupt the open-source ethos of GitHub to the executive director of the Linux Foundation saying the deal is “good news”. There’s no need to be concerned about any GitHub projects such as the popular Kubernetes and Node.js being affected by the purchase, as they’re protected by an open source license that includes intellectual property ownership.
Last week, PagerDuty announced PagerDuty Event Intelligence, a product analyzing incoming digital signals and human response patterns, such as when and how alerts are resolved by responders. Event Intelligence uses automation to identify issues quickly and take action on critical software issues and opportunities. PagerDuty CEO Jennifer Tejada said about the new feature, “It is the first and only solution to combine machine learning with people and team orchestration to automate problem and opportunity detection as well as resolution. Event Intelligence separates the actionable signals from the noise to help teams become agiler and scale operations.” The product is designed for teams across an enterprise including software, marketing, infrastructure, and security, and aims to help companies improve customer experiences, increase productivity, reduce risk, and create more time for innovation. To learn more about PagerDuty Event Intelligence, check it out here:
The cloud-native machine data analytics platform, Sumo Logic, updated on Wednesday to support containers and orchestration software, including Docker, Kubernetes, and Amazon EKS, and also add quality of life changes. Sumo Logic debuted the updated platform at DockerCon 2018, which took place from Wednesday to Friday, and says it will reduce downtime with Kubernetes, optimize machine data for improved analytics performance, and easily extract business insights from machine data. To see the results of a survey Sumo Logic published alongside the update looking at how businesses are using machine data analytics as well as a selection of case studies of the software, check out the official announcement by Sumo Logic here: https://www.sumologic.com/press/2018-06-12/microservices-customer-experiences/
Following last week’s release by AWS of their Elastic Container Service (EKS) for Kubernetes to the general public, Datadog has announced their cloud environment monitoring product will support the new Amazon service. EKS is focused on making Kubernetes applications on AWS easy to deploy, manage, and scale. The Datadog integration is designed to monitor the EKS environments in real time to greatly increase productivity, troubleshoot performance issues, and avoid costly downtime. To learn more about Datadog’s features and to get a free 14-day trial, you can go here: https://www.datadoghq.com/lpg/
Last week, Red Hat expanded its cloud-native integration portfolio to include Fuse 7, the next major release of its distributed solution. Fuse is a solution for creating, extending, and deploying containerized integration services across private, public, or hybrid clouds. It strives to offer greater productivity and manageability within these environments. The new features included with Fuse 7 are a browser-based graphical interface with drag-and-drop capabilities, enabling business users and developers to integrate applications and services faster. The company also introduced a new fully hosted low-code integration Platform-as-a-Service (iPaaS) offering, Fuse Online. Fuse Online includes automated tools meant to connect software applications deployed in different environments. To see the official announcement, go here: https://developers.redhat.com/blog/2018/06/04/red-hat-fuse-7-is-now-available/
June 1, 2018
Openstack, the open-source project full of tools to help your company run an equivalent of the core AWS services, has been focused on providing devs with powerful, open-source tools for years. One of their projects, Zuul, came about in 2012 when the OpenStack team had to develop their own DevOps tools for the project. Zuul is focused on giving devs a system for automatically merging, building and testing new changes to a project, with support for GitHub and Gerrit. With the recent release of Zuul v3, it’s been decoupled from the rest of OpenStack and become its own independent project. Contributors to the project include Red Hat, GitHub, BMW, GoDaddy, Huawei and SUSE. If you’d like to try Zuul out or find out more about it, you can check here: https://docs.openstack.org/infra/zuul/
After more than three years of changing the way devs deploy software, the 1.10 version of Kubernetes has been released to the public. The update is focused on security, logging and monitoring of web-native applications. It also includes new features such as TLS bootstrapping, which gives kubelets (the “node agent” of a container node) the ability to join a TLS-secured cluster automatically. Previously, this would have to be done by an admin or the kubelet would need to self-sign a certificate. The availability of TLS support takes away a big feature gap that existed between Kubernetes and Docker. You can find out more about Kubernetes here: https://kubernetes.io/
One announcement you might have missed during AWS’s annual developer event on Wednesday was the general release of Amazon Neptune, the service’s graph database. Neptune gives devs the ability to build and run applications capable of querying the relationships between their data using standard APIs. To easily build queries for complex datasets, Neptune supports graph models Property Graph and W3C’s RDF as well as their query languages, Apache TinkerPop Gremlin and SPARQL. If you want to know about the applications of this service, AWS provided six potential use cases, including for network/IT operations, knowledge graphs, and life sciences, that you can read about here: https://aws.amazon.com/neptune/
Earlier this month, JFrog launched a universal software binary platform dubbed Enterprise+ that is designed to provide continuous updates for virtually any language and destination. The platform offers companies full control over the storage, promotion, security and distribution of their binary release to remote endpoints. While Enterprise+ is optimized for cloud-native and IT applications, it can be used for mobile development and IoT devices. Enterprise+ is powered by JFrog’s top services, with well-known elements like XRay and Mission Control working alongside new offerings like Distribution, Artifactory Edge, and Insight. The platform covers all the step involved in creating updates in a multi-site development environment, making it especially useful for large companies with multiple sites that need to update and work in tandem. For more info on Enterprise+, check out JFrog’s site here: https://jfrog.com/enterprise-plus-platform/
Google and Confluent Partner to Bring Real Time Data Streaming To GCP
On Tuesday, Google and Confluent announced they’d be working on bringing Confluent Cloud to GCP to provide data streaming to services like BigQuery and TensorFlow. This partnership comes after developers using GCP had been asking for a way for the service to “meet them where they are” and had started developing their own open-source solutions to streaming analytics. Previous users of Confluent Cloud can build a bridge from their data centers to Google Cloud to integrate their applications and microservices, and using the service now will enable devs to easily stream data into Google Cloud and apply it at a potentially massive scale. Confluent Cloud can also deploy on AWS, and you can find out more about how to start using it here: https://www.confluent.io/confluent-cloud/
May 18, 2018
Last week, GitHub announced a new Checks API for better continuous integration and functionality. This public beta of its Checks API will allow developers to build sophisticated tools for CI, linting and acceptance testing on GitHub. Microsoft has partnered with GitHub and is integrating Visual Studio App Center which means that Visual Studio developers building apps that use mobile repositories on GitHub will be able to install the App Center GitHub app and take advantage of the new Checks API, which would allow GitHub to “notify you when it detects you have a mobile project, so you can enable CI on the repository and start automating your process.” Checks API also integrates with CircleCI, Travis CI, and Microsoft Outlook. This useful for developers because it allows you to keep your whole workflow within GitHub so you can stay focused on writing the code and automating everything else.
On Monday, Amazon released an app in the iOS store called AWS IoT 1-Click. The software is designed to give devs an even quicker route to triggering events on Amazon’s serverless computing platform, Lambda. The idea is similar to the Dash Button that Amazon introduced a few years ago that gives users a simple, one press way to reorder specific household goods. The app takes this concept further and allows devs to customize the effect of pressing that button and have it, say, send a text message or email. The two supported devices the app can connect to so far are the AWS IoT Enterprise Button, which is a commercialized version of the Dash button, and the AT&T LTE-M Button, a similar idea to the Dash but for businesses rather than homes. While you can download the app now, you’ll have to apply to participate in the Preview, which you can do here: https://aws.amazon.com/iot-1-click/
After partnering with HP earlier in the month to improve the hardware that carries their container infrastructure, Red Hat last week announced that another, very similar partnership is on the way with their frequent partner, IBM. The two companies have been partnering together on various projects since 1998. This collaboration focuses on coupling IBM’s cloud platforms with Red Hat’s OpenShift Container Platform in the same way OpenShift’s advantages were combined with those of HP’s Synergy hardware. Besides giving devs using OpenShift access to IBM’s cloud services for AI, blockchain and IoT, IBM PowerAI, the company’s deep learning toolkit, will become available on Red Hat’s operating system. You can find more info about the two companies decades long partnership here: https://www.redhat.com/en/partners/red-hat-and-ibm
For those struggling with using their SQL databases in their agile pipelines, DBmaestro announced on Wednesday that their database automation platform was being updated to improve CI/CD for SQL. The platform focuses on enabling database changes to be made quickly, easily and more confidently as well as improving security by including role management and access control, customizable organizational policies in the database, configurable drift detection and prevention, and a check-in/check-out version control system. DBmaestro will be hosting a joint webinar on May 24th at 3 PM EST to go over tips for delivering SQL deployments that you can sign up for here: https://www.mssqltips.com/sql-server-webcast-signup/?id=702&src=WebcastList
Last June, Google Cloud Platform (GCP) opened their Singapore region, launching the cloud platform with two zones. This week, the tech giant opened a third zone in Singapore, named asia-southeast1-c, designed to boost the sites’s availability rate for customers in the region. New features are also coming to Singapore with this launch, such as Cloud Spanner, Cloud SQL, and Managed Instance Groups.
May 4th, 2018
Google Cloud Platform has unveiled GCP research credits, which allows researchers worldwide to take advantage of the data storage, analytics, and machine-learning capabilities GCP offers. The service has already been adopted for use in math research and managing climate science data sets. The program is only available to researchers at accredited academic institutions in the United States, or you are connected to degree-granting institutions in other countries. To find out more, go here: https://cloud.google.com/edu/
Yesterday, HP and Red Hat announced a partnership between their OpenShift Container Platform software and Synergy hardware to deliver some much needed relief to the headache of combining the efficiency and practicality of containers to develop apps with the need for scalability, persistent storage and easy manageability. The idea is to combine the storage and computation / network equipment the HP systems offer with the agility and ease of use containers give to developers. The integration will become available in September.
Google has released an experimental SDK called Asylo that allows developers to build secure cloud applications running in shared environments across multiple cloud architectures. Alyso is aimed at solving the opposite problem from Docker and Kubernetes. While those container apps focus on keeping an underlying operating system secure while untrusted applications run on it, Asylo allows trusted applications to run in Trusted Execution Environments, which are specialized to protect those applications from attacks on the underlying OS they are running on. Check out asylo here: https://asylo.dev/
Yesterday, Twitter publicly announced the existence of a bug that had caused users’ passwords to be stored in plain text rather than in their secure encrypted state. The platform urged their 330 million users to reset their passwords in case their’s had ended up being revealed. The same plain text error happened to GitHub earlier this week, albeit on a much smaller scale. Unfortunately, this warning was just a popup on the Twitter app that’s easy to click past, so if you have an account, it’s best to go reset your password now.
As part of their overarching plan to become a major cloud computing player, DigitalOcean yesterday released an early preview of their Kubernetes-based container service. The service, simply called DigitalOcean Kubernetes, integrates with the company’s existing storage service, Spaces, as well as their firewall tools and other key features. The aim of the new service is to allow users to ship their applications easily without worrying about creating and running a scalable, secure cluster on top of their already busy development schedules. To sign up for an early look, click here: https://www.digitalocean.com/products/kubernetes/
April 20th, 2018
Google has released VPC Flow logs, which gives users of Google’s Virtual Private Cloud the ability to monitor network traffic between virtual machines inside a VPC as well as traffic between Google Cloud regions, with no impact on performance. Some exciting potential uses of VPC Flow logs are for network operators to troubleshoot issues, optimize network usage and costs, and perform forensics on network intrusions. The data can also be exported to other Google and third-party services for processing and analytics. You can find a guide on VPC Flow logs here: https://cloud.google.com/vpc/docs/using-flow-logs
The technology that powers the video streaming, machine learning, big data, and content encoding of Netflix, Titus, is now open source, with the media giant sharing the results of technology assembled through three years of production learnings in container management and execution. Netflix hopes that the container community and other container management solutions can absorb the concepts they’ve developed to provide better off-the-shelf solutions, as the teams at Netflix stayed well-aware of existing solutions while developing Titus. The article goes more in depth on how Titus was the best solution to help them scale, enable apps to transition to different containers seamlessly, and quickly add new features. You can find Titus here: https://netflix.github.io/titus/
Amazon has been investing heavily in converging edge computing, machine-learning technologies, and IoT, with visions of a time where consumer devices become intelligent enough to let you run deep learning models locally. Since IoT devices are expected to intermittently connect to the cloud, the devices can serve machine learning models at runtime, while the models can work offline. To further their pursuit of that future, Amazon has ramped up their edge computing platform, Greengrass, by adding support for Apache MXNet and Tensorflow Lite. For more info about Greengrass, check out the AWS site: https://aws.amazon.com/greengrass/
JFrog has announced the new release of their continuous security and universal artifact analysis solution, Xray. The solution is designed as a way to analyze containers and software artifacts to find any issues they could be facing. Besides general quality of life changes like enhanced usability, improved visibility, native indexing and scanning support, the 2.0 update gives users the ability to continuously audit all the artifacts being both consumed and produced. This is especially useful for CI/CD pipelines, with the problems that can seep into their constant production and consumption of new software being directly addressed. You can get a free trial of Xray here: https://jfrog.com/xray/free-trial/
At mabl, we’ve enlisted Stripe for our payment processing. To combat fraud, Stripe comes packaged with Radar, and with the newly released Radar 2.0, the system is reinforced by machine learning trained on billions of data points drawn from the Stripe network, learning from purchase patterns to detect any anomalies. Stripe reports that 2.0 has reduced fraud by 25%. They’ve also released Radar for fraud teams to help fraud professionals review and gather insights into fraud alerts, and customize rules and thresholds. You can find out more about Stripe at their site: https://stripe.com/
April 6th, 2018
Google Releases New Features for Tensorflow
Guide To: Docker Swarm And How To Orchestrate Containers Across Multiple Hosts
On Monday, Jaxenter released a fantastic step by step explanation for getting Docker Swarm, an alternative to Kubernetes where you can deploy Docker containers on multiple nodes, running the way you want. The guide fills the perfect spot between the high-level explanations that end up not being useful and the extensive guide books that overwhelm you with details you don’t need, instead giving you everything you need to get Swarm running for your team with no cumbersome steps to clog up the process. When you do need those extensive notes (A.K.A. the Docker help section), you can go here: https://docs.docker.com/engine/swarm/.
JFrog Releases Free Community Edition
JFrog, the DevOps accelerator focused on streamlining the work of teams using multiple dev environments, announced last week that a free community edition of Artifactory, JFrog’s universal software repository, would be available through the Conan package manager. This move will be especially useful for any company or team possessing a C and C++ legacy in need of automation and integration into their DevOps pipeline, as Conan is the leading open source packaging manager in the C and C++ communities.
Atlassian's Stride Releases To The Public And Adds Google Drive and Dropbox Integrations
We said in our first product update of March that Stride, Atlassian’s team chat app and rival to Slack, had opened up API access to the service. Last week, the service was fully released to the public and came with new integrations for Google Drive and Dropbox alongside 22 other integrations, including Trello. You can try Stride for free at https://www.stride.com/.
GCP Expands Service to Japan, Guam, and Australia
On Tuesday, Google announced it’s investment in the Japan-Guam-Australia Cable System, which will link Australia and Japan by way of Guam and is only one of a number of undersea fiber systems Google is preparing for the near future. There is also the Pacific Light Cable Network, linking Los Angeles and Hong Kong, that is expected to go online this summer and will deliver the highest speed of any trans-Pacific system to date, at 120 terabits per second. In 2019, the HK-G cable, which links Hong Kong with Guam, and INDIGO, a massive effort that comprises two distinct projects (Indigo West and Indigo Central) and will connect Singapore, Indonesia, and Australia. Besides benefiting GCP customers in their areas, Google Maps and YouTube users can expect faster and more reliable service from the new infrastructure.
March 23rd, 2018
Atlassian has finished its migration to AWS, bringing Jira and Confluence to the cloud through a lengthy two year process. The move required a great amount of planning to ensure customers would be automatically shifted without any interference. Before the move, Atlassian simply did not support cloud-based customers, which was becoming a problem as 75% of their new customers met that qualification. Atlassian is already reporting lower costs after the migration, but a word of caution for any company considering the shift to cloud is in order because many CIOs are concerned over cloud spend, as over-provisioned resources and ignored usage limits are problems that often come with a cloud infrastructure.
After an article in the European Commission’s proposed Copyright Directive stated that service providers that store and give access to large amounts of content uploaded by users must ensure access to copyrighted material in the data can be blocked, Github came forward to warn that the “content recognition technologies” used for tracking such material would be detrimental to open-source coders. The “false positives and negatives” frequently encountered by those technologies are especially likely to impact a piece of code because of the number of contributors and layers to it. There is also the problem that these layers often have different licensing, heightening the chance of a false positive by the system. The Save Code Share! campaign has been started to protest the reform and can be found here: https://savecodeshare.eu/
Alphabet’s Jigsaw is now offering a free DIY proxy software called Outline where users can set up a personal VPN on their own physical server or a virtual server hosted in the cloud. The program aims to be an alternative to both browsers like Tor that encrypt but slow down your browsing by bouncing your connection around the world and commercial VPNs that can track all the traffic you’re routing through them. The setup is designed to be simple enough for small, less savvy users to set up in minutes. Outline is available to run on Windows and Android now and Apple operating systems soon. You can download Outline here: http://getoutline.org/
GCP’s new Cloud Armor tool will use load balancing to shift DDoS attacks away from GCP customers. This is the same load balancing system used in YouTube and Google Search, and is activated as soon as users configure the service. You can then create custom defenses with Layer 3 to Layer 7 parameters and get a breakdown of the blocked and allowed traffic. Google has also released a slew of other services, such as their Cloud Data Loss Prevention API, used to manage certain pieces of sensitive information, available at https://cloud.google.com/dlp/, and VPC Service Controls, which protects against exfiltration from data stored in API-based services in GCP if identities and credentials are stolen, found at https://cloud.google.com/vpc-service-controls.
Amazon Web Series has announced its latest group of community heroes, Peter Sbarski, the VP of Engineering at A Cloud Guru and organizer of Serverlessconf, has written a book on AWS called Serverless Architectures on AWS, is in the process of writing another on design patterns and helps to organize Serverless Meetups in Melbourne and Sydney. Michael Wittig and his company widdix released marbot, a Slack bot that detects and solves incidents on AWS, in 2016 and is currently writing a book with his brother Andres about AWS with a strong focus on automation called Amazon Web Services in action. Fernando Hönig helps Hispanic speakers looking to get into AWS through a Linkedin group, YouTube channel, and Slack Community all titled “AWS en Español”. Anders Bjørnestad has been using AWS since 2010 and co-founded and organizes the AWS User Groups in Oslo, Bergen, Trondheim and Stavanger, the largest cities in Norway.
March 9th, 2018
Atlassian released Stride, their team collaboration platform, back in September, and has now publicly released an API platform for the technology, bringing it up to the level of its competitors, Slack, Microsoft Teams and Cisco Spark, who all provide similar tools. These APIs are vital for the variety of businesses that use the services, such as law firms, medical offices and government agencies, whose specific workflows and business needs require customized integrations. You can try Stride for free at https://www.stride.com/.
Github, a common target for DDoS attacks, was hit by the largest-known one in history last Wednesday, with the attack’s peak inbound bits reaching 1.35 trillion bits per second (Tbps). Calling in assistance from Akamai with their anti-DDoS Prolexic service, which rerouted the traffic through Akamai’s “scrubbing centers” that eliminated the malicious data, Github was only taken offline for five minutes from the attack.
After reports way back in 2016 that Apple had signed with Google Cloud Platform for cloud storage, the first official confirmation from Apple has come in the form of the iOS 11 security guide published in January. The guide describes how user files are divided into encrypted chunks, with their encryptions keys and metadata stored on Apple’s servers and the actual files stored on the third-party services of GCP and Amazon S3. This means that if you use iOS 11, while Google and Amazon may have your files, they can’t do anything with them without the keys in Apple’s possession.
A number of the AI tools in Microsoft Cognitive Services, a group of cloud-hosted APIs for developers to easily use and get results from, have been updated. The Custom Vision Service is now moving from free to paid preview, the final step before becoming generally available, and is designed to identify similar entities in pictures to determine things from pictures like what kind of dog a dog is and who it belongs to. The Face API, which identifies a specific person from a group automatically, can now handle groups of up to a million people. Finally, Bing Entity Search now allows developers to embed Bing search results in any of their applications. You can try these APIs for free at https://azure.microsoft.com/en-us/services/cognitive-services/?v=18.06.
An interesting relationship has arisen with the rise of enterprises adopting cloud computing: while the interest in a switch from traditional servers to the cloud comes from a desire for lower costs, most companies who switch find themselves spending more on their cloud infrastructures than they were spending pre-switch. While cloud costs in general are relatively inexpensive and there are immediate savings upon switching, companies that begin using them end up consuming more than originally intended and their costs spiral past expectations. So before you make the big decision to switch over, make sure you have a real handle and understanding of the costs associated with the move.
February 23rd, 2018
The Montreal cyber security company GoSecure has published a blog post focused on “Chaos”, a piece of malware that infected multiple high profile hosting services’ Unix systems by guessing weak passwords and planting a covert “raw socket” to monitor all data sent over the system. Despite the reportings of their findings, 98 of the at least 100 servers supposedly infected have not been cleansed. This problem of apathy towards infections again showed in the fact that “Chaos” is simply a renamed version of a 2013 Linux backdoor that, despite being publicly available for more than five years, is not detected by 58 of the most widely used anti-malware services.
Second generation tensor processing units (TPU) resources can now be used alongside current Google Cloud Platform CPU and GPU offerings. This capability is catered to developers looking for TPU-suitable machine learning performance for particular TensorFlow workloads. With this second-generation TPU chip configuration, where just four chips form a single TPU board, Google cites up to 180 teraflops of unspecified compute performance and is aiming to offer full TPU Pods on GCP later this year.
Google Cloud Platform Acquires Xively IoT Management Service
Internet of Things devices are becoming a major, potentially insecure portion of the Internet: Gartner estimates that 20 billion+ IoT devices will be connected by 2020 and Xively states that 81% of companies implementing IoT on their own end up with overrun costs or products that get hacked. Most of these devices lack the resources, such as antivirus software and firewalls, to protect against attackers, so Xively and Google are now working together to offer monitoring, data storage, and remote management of IoT devices for consumers.
The Serverless Application Repository, an AWS app store for Lambda-built applications, was fully launched on Wednesday after a public preview beta. Lambda is AWS’ service that allows developers to write short functions that run on triggered events with no need to manage the underlying infrastructure running them. Users can find apps they want to use in the repository and either use them as-is or adjust their code to suit them better and can even submit their changes to the application creator to include in future releases.
And last but not least,
Ex-Stackdriver founders and former Googlers, Izzy Azeri and Dan Belcher, have publicly launched mabl, the ML-driven automated testing service that creates and maintains automated tests and helps QA teams analyze the results. mabl promises to help developers’ QA processes keep pace with the software development part of building a web app or website, which is continuing to accelerate as DevOps becomes more widely adopted. Users can test their web applications with the free public beta at app.mabl.com.
February 9th, 2018
The container management startup CoreOS has been acquired by Red Hat for $250 million after both companies had been dabbling in and contributing to the same area of Kubernetes container management. CoreOS’s products include, fittingly, CoreOS, a Linux distribution, as well as Tectonic, a container management solution based on Kubernetes. This acquisition should give Red Hat more presence in and insight into how companies are using Kubernetes, as well as combining the competing products of CoreOS (matched by Red Hat Atomic) and Tectonic (matched by Red Hat’s OpenShift).
At the end of January, GitHub began supporting collaboration between multiple authors on the same commit. The feature was designed in response to the rise of collaborative coding as a means of onboarding new developers and improving code quality through peer programming and code reviews.
Shippable is making it easier for enterprises to follow the 4-step automate, integrate, measure, optimize path to implementing Continuous Deployment. First, Shippable now provides support for all mainstream operating systems, standardizing automation efforts across all application portfolios. Next, Shippable now has an analytics add-on that will enable teams to measure their DevOps processes, where you can run reports on development velocity, code quality trends and anomalies in the workflow, such as when a feature is “stuck”. Now that analytics are in place, Shippable is starting to looking at using AI to accelerate continuous improvement.
After quietly gathering $175 million since late last summer, AI Fund, the venture capital fund headed by Andrew Ng, has officially launched. Ng and his team are looking to initiate new AI-related businesses and companies that can immediately start experimenting with new ideas thanks to the funding. One of the team’s long term goals is to acclimate the existing workforce to the impact of AI on society by training them with skills fitting the new technology. The team hopes to create “not just a wealthier but also fairer society”.
Microsoft has released a service called CredScan that comes with Azure subscriptions which scans for accidentally shared secrets in GitHub commits. Commits with exposed secrets are flagged and the Azure subscription owner is notified via email with suggestions on how to fix this, though given that the secret could already be compromised, the best move is to revoke the exposed credentials. Microsoft has been using CredScan to protect its own services and applications, but they’re planning on adding more types of data to the scanning service and are developing a scanning service for code.
AWS has acquired the Cambridge-based security startup Sqrrl following Amazon’s announcement of Secret Region, a series of reserved data centers for US intelligence and government agencies in November. After being co-founded in 2012 by former US government security officials who had previously worked for the NSA and White House, Sqrrl developed the Threat Hunting Platform, a dashboard for security analysts that collects data from a variety of sources and then presents any findings on enterprise threats.
Based on a recent Digital Ocean survey, a majority of modern developers are not currently utilizing artificial intelligence or machine intelligence. However, that doesn’t mean the technologies are being ignored, with 73 percent of those not using AI planned to learn more about it in 2018. This likely comes from the two most cited development challenges of 2018: automating workflows (at 63%) and, fittingly, incorporating machine learning and AI (at 32%). For those interested in new AI and ML technologies, here are a few companies using them today:
New Pair Programming Tools from Microsoft and Github
Following last November’s launch of Cloud9 by AWS, Microsoft and Github have both unveiled pair programming tools to help devs collaborate. Microsoft’s Visual Studio Live Share and Github’s Atom editor in Teletype are focused on allowing users to code in their familiar environments rather than forcing them into using additional programs.
The Coolest Tech At CES
From massive modular 146-inch TVs to rollable 65-inch TVs, an upgraded HTC Vive and Panasonic GH5 (the Vive Pro and GH5S), a bunch of upgraded gaming desktops, thinner laptops, longer lasting phones, clearer speakers, and smarter smartwatches, CES 2018 had a wealth of tech offerings to whet your appetite for what’s to come. Check out the second page for in depth looks at each company’s products this year.
Google Cloud’s AutoML Makes AI Accessible To Everyone
After introducing Google Cloud Machine Learning Engine last year to help ML-savvy developers build ML models for any type of data, Google has taken a second step towards their goal of “democratizing AI” and introduced Cloud AutoML, a project focused on helping business with limited ML experience create useful models while also improving the work of AI experts. The project’s first release is AutoML Vision, which is focused on improving image recognition models, and several more accessibility-enhancing releases are in development.
December 1, 2017
As expected, AWS realized customers would prefer to use Kubernetes rather than ECS to manage their containers so now they support the leading container orchestration service as a managed service on AWS. AWS claims to have over 100,000 container clusters on their cloud with over 1m containers which have been spun up. Clearly offering Kubernetes, or EKS as they named it, as a managed service, was a requirement, at some point especially given Azure even added support for it recently as well.
AWS extends its products in the dev workflow by launching it’s own IDE named Cloud9 which is natively integrated with various AWS services. Like other cloud based IDE’s, its easy to collaborate and there’s nothing to install locally. However the key benefit of Cloud9 is if you’re going all in on AWS. You can easily launch EC2 instances right from the terminal, test serverless apps quickly since it has support for locally testing and debugging Lambda functions, and it has a pre-authenticated AWS CLI.
Looks like AWS is taking on a new industry segment with GuardDuty. AWS previously released Macie, which was a tool for identifying vulnerabilities in S3. Now, its going account wide with Guard Duty. Like Macie, Guard Duty scans your AWS resources and looks for both defined vulnerabilities like ports being publicly accessible as well as scanning streams of log and other account specific data (think security keys, users, etc) to detect anomalies in login behavior or data patterns. This is likely not the last security product AWS will develop as I can imagine threat response is another direction they may go to help customers when there actually has been a vulnerability detected.
And lastly, an Ellison-esque quote from Andy Jassey
October 20, 2017
Most modern developers don’t want to re-create a piece of code that already exists to do a specific function within their product, so they just use an existing external project and keep coding. Now, Github, with Dependency Graph, just made it much easier to track these components so you know exactly the code you’re depending on and what that code depends on as well. This is very useful in cases where there’s a bug or security flaw in a specific piece of open source that you can trace to see if you’re using or not. There’s no alerting yet but this is coming and Dependency Graph is available for both public and private repo’s.
In one of the most surprising partnerships, two of the leading cloud vendors announced a new AI deep learning interface to make it easier for developers to both build and run machine learning models. Project Gluon is an open source API which makes it very easy to prototype, build, and train deep learning models both different types of applications including cloud, mobile, or even IoT.
Docker has a container management service called Swarm which is used to schedule and manage large pools of Docker containers as one system. Now, given the momentum that Kubernetes has for managing containers (and given it’s supported by the likes of AWS, Microsoft, Google, and pretty much anyone else that matters for modern cloud platforms, Docker has released native support for K8s.
September 29, 2017
Compute has been moving very quickly from vm’s running in the cloud to containers and now more recently to functions. Functions make it very easy to quickly (within spinning up a vm) make an application command and they’re ephemeral. That last point makes them very difficult for monitoring. Take a look at how Datadog, one of the leading infrastructure monitoring systems, advises on how to monitor AWS Lambda Functions.
Microsoft held its annual Ignite conference this week and decided to use the event to push heavily into machine learning to better compete against AWS and GCP. Included in the release are an experimentation service, a learning workbench (which supports both windows and mac!), and a model management service that allows developers to take their models and deploy them to anyplace you can run a docker container. The headline here is Microsoft is serious about ML as well as being open with their ML capabilities being transportable.
Google Cloud Platform continues to focus on attracting enterprise applications. One of its first acquisitions to do this was Apigee to help with API design and management and the latest is Bitium. Bitium is an authentication service which enterprises use for SSO of their cloud based apps for their employees. Continuing in its ‘do no harm’ mantra, Google Cloud wants to continue offering Bitium as a standalone service but then also offer an integrated version with GCP.
August 30, 2017
Amazon is getting more and more serious about using ML as a key component of products designed for mainstream developers. The latest is Macie, which automatically detects if sensitive data (PII, Emails, API keys, etc) is being accessed in an unusual pattern vs. historical behavior. At first glance, this seems very useful as S3 holds trillions of objects and often times customers forget that their S3 buckets are open to the public.
Incident management tools aren’t new but Opsgenie is adding a twist on one of the most common tools for DevOps teams. In announcing their new platform, Opsgenie has integrated a runbook to help responders have easy access to supporting data including logs, alerts, config changes, and metrics – all in an effort to to accelerate resolution of urgent incidents. Think of this as an instant health profile for a person checking in to an emergency room so doctors can resolve their injury faster.
As developers build applications, especially when part of larger teams, collaberating on different components happens all day long. Github is now making it easier to interact with other developers on specific lines of code. Code snippets allows a developer to highlight a section of code, click permalink, and embed it into a conversation. Much like the comments feature on google docs, this is an immediate way to get feedback without having to move out of the app.
Security threats are more prevalent now than ever before which is forcing dev teams to monitor for security threats before apps go to production. Jfrog is making this easier with a plugin to integrate with IntelliJ IDEA. The plugin allows developers to see a detailed analysis of any dependency components they have in their software – allowing them very quickly to determine whether to use them or not. Moving this type of security review earlier in the dev process saves valuable time for modern developers moving quickly in the CI/CD process.
August 11, 2017
There has been lots of chatter lately about artificial intelligence and the impact it could have on the human race (Musk). There’s also a different camp which believes AI isn’t all that people think it is and it will actually have a profound impact on improving our lives (Zuck). The truth is probably somewhere in the middle and the race is on to use AI across all facets of industries throughout the world.
It’s not easy to be the 4th major public cloud vendor but DigitalOcean continues its impressive growth. Just recently, they crossed the million user mark. From a humble beginning in 2012 to now more than 27,000 Meetup members throughout the world, DigitalOcean is claiming its spot as an easy infrastructure as a service provider for developers globally. Much of this is fueled by its active community, including many of the people mentioned in the article.
Slack started out as a great way for smaller teams to communicate and share information. As popularity of the platform has grown, so has the size of the teams using Slack. Now, Slack is making it easier for large, distributed teams to use the service. They recently announced Enterprise Mobility Management integration with products like Mobile Iron and Airwatch, synching profiles with internal directories, as well as the ability to customize the default statuses available for users to set if they want to be notified or not.
The Cloud Native Compute Foundation is designed to support using open source technologies to orchestrate containers in modern applications and AWS is now their newest platinum member. This is major news as AWS was the last of the big 4 public cloud vendors (Azure, GCP, DO being the others) who wasn’t a sponsor of this major open source initiative. Hopefully this announcement leads to much more integration and tooling run containers in AWS, where a large % of Kubernetes workloads are already running.
Lyft has invested heavily in machine learning models to power different areas of its product including its pricing, car routing, and driver matching algorithms. Now it’s planning on open-sourcing its simulators which are used to very quickly test the validity of different ML models. These simulators could be valuable to other companies who want to test their own early ML models using their own parameters to quickly understand the signals that these models will have for their use case.
CircleCI is one of the more popular CI/CD tools that modern developers use. Last week, they released their new version and the headline feature is native support for Docker containers including image caching which has a significant impact on speed of builds. Other new features include a workflow capability and a CLI which allows to reproduce an environment on your local machine.
Open source tools are a mainstream option today for nearly any software need – whether you’re looking for a text editor for Github or a full fledged CRM system. Ever wonder how we got here? John Leonard takes us through the open source journey starting from The GNU project to Docker and Kubernetes for modern developers.
Google is trying to keep pace with datacenter expansions of other public cloud vendors including Azure and AWS by announcing its new London region. As expected, there are significant performance improvements for workloads run in London and serving customers in the same region vs. serving from Google’s other nearest region in Belgium – 40-82% specifically.
If these are useful to you, feel free to sign up for mabl and we’ll keep you in the loop.Back to the blog