SD Times news digest: Dynatrace Software Intelligence Hub, npm 7 released, and Python accepts pattern matching PEP 634

Dynatrace’s new Software Intelligence Hub enables digital teams to extend automation and AI-assistance across more environments and use cases. 

“The new Software Intelligence Hub extends the value we get from the Dynatrace platform to even more technologies and data sources. This enables more teams across our organization to benefit from precise insights and automated workflows and frees critical time for our developers to bring new innovations to market faster and with higher quality,” said Chris Deane, a senior engineering manager of platform services at BT Consumer.  

This includes wide application and infrastructure coverage, extensions that broaden the automatic and intelligent observability of Dynatrace across additional cloud cases, and open APIs and an SDK.

npm 7 released
Npm 7 includes a new feature that automatically installs peer dependencies, whereas in previous versions, peer dependencies conflicts presented a warning that versions were not compatible, but would still install dependencies without an error. 

Other updates in the new version include an increased velocity and tempo to a weekly release cadence, reduced dependencies by almost half, and increased coverage by 17%.

Npm 7 also includes changes to the new lockfile format, which is backwards compatible with npm 6 users. 

Additional details on the new release are available here.

Python accepts pattern matching PEP 634
The Python Steering Council announced that it chose to accept PEP 634, and its companions PEP 635 and 636, for Pattern Matching. 

The developers behind Python aim to have high-quality documentation available on the first release for Python 3.10 and its absence should be considered a release blocker. 

At the same time, the Python Steering Council, PEP 640 and 642 were rejected since 642’s proposed syntax “does not seem like the right way to solve the jagged edges in PEP 634’s syntax,” the council wrote in a post.

Developer week winners
The 2021 DEVIES winners were announced at the developer trade show that spanned over 30 different DevTech categories. 

Winners included Red Hat Integration for API infrastructure, Kong for API services, SmartBear for app analytics and testing, and many more. 

The full list of winners is available here.

The post SD Times news digest: Dynatrace Software Intelligence Hub, npm 7 released, and Python accepts pattern matching PEP 634 appeared first on SD Times.

Read more:


Sqribble eBook Software

Sqribble eBook Software

In this review, I am going for a closer look at Sqribble – a brand new cloud based tool that enables you to create eBooks, reports, whitepapers, or perhaps any other digital books on the fly, easily and quickly.

What’s Sqribble?

Sqribble is a cloud based eBook creator tool which allows you to create professional eBooks, based on templates inside the tool, with a couple of clicks that save you a great amount of money & time.

Unlike other eBook creators, Sqribble immediately caught my attention since it has some really useful features I have not seen elsewhere.

Below are a few features that really blew me away:

  • Automatic content
  • Gorgeous eCovers
  • Create Flipbooks

Why does this matter?

It is about standing out and grabbing attention. Additionally, it is a way to engage your readers better. In case they like your experience of reading the book (“flipping” the pages) they are very likely to get value from your content and keep reading until the end where your call or pitch to action is actually! One more thing about flip books is you can embed them on your site with an easy piece of code that Sqribble provides once you publish your book. Awesome!

Who’s it for?

Sqribble is most suited for freelancers, independent internet marketers, small marketing agencies & small business owners that wish to create lead magnets, publish Kindle books, create & sell eBooks, or publish whitepapers.

In the event that you are also trying to produce an extra income you will be very happy to know that also included is actually a commercial agency license to use Sqribble for client work, offering eBook creation services, with the ability to create unlimited eBooks which you are able to sell and keep all of the profits!

What does it cost you?

Normally $197, but the special launch price is one time forty seven dollars only.

Any upsells?

Sure, there are currently four upsells. You do not need all of them to use Sqribble, but they may be available in useful depending on your usage and situation.

Here is what they are:

Upsell one – Sqribble professional:

Unlock 150 more professional eBook templates (probably the best ones are actually in the pro version), graphics and even more ready – made content for all sorts of niches. (Just so you know, single templates from stock sites would set you back up to $450… for just ONE template!) Great for those that want more variety, heavy users and content.

Upsell two – Sqribble Prime

Get 15 premium “limited edition” new eBook templates added to your Sqribble dashboard every month. This can boost your library over time, and make you stand out from other users. It works out to less compared to 2 bucks for a template! (Much cheaper than stock sites.) Great for moderate users.

Upsell three – Sqribble Fantasia 3D

This includes 2-in-1 features:

1.) Unlocks a 3D cover creation tool inside your dashboard, allowing you to turn flat covers into lifelike, 3D covers. Great for getting more attention and making your books look and feel more “real.” People do judge a book by it’s cover, so a thing to help keep in mind.

2.) Create “Flipbooks” that turn your eBooks into animated and interactive pages that turn like in life that is real. They may be linked to from anywhere online, as well as embedded on web pages with a single piece of code. This’s really cool.

Upsell four – Auto Job Finder software

When you are likely to be using Sqribble to create eBooks as a service to get paid, then Auto Job Finder is one thing that you need. It’ll instantly find you related jobs across various freelance sites and notify you so that you are able to fulfil them. A massive time saver and money earner.

The good

– Very easy to use

– Glitch free

– Unlimited use (one time payment)

The awesome

– Tons of gorgeous templates

– Professional page layouts

– Automatic content (saves time)

– Flipbook creator (available through 3rd upsell)


We have seen a lot of eBook creator tools in the past, but I have not seen any that make the whole process as quick and smooth as Sqribble. It is surprisingly glitch free (most low priced tool) and it’s packed with some really great features.

The templates are very good looking, the layouts are actually professional and the reality you are able to instantly add content makes this a must have for anybody who is tired of spending hours slaving over book design, writing content and screwing around with formatting.

The icing on the cake is actually the business license which is actually included. Normally vendors charge extra for this, so it is an enormous value added bonus. The additional provided done-for-you agency site is just over delivery.

When you are planning to create eBooks, reports or perhaps Kindle books in the near future, you owe it to yourself – and your sanity – to pick this up as it is a tool that you will absolutely want in your company.


Snap launches a native Twitter integration

Twitter is partnering with Snap to bring tweets into Snapchat with a native integration that both companies hope will push users away from screenshots and toward more interactive embeds.

Twitter users who are also logged into the Snapchat app on their phone will be able to access the functionality by tapping share on a particular tweet and navigating to the Snapchat icon where they’ll be able to share and react or comment on a Twitter post and send it to a friend or share on their story. The functionality will notably only work for tweets from public accounts, not protected ones.

The feature is rolling out on iOS for now, with Android integration “coming soon.”

Image Credits: Snap

Given how much content across Snapchat, Instagram, Facebook and Reddit originates from Twitter, it’s surprising that this functionality is arriving so deep into Twitter’s life as a company. They’ve long had a web embed integration which has allowed reporters to embed tweets into stories, but when it came to sharing on social media, Twitter’s strategy has deferred to the un-trackable and un-monetizable screenshot.

This has been low-hanging product rollout for Twitter, which will likely be able to coax some non-Twitter users to enjoy content straight from the source, something the company has been vaguely alluding to in marketing campaigns over the years but is just now approaching with a direct integration into another company’s platform.

With Twitter now starting to roll out its Stories product Fleets to users, the company likely feels as though they have more feature familiarity to bring new users onboard from Snap who might not have experimented with the platform previously.

Twitter rolls out Stories, aka ‘Fleets,’ to all users; will also test a Clubhouse rival

The truth is there aren’t a ton of integrations across social media channels; screen recordings and screen shots tell one platform’s story in an imperfect way on another’s. This integration comes as a result of updates made to Snap’s Snap Kit API and a particular feature called Creative Kit. Snap says that Spotify, Reddit, SoundCloud, Sendit, YOLO and GOAT have also created integrations that allow content from those apps to be shared across Snapchat.

Twitter didn’t rule out the expansion of this feature to other platforms in the future.

“This agreement with Snap was focused on this feature,” a Twitter spokesperson told TechCrunch. “We would love to partner with other platforms to enable people to share Tweets more widely. We hope this will be the first of many integrations of its kind.”

Read more:


Google reveals a new Windows zero-day bug it says is under active attack

Google has dropped details of a previously undisclosed vulnerability in Windows, which it says hackers are actively exploiting. As a result, Google gave Microsoft just a week to fix the vulnerability. That deadline came and went, and Google published details of the vulnerability this afternoon.

The vulnerability has no name but is labeled CVE-2020-17087, and affects at least Windows 7 and Windows 10.

Google’s Project Zero, the elite group of security bug hunters which made the discovery, said the bug allows an attacker to escalate their level of user access in Windows. Attackers are using the Windows vulnerability in conjunction with a separate bug in Chrome, which Google disclosed and fixed last week. This new bug allows an attacker to escape Chrome’s sandbox, normally isolated from other apps, and run malware on the operating system.

In a tweet, Project Zero’s technical lead Ben Hawkes said Microsoft plans to issue a patch on November 10.

Microsoft didn’t independently confirm this date when asked, but said in a statement: “Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers. While we work to meet all researchers’ deadlines for disclosures, including short-term deadlines like in this scenario, developing a security update is a balance between timeliness and quality, and our ultimate goal is to help ensure maximum customer protection with minimal customer disruption.”

In addition to last week's Chrome/freetype 0day (CVE-2020-15999), Project Zero also detected and reported the Windows kernel bug (CVE-2020-17087) that was used for a sandbox escape. The technical details of CVE-2020-17087 are now available here:

— Ben Hawkes (@benhawkes) October 30, 2020

But it’s unclear who the attackers are or their motives. Google’s director of threat intelligence Shane Huntley said that the attacks were “targeted” and not related to the U.S. election.

A Microsoft spokesperson also added that the reported attack is “very limited and targeted in nature, and we have seen no evidence to indicate widespread usage.”

It’s the latest in a list of major flaws affecting Windows this year. Microsoft said in January that the National Security Agency helped find a cryptographic bug in Windows 10, though there was no evidence of exploitation. But in June and September, Homeland Security issued alerts over two “critical” Windows bugs — one which had the ability to spread across the internet, and the other could have gained complete access to an entire Windows network.

Updated with comment from Microsoft.

Homeland Security issues rare emergency alert over ‘critical’ Windows bug

Read more:


Use ‘productive paranoia’ to build cybersecurity culture at your startup

As any startup grows, getting new products out the door and securing that next round of funding are always top priorities.

But security, all too often, falls by the wayside. After all, why would you invest money in something that you hope never happens when you could be funneling cash back into the business?

Fostering a corporate culture that embraces cybersecurity best practices keeps customer data safe and your company’s reputation intact. But security isn’t something you can easily tack on later. It must be ingrained in your company’s culture, and it’s so much easier to start in the early days of your company than scrambling in the aftermath of a data breach.

But how do you get there?

At TechCrunch Early Stage, we asked Casey Ellis, founder, chairman and chief technology officer at Bugcrowd, to share his ideas for how startups can improve their security posture.

Bugcrowd helps companies dip into a huge pool of cybersecurity talent — including hackers and security researchers — to find vulnerabilities. By helping companies identify flaws, they can shore up their defenses before malicious hackers break in. Few know better than Ellis — who’s run Bugcrowd for close to a decade — which policies, procedures and protections companies have put in place to get there.

Extra Crunch subscribers can log in and watch the video below.

Read more:


Progress Fiddler Everywhere web debugging proxy comes out of beta with 1.0 release

Fiddler Everywhere 1.0 is a web debugging proxy for Mac, Windows, and Linux that enables users to inspect and debug HTTP traffic from any browser.

Version 1.0 includes an improved traffic inspector that enables users to inspect requests and responses with different formats, including Headers, Text, Raw, JSON, and XML. 

Also, with Composer Collections, users can create a collection of requests to keep them all organized. Users can open multiple requests and execute them and share collections with team members. 

The improved Auto Responder UI makes it easier to create and apply rules while inspecting web traffic. The ruleset can then be exported and shared with a team. 

“Fiddler Everywhere is designed to keep your team in mind. You can now seamlessly save sessions, comment, and share them with your team without manually exporting them,” Progress wrote in a blog post.

Each saved session opens as a new tab in the Sessions view so that users can debug these sessions independently. 

Moving forward, the team behind the project said it will continue to focus on improving the user experience. 

Progress added that the Traffic Inspector features will always remain free, including unlimited sessions. Free users can also use the collaboration features within some prescribed limits.

The post Progress Fiddler Everywhere web debugging proxy comes out of beta with 1.0 release appeared first on SD Times.

Read more:


Decrypted: Tesla’s ransomware near miss, Palantir’s S-1 risk factors

Another busy week in cybersecurity.

In case you missed it: A widely used messaging app used by over a million protesters has several major security flaws; a little-known loophole has let the DMV sell driver’s licenses and Social Security records to private investigators; and the U.S. government is suing to reclaim over $2.5 million in cryptocurrency stolen by North Korean hackers from two major exchanges.

But this week we are focusing on how a Tesla employee foiled a ransomware attack, and, ahead of Palantir’s debut on the stock market, how much of a risk factor is the company’s public image?

Russian charged with attempted Tesla ransomware attack

$1 million. That’s how much a Tesla employee would have netted if they accepted a bribe from a Russian operative to install malware on Tesla’s Gigafactory network in Nevada. Instead, the employee told the FBI and the Russian was arrested.

The Justice Department charged the 27-year-old Russian, Egor Igorevich, weeks later as he tried to flee the United States. According to the indictment, his plan was to ask the employee to deliberately deploy ransomware on the Gigafactory’s network, grinding the network to a halt for a ransom of several million dollars. The would-be insider threat is likely the first of its kind, one ransomware expert told Wired, as financially driven hackers continue to up their game.

Tesla founder Elon Musk tweeted earlier this week confirming that Tesla was the target of the failed attack.

The attack, if carried out, could have been devastating. The indictment said that the malware was designed to extract data from the network before locking its files. This data-stealing ransomware is an increasing trend. These hacker groups not only encrypt a victim’s files but also exfiltrate the data to their servers. The hackers typically threaten to publish the victim’s files if the ransom isn’t paid.

As ransomware gets craftier, companies must start thinking creatively

Read more:


Microsoft launches Open Service Mesh

Microsoft today announced the launch of a new open-source service mesh based on the Envoy proxy. The Open Service Mesh is meant to be a reference implementation of the Service Mesh Interface (SMI) spec, a standard interface for service meshes on Kubernetes that has the backing of most of the players in this ecosystem.

The company plans to donate Open Service Mesh to the Cloud Native Computing Foundation (CNCF) to ensure that it is community-led and has open governance.

“SMI is really resonating with folks and so we really thought that there was room in the ecosystem for a reference implementation of SMI where the mesh technology was first and foremost implementing those SMI APIs and making it the best possible SMI experience for customers,” Microsoft director of partner management for Azure Compute (and CNCF board member) Gabe Monroy told me.

Image Credits: Microsoft

He also added that, because SMI provides the lowest common denominator API design, Open Service Mesh gives users the ability to “bail out” to raw Envoy if they need some more advanced features. This “no cliffs” design, Monroy noted, is core to the philosophy behind Open Service Mesh.

As for its feature set, SMI handles all of the standard service mesh features you’d expect, including securing communications between services using mTLS, managing access control policies, service monitoring and more.

Image Credits: Microsoft

There are plenty of other service mesh technologies in the market today, though. So why would Microsoft launch this?

“What our customers have been telling us is that solutions that are out there today, Istio being a good example, are extremely complex,” he said. “It’s not just me saying this. We see the data in the AKS support queue of customers who are trying to use this stuff — and they’re struggling right here. This is just hard technology to use, hard technology to build at scale. And so the solutions that were out there all had something that wasn’t quite right and we really felt like something lighter weight and something with more of an SMI focus was what was going to hit the sweet spot for the customers that are dabbling in this technology today.”

Monroy also noted that Open Service Mesh can sit alongside other solutions like Linkerd, for example.

A lot of pundits expected Google to also donate its Istio service mesh to the CNCF. That move didn’t materialize. “It’s funny. A lot of people are very focused on the governance aspect of this,” he said. “I think when people over-focus on that, you lose sight of how are customers doing with this technology. And the truth is that customers are not having a great time with Istio in the wild today. I think even folks who are deep in that community will acknowledge that and that’s really the reason why we’re not interested in contributing to that ecosystem at the moment.”

Kong donates its Kuma control plane to the Cloud Native Computing Foundation

Google launches the Open Usage Commons, a new organization for managing open-source trademarks

Read more:


SD Times news digest: erwin Data Intelligence Suite update, Red Hat supports Quarkus, and Gatsby’s round of funding for modern development

The latest version of the erwin Data Intelligence Suite provides new AI-driven metadata matching, data lineage analysis, data model integration, and an enriched business user experience to speed enterprise data governance and literacy.

“Business transformation has to be based on accurate data assets within the right context, so organizations have a reliable source of truth on which to base their decisions,” said Adam Famularo, the CEO of erwin, Inc. “erwin provides an intuitive, robust data governance platform with the catalog, lineage, glossary and visualization capabilities needed to evaluate the business in its current state and then evolve it to serve new objectives.”

Users can automatically harvest, transform, and feed metadata from a wide array of data sources, operational processes, business applications, and data models into a central catalog. 

Additional details are available here.

Red Hat announces support for Quarkus
Red Hat advanced Java on Kubernetes by delivering Quarkus as a fully-supported runtime for cloud-native development. 

With Quarkus, users are getting a fully Red Hat supported technology, which includes an active community, continuous updates, and a fast release cadence, the company explained.

According to Red Hat, Quarkus helps increase developer productivity by working out-of-the-box with popular Java standards, frameworks, and libraries. It also increases operational efficiency and increases cost savings because it has low memory consumption.

Gatsby round of funding for modern web development
Gatsby raised $28 million in series B funding to expand its modern web development tool and framework.

Gatsby is an open-source web development framework granting a customizable and extensible way to build websites and web apps — with built-in optimizations that simply guarantee today’s modern website table stakes of performance, security, and scalability, according to the company. 

“Web presence and performance has never been more critical to a brand’s success, yet website technology has been stuck in the 2000s era without an easy path to modernization. Gatsby solves this problem with a first-of-its-kind ecosystem that productizes modern tooling and brings together all the best ways to build the web,” said Shardul Shah, partner at Index Ventures, which led the investment round. 

Fluree announces new JavaScript library
Fluree’s new JavaScript library will deliver blockchain-backed data directly to front-end apps to removes the overwhelming complexity of retrieving data in today’s legacy, microservice and API-driven architectures.

Paired with Fluree-React and native GraphQL support, developers can wrap UI components directly with nested graph queries for automatic re-renders.

“Layers of data retrieval result in unreliable data, buggy apps, security vulnerabilities and excessive overhead. By removing the need for these extra layers, Fluree JavaScript Library enables lightning-fast query responses and opens up a path to real-time applications with no additional overhead,” Fluree wrote in a post.

The post SD Times news digest: erwin Data Intelligence Suite update, Red Hat supports Quarkus, and Gatsby’s round of funding for modern development appeared first on SD Times.

Read more:


Google and Apple release Exposure Notification API

Google and Apple partnered up to build Exposure Notification technology that will enable apps created by public health agencies to work more accurately across Android phones and iPhones.

“Exposure Notification has the specific goal of rapid notification, which is especially important to slowing the spread of the disease with a virus that can be spread asymptomatically,” Apple and Google said in a joint statement.

Exposure Notification aims to expand on the contact tracing approach by using privacy-preserving digital technology to tell someone they may have been exposed to the virus.

How to manage increased IT demand in wake of COVID-19
COVID-19 pandemic response puts mainframes back in spotlight

Public health organizations can embed the technology into their own apps. Each user gets to decide whether or not to opt-in to Exposure Notifications; the system does not collect or use location from the device; and if a person is diagnosed with COVID-19, it is up to them whether or not to report that in the public health app.

“User adoption is key to success and we believe that these strong privacy protections are also the best way to encourage use of these apps,” Google and Apple added.

Developers can build a notification system that employs random, rotating keys and identifiers to convey positive diagnoses in addition to data such as associated symptoms, proximity, and duration.

When a user has a confirmed or potential exposure to COVID-19, the framework identifies them as affected and shares their diagnosis keys to alert other users to potential exposure and when a potentially exposed user role is assigned, the framework determines whether a set of temporary exposure keys indicate proximity to an affected user. The app can then retrieve additional information such as date and duration from the framework.

Additional details are available here.

The post Google and Apple release Exposure Notification API appeared first on SD Times.

Read more: