Microsoft releases its Azure Service Fabric to open source

Microsoft’s Service Fabric Team announced the open-source release of Azure Service Fabric under the MIT license yesterday. The team behind the distributed systems platform, designed to easily package, deploy and manage scalable and reliable microservices and containers, will be transitioning to a completely open development process on GitHub over the coming months.

While the Service Fabric repo available on the project’s GitHub contains build and test tools for Linux, allowing users to clone and build Service Fabric on Linux systems, run basic tests, open issues and submit pull requests, the team says it is “working hard” on migrating the Windows build environment to GitHub with a complete continuous integration environment.

“We’ve been developing Service Fabric internally for Windows for close to a decade, and most of that time it was a Microsoft-internal platform, which means we have close to a decade’s worth of internal Microsoft tools to migrate and processes to refine before we can put something usable out on GitHub,” the team wrote in a development blog. “When we started working on Linux support a couple years ago, we were a public product and already planning to go open source, so we made sure to use common, publicly available tools as much as possible.”

Microsoft releases Azure Bot Service and Cognitive Services Language Understanding


The team began the transition in March of last year with the open-sourcing of elements of Service Fabric, including Reliable Services, Reliable Actors and the ASP.NET Core integration libraries, and have been moving other “small parts” of Service Fabric to GitHub, such as Explorer and the CLI over the course of the past year.

“We’ve heard from many of you about the importance of being able to participate in the development and direction of the platform that you depend on to run your mission-critical applications,” the team wrote. “We stay active on GitHub and Stack Overflow for that reason, and open sourcing the platform is the natural evolution to make that collaboration even better. That’s why we’re committed to making Service Fabric a successful open source project by moving our entire development and planning process onto GitHub, where we can openly collaborate with the community to make Service Fabric better for everyone.”


Majority of Java apps are vulnerable  to hack attacks

Java developers should be more aware of the open source software components they put in their applications if they want to avoid a security breach. A new report release by Veracode, a CA Technologies company, revealed 88% of Java apps include at least one vulnerable component, and about 53.3% of Java apps rely on a vulnerable version of the Commons Collections components.

“The universal use of components in application development means that when a single vulnerability in a single component is disclosed, that vulnerability now has the potential to impact thousands of applications — making many of them breachable with a single exploit,” said Chris Wysopal, CTO of CA Veracode.

According to the company, the main reason applications become vulnerable is because developers don’t often patch their applications when new vulnerabilities are found or new versions of their components are released. The report, the 2017 State of Software Security Report, found only 28% of organizations conduct composition analysis to track and monitor their application’s components. This becomes a problem when about 75% of application code is made up of open source components.

“Development teams aren’t going to stop using components — nor should they. But when an exploit becomes available, time is of the essence. Open source and third party components aren’t necessarily less secure than code you develop in-house, but keeping an up-to-date inventory of what versions of a component you are using. We’ve now seen quite a few breaches as a result of vulnerable components and unless companies start taking this threat more seriously, and using tools to monitor component usage, I predict the problem will intensify,” said Wysopal.

For instance, when the “Struts-Shock” flaw was disclosed in March of this year, 68% of Java applications using the Apache Struts 2 library were using a vulnerable version of the component, leaving about 35 million sites vulnerable, according to the company.

Other key findings of the report included: 77% of apps have at least one vulnerability on initial scan; governmental organizations have a 24.7% pass rate at latest scan; and critical infrastructure had the strongest OWASP pass rate across all industries.

The report is based off of CA Veracode’s application security testing data from more than 1,400 of its customers.

The essential playbook for software-driven companies

As Marc Andreessen so aptly predicted, software is eating the world. A growing number of companies that developed physical products are adding software capabilities to their offerings. This means a growing need for companies to add software development expertise, software product engineering, embedded software engineering, ecosystem platform engineering, and new software-based application programming interfaces.

The momentum for software to remake the world is more pervasive than ever. It is a core competitive advantage in nearly every industry. Software is a fundamental element in the way companies interact with their markets, partners, consumers, and suppliers.  Software and the services it supports will continue to capture and exponentially grow share of value and market share.

Accenture is releasing a report on this topic titled Beyond the Product: Rewriting the Innovation Playbook For Software-Driven Companies. The report highlights five important actions companies should consider taking to become software-driven businesses.

One: Make software an enterprise-level priority
Companies who aspire to become market leaders need to embrace software as an enterprise-wide responsibility across all facets of the company. Experimentation and prototyping should occur across business functions, producing a continuous pipeline of new ideas and product capabilities. The most successful companies engineer their software products to enable constant customer feedback to new features so they can be resolved and inform continuous and rapid product innovation.

Using powerful analytics capabilities, companies have transformed product definition from an art to a science. And all areas of their businesses, ranging from finance to marketing, need to adopt a software-driven mindset to support quick development cycles associated with software-driven businesses.

Two: Adopt lean and agile ways of working
Nearly all companies, regardless of industry or market, need to develop a certain level of software expertise and mentality to succeed. The companies that do this can open a sizable gap from a field of followers by increasing the rate of product releases through continued investment in automated build, test, and deployment systems. Early innovators appreciate the value of lean, design-led thinking throughout the product lifecycle and are embracing the mantra that agile adoption is no longer only for engineers; it’s assumed across the entire value chain. Rapid, agile processes allow innovators to devote more time and resources to creativity and imagination. The goal is establishing a continuous flow in which established teams consume and deliver against a company-managed backlog of feature requests. This contrasts with the traditional and less efficient model of assembling project teams or discrete engagements.

Three: Harness instrumentation and analytics
To attain market leadership, companies should consider using powerful instrumentation and analytics to observe, enhance and understand how their products powered by software are being used, and to feed insights and strategies for future iterations and agile development. The cloud, connected devices and platform economy have generated more data to analyze, which is creating new opportunities to monetize that data. Companies that capitalize on this opportunity can determine which products and features will generate the most increases in revenues and profits.

Four: Focus on the platform economy 
Leaders in the cloud computing software market recognize their ground-breaking products and services are based on platforms. Their continued success rests on two key elements: the technology platforms they have built to support their businesses; and the business models these platforms enable. These leaders have open platforms for developing new applications and services for the broader ecosystem, which creates an expanded and growing revenue model. Leaders have also developed a set of common services with which their businesses and external developers can create applications and innovative new propositions on their platform to unlock new revenue flows and increase customer dependency.

Five: Tie products to the back office
Today’s demanding markets require products integrated with external ecosystems and internal corporate systems to deliver outcomes and experiences focused on customers. In this software-driven world, the back office is no longer a discrete set of processes that support sales and services. Instead, the back office is an integral part of the engine that powers the agile software-driven experience. Back office functions such as customer relationship management, finance and supply chain facilitate the transactional services that enable the ongoing delivery and fulfillment of software. While there is an increased reliance on software to deliver product features, connected, software-driven products are creating new “Everything-as-a-Service” and Internet of Things market opportunities for those that recognize the importance of tying together products and the back office.

Final thoughts
These five initiatives demonstrate that becoming a business driven by software requires genuine holistic transformation. It’s not simply a matter of becoming a digital enterprise on the outside. Adapting to dynamic markets and all this implies in terms of agility and responsiveness is equally important. The results for companies that have made the required changes demonstrate that the rewards they have generated will fuel their continued leadership and success.

The liquification of software

The days of software packages are coming to an end. Say hello to what JFrog co-founder and chief architect Fred Simon calls “liquid software.”

“Once the number of applications and libraries and pieces of the software that needed to be managed reached a certain point, we started to see an exponential increase in the amount of software modules, and the frequency of updates and versions, all the way to the end user,” he began.

“What we used to consider as software packages to manage with tagging and versioning, and a destination, address number, type, barcode and then you ship it away in any kind of format – all these concepts of actually creating a package and delivering software in the form of a package, little by little has disappeared due to the fact that we are making more and more of those and releasing them more and more frequently.

“We shifted our approach to software updates, not out of packages, but out of the concept of continuous flow of software. You start to think in terms of piping, and then you start to connect the different software factories and the different departments and the different vendors and the different teams by connecting them with pipes, not by connecting them by physically delivering or on the cloud delivering the files from one place to another, but continuously providing the latest version of whatever software is available to the next destination.”

This is what Simon says (couldn’t help it!) is the liquification of software systems. “Little by little, we are seeing any kind of software in any kind of environment moving to this liquid delivery mechanism, where you plug yourself to a client that you trust to deliver clear water which is unpolluted and secure, and by the way you’ll get all security updates and the latest versions of whatever you want,” he explained.

If this sounds like the DevOps revolution, it’s because Simon said it is. “There is another catch phrase we use quite a bit to reflect this; it’s release fast or die. The ones that are not even trying to do that are probably companies we won’t see in the next decade.

At JFrog, Simon said they want to make sure the tools they are creating can be used by the “plumber, who creates the piping and lets the liquid software flow. “The replication and the pipes that are created between the different repositories, which can be located all over the world, need to continuously deliver the right things to the right destination,” he said. “All the synchronization is a critical piece of our tooling. So of course the ability to see and to transparently view the actual flow of the software. Before, when it was actual trucks, the way to control it was to control the timing of the delivery of the package. When you go to liquid software, you need visibility and transparency, but need to change the control mechanism for frequency, quality and flow of delivery.”

Liquification is a strong force in the market, but for organizations with existing processes, the move to a continuous flow of software has many challenges. “To be frank, the full liquification of software is contradicting a lot of the processes many companies set in place. There are a lot of companies who have a six-month block time before the vendor has a new version and the new version gets inside the company. It’s not rare to have such a strong mechanism of compliance and any kind of test that companies and processes set in place, where they only accept a very few releases per year. Those processes are the ones that are suffering today.

“When you have a monolith, you start with a version in your version control system and you build everything and test everything and deliver everything,” he continued. “It’s a very sequential process that for really big software could actually take weeks. Once you start in microservices, each of the microservices has its own lifecycle, so you can make your own single build and test locally and have a new version automatically created. The ability to aggregate all those microservices and to tag a specific version at a specific time and create another application out of those microservices and those different versions rapidly and efficiently is critical for the next step.”

CCleaner for Windows was distributing malware to PCs

Developed by Piriform, CCleaner also known as Crap Cleaner is a utility program to clean potentially unwanted files. The application is popularly known for cleaning the temporary internet files generated by browsers such as Internet Explorer, Microsoft Edge, Chrome. It also cleans the malicious programs.

Although the app is designed to clean the malicious program, the CCleaner itself started distributing the malware to PCs powered by Microsoft’s Windows operating system. The officials have revealed that the software suffered a security incident last month and it had been distributing the malware for one month.

Piriform has officially confirmed the security incident with CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. It started on August 15 and has been stopped on September 12. The company also updated the app to fix the flaw and the defected version has been pulled from the server.

Sensitive information such as Mac addresses of adapters and network, the software of Windows, installer software information were leaked and sent to the attackers. The affected PCs could have been remotely controlled by the hacker and they could have also installed additional binaries. The company is also suggesting the affected users to update the app to the latest version to avoid any risk.


GrapeCity focuses its brand on developers

Software developers are about to discover a new, unified brand message across the GrapeCity Developer Solutions product family, which includes ComponentOne, ActiveReports, Spread, and Wijmo.

A company-wide strategy to refine branding includes a new website design, product marks and brand guide, and new releases of all products, said Joseph Lininger, Head of Global Marketing for GrapeCity, Inc. Launching this month, the new English language website is the centerpiece for the brand campaign and provides a single resource for all four product lines. A new Japanese language site is planned for early 2018, with Chinese and Korean language sites in the works for shortly thereafter.

The company also plans to enhance its consumer messaging across all channels to better illustrate the brand’s focus on supporting developers. Core product features will remain unchanged as industry-leading component lines, but will receive ongoing upgrades and enhancements, and in the coming months customers will experience a more unified look and feel to component UIs, samples, demos and documentation.

GrapeCity, the largest maker of Windows component software in the world, talked extensively with industry leaders and software developers while planning its brand strategy. The company’s global business units stand solidly behind the new approach, according to Lininger.

“Our message is that GrapeCity makes software tools that empower enterprise software developers to achieve more,” said Lininger. “We build, support, and maintain the most powerful, easily extensible and reliable developer solutions available. Our tools give developers the ability to move complex data into meaningful information. We focus on supporting our customers by delivering the best customer service.”

The product lineup encompasses UI controls and business solutions for web, desktop, and mobile devices. Members of the family include Spread spreadsheet solutions; ActiveReports Developer and ActiveReports Server reporting solutions; and ComponentOne Studio, ComponentOne Studio for Xamarin, and Wijmo Enterprise, UI control lines for .NET, Xamarin, and JavaScript, respectively.

It’s likely that many consumers are unaware of GrapeCity’s deep history in software development. GrapeCity has its roots in a company named Bunka Orient Corp., founded by Paul Broman, an American emigrant who played a founding role in establishing two English language schools in Japan.

When personal computers grew in popularity during the 1980s, Broman began developing educational software to streamline operation of the schools. Since no tools were available to suit the needs of the Japanese market, the company partnered with third-party software vendors to create its own solutions, and eventually acquired three U.S.-based partners.

The company was renamed GrapeCity in 2002. GrapeCity acquired Data Dynamics, Inc. in 2008, Far Point Technologies, Ltd. in 2009, and ComponentOne, LLC in 2012.

“After a series of acquisitions, there comes a time to take a step back and look at branding and messaging,” Lininger contended. “Branding is very important, because it’s our promise to customers that all of our products provide speed, flexibility, and top support.”

The toolsets are targeted at distinct product niches, Lininger said. Data Dynamics, Ltd., the originator of ActiveReports, originally produced tools for the Visual Studio environment and can now be used to design reports with both Visual Studio-integrated and standalone designers. ActiveReports Server is a scalable report server that provides load balancing, multi-tenancy, scheduling and batch printing for hosting, running, and scheduling enterprise reporting solutions.

FarPoint Technologies, Inc., another acquisition, originated Spread, a full spreadsheet solution that includes advanced grids, dashboards, data visualization, and form input for desktop and web-based applications.

ComponentOne was formed in the year 2000 through the merger of Apex Software and VideoSoft. ComponentOne Studio, the flagship product in the ComponentOne line, is a .NET toolkit for Visual Studio supporting all major platforms including Windows Forms, WPF and ASP.NET. It’s targeted at allowing developers to deliver complete business apps with .NET data grids, reports, and charts.

The new ComponentOne Studio for Xamarin supplies cross-platform mobile UI controls for displaying, editing, and visualizing data with charts, grids, gauges, calendars, and built-in animation. The product provides complete support for both Xamarin Designer and iOS Storyboard.

Wijmo Enterprise provides a complete set of mobile-first JavaScript controls with full support for Angular, AngularJS, React, and VueJS frameworks.

Globally, GrapeCity has major offices in the U.S., Japan, China, Korea and India.

Traditional processes for buying and managing software require a customer to “prove” to a vendor what they are entitled to use in case they are audited. Often times this is dysfunctional, and leads to disagreements between the supplier and buyer as to how much software has been used, and how much is owed.

There needs to be a healthy supply chain for today’s SaaS and cloud-powered world of software, which is why Flexera, a software asset management company, is working with companies to revolutionize the way the supply chain operates, creating a more efficient way to buy, sell, manage, and secure software.

This month, Flexera laid out its Software Asset Management (SAM) vision, which attempts to repair the broken supply software supply chain by reducing the risk, waste, and unpredictability of buying and managing software, according to senior product marketing manager at Flexera, Eric Feldman. This, along with a “single source of truth” that both software suppliers and buyers can agree on, is key to Flexera’s SAM solution, he said.

An effective SAM program will offer businesses the right tools, and it can save companies up to 30 percent on software expenditures, according to manager of enterprise marketing at Flexera, John Emmitt. However, saving money is only half the battle, and effective SAM programs and tools allow an organization to ensure continuous software license compliance to reduce “disruptive and expensive software audits.” With automated SAM solutions, companies can operate more efficiently, he said.

Additionally, a SAM program can free up resources for other critical projects, and it goes beyond traditional on-premises software to cloud services.

“SAM tools must connect to a wide range of other IT systems to collect the data needed for asset management,” said Emmitt. He mentioned Flexera’s technology allows its products to make these connections to many existing systems, including third-party tools, procurement systems, HR systems, IT service management tools, and more.

Flexera’s new end-of-service-life data feature allows companies to identify outdated and unsupported software, which will “help organizations eliminate maintenance payments on unsupported software and remove that software to reduce security risks,” said Feldman. Also, its Insights Data Analytics solution lets different stakeholders throughout the organization use persona-based views so they can quickly understand the data that is most valuable to their role.

Flexera is also bringing together suppliers and buyers to contribute directly to Flexera’s SAM data repository, which includes more than 150 million data points like open-source components, software recognition rules, and product use rights. A new Nexus Data Cloud lets vendors such as Microsoft contribute “certified software intelligence to the repository,” according to Feldman. Additional vendors contributing to the Data Cloud will be announced in coming weeks and months, he added.

And, the company is creating a partner ecosystem that allows its customers to build an IT environment using tightly integrated tools. Flexera customers can go to its Solution Exchange to find products that complement its current solutions, which goes “beyond traditional SAM to have greater business insight,” said Feldman.

“Customers also need to implement processes that leverage SAM data across functional silos,” said Feldman. “A perfect example is having the ability to leverage software inventory data across SAM and Security teams to reduce license compliance and security risk. Asset management and security operations teams all share important responsibilities to govern and secure a company’s IT assets, but they often work from different tools and sources of asset data.”

With major threats like vendor audits and hackers on the rise, Emmitt added that the risk to a company’s business continues to grow and require a “collaborative effort by all parties involved.” Now that the game has changed for purchasing software, vendors will have to get involved and take accountability, creating transparency and visibility into software purchases, deployments and usage, he said.

There are potential zero day exploits in the open source protocols and common file formats across six specific industries, according to Synopsys’ State of Fuzzing 2017 report. This includes the automotive, finance, industrial control systems, Internet of Things (IoT), government, and medical fields.

The report stems from more than 4.8 billion fuzz tests conducted by Synopsys’ customers in 2016 using its Defensics Fuzz Testing tool.

Fuzzing is a technology used to find vulnerabilities in software by sending malformed input to a target and then observing the result. Further investigation may be required if a vulnerability is exposed, and this technology is valuable to consumers of software and developers.

“Fuzz testing is a powerful component of the Synopsys Software Integrity Platform to uncover zero-day vulnerabilities and help organizations protect their software,” said Andreas Kuehlmann, senior vice president and general manager for the Synopsys Software Integrity Group. “By analyzing such a large data set from our customers, the Synopsys fuzzing report provides visibility into unknown, hard-to-find vulnerabilities and highlights where security teams should look to improve the quality and security of their software.”

The report looks into the maturity of protocols used by different industry verticals. Certain protocols are more mature, or implemented better than other protocols. To measure the relative maturity of a protocol, the time to first failure (TTFF), or the time to the first instance of when a protocol crashes, is used.

Synopsys found that the overall average TTFF was 1.4 hours. In more mature protocols, the length of time is in hours, but with less mature protocols, this time could be as short as seconds. This indicates a higher likelihood of exploitable vulnerabilities, according to the report.

Protocols associated with ICS showed the most immaturity, according to Synopsys. The least mature protocol tested in 2016 was IEC-61850 MMS (ICS), which is a niche protocol used in IoT and industrial control systems. Its TTFF was 6.6 seconds.

Fuzzing found Core IP protocols that were well-implemented, like the TLS client, which was commonly used for secure web browsing including, online banking and e-commerce. The average TTFF for TLS was nine hours, according to the report.

Security pros have applied fuzz testing and application hardening tools on web apps for years, and these tools are becoming resourceful in the IoT market today, especially since applications are difficult to crawl with traditional testing tools, according to a recent

The Forrester report also states that as IoT applications become more prevalent, fuzz testing and application hardening tools will soon have “a rebirth.”

The famous phone company, Apple, is coming up with new, but not-so-good news for the users who still own an iPhone 5. The warnings began ever since the iOS 9 launch and informed its users that the 32-bit application are likely to slow down the device.

Recently, this warning suffered a worrying change: those 32-bit applications will stop completely when the iOS 11 is going to be released.

On the other hand, there is some good news for the iPhone users: since July, 2016 Apple demanded that all application and update developers to submit to the app store only 64-bit compatible applications, therefore, most frequently used applications are likely to be 64-bit at the moment.

For the users’ information, the 64-bit chips that accompany iOS device include the iPhone 5s, SE, 6, 6s and 7, as well as the iPad Air and iPad Air 2, the iPad Mini 2,3 and 4, iPod touch sixth generation and iPad Pro (12.9-inch, 9.7 inch).

Why is the phone slowed down by the 32-bit

The multiple frameworks that are included in the iOS are enabling the operating system to launch and run applications. When the operating system is using a 64-bit chip, the device loads a 64-bit framework that is responsible for making the applications run smoothly.

However, when a 32-bit application is run on a 64-bit device, the operating system needs to use a different series of both 32-bit and 64-bit frameworks that will force the RAM on the device to divide its power between the two different frameworks. So, since the RAM cannot focus its entire attention to a singular framework, that means the mobile phone will get slowed down eventually.

With the launch of the iOS 11, the device will no longer be compatible with a 32-bit framework which will enable the phone to speed up its performance. This fact also means that the 32-bit applications and games will be incompatible and won’t run on devices with iOS 11 installed.

On June 13, 2017, Firefox 54 was released to the public. This new release addresses compatibility, security, and stability issues. However, this will only be available for users with operating systems such as Windows 7, 8, and 10. Other dated versions will no longer receive support from Microsoft.

If your OS have been left behind for quite some time now, you better get it upgraded to be able to use the latest version of Mozilla Firefox. Since Microsoft has discontinued support for Windows XP and soon Windows Vista, continuing to use them might create some problems soon. It can also be difficult to maintain Firefox with the said outdated versions.

Firefox can be downloaded and installed in many languages for Mac, Linux, and Windows on both 32- and 64-bit architectures. At the same time, it can be downloaded from Google Play Store, as well as the App Store. Moreover, there are other pre-released versions of Firefox that you can try from Mozilla Firefox’s official website.

If you already have a version of Firefox on your computer, make sure that it is updated. Updating can be done automatically, which means that you can download and install without doing anything upon each new version that comes. You can check your settings by going to Options > Advanced > Update from the Firefox browser.

Take note that switching to other browsers may not be an option if you are using a dated operating system such as Windows Vista and XP. This is because Microsoft Internet Explorer and Google Chrome no longer support them. Security updates can still be expected though until September 2017.

Make sure that you are using a supported version of Windows to easily maintain Firefox. Otherwise, you can switch to an operating system based on Linux to get the latest version and the newest features of Firefox.