You are here

Info World

Subscribe to Info World  feed Info World
Updated: 1 hour 37 min ago

Rust 1.58.1 fixes dangerous race condition

7 hours 15 min ago

This point release arriving January 20, 2022, just days after Rust 1.58, fixes a race condition in the std::fs::remove_dir_all standard library function. This vulnerability is tracked at CVE-2022-21658 and there was an advisory published. An attacker could use this security issue to trick a privileged program into deleting files and directories that the attacker otherwise could not access or delete. Rust versions 1.0 through 1.58 are affected by this vulnerability. Users are advised to update their toolchains and build programs with the updated compiler.

To read this article in full, please click here

Categories: Technology

The forces behind enterprise cloud spending trends

17 hours 52 min ago

Global spending on cloud infrastructure rebounded in the third quarter of 2021 after its first quarterly decline since the pandemic triggered a massive increase in cloud spending. According to researcher IDC, spending on cloud infrastructure environments increased 6.6% year on year to $18.6 billion in the third quarter of 2021.

When the pandemic loomed back in early 2020, many enterprises and technology companies planned huge reductions in IT spending, including cloud. However, most companies soon turned bullish on cloud’s role in the new normal of remote work and virtual cloud-based IT. They ended up being right. The main boost in cloud spending occurred in the second quarter of 2020, which saw 38.4% year-on-year growth.

To read this article in full, please click here

Categories: Technology

What is Google Cloud Anthos? Managed Kubernetes everywhere

17 hours 52 min ago

Google Cloud launched the Anthos platform in April 2019, promising customers a way to run Kubernetes workloads on-premises, in the Google Cloud, and, crucially, in other major public clouds including Amazon Web Services (AWS) and Microsoft Azure.

Speaking at Google Cloud Next in San Francisco in 2019, Google CEO Sundar Pichai said the idea behind Anthos is to allow developers to “write once and run anywhere”—a promise to simplify the development, deployment, and operation of containerized applications across hybrid and multiple public clouds by bridging incompatible cloud architectures. 

To read this article in full, please click here

Categories: Technology

JDK 18: The new features in Java 18

Thu, 01/20/2022 - 16:01

Java Development Kit (JDK) 18 is set for release on March 22, 2022. The new version of standard Java will have nine new features, with the feature set having been frozen as of December 9.

The release has moved into a second rampdown phase as of January 20, following an initial rampdown phase begun last month. Upgrades to standard Java are released every six months, with the most-recent, JDK 17, arriving in September.

[ Also on InfoWorld: JDK 17: The new features in Java 17 ]

The OpenJDK page lists the following features as officially targeting JDK 18: a service provider interface, a simple web server, a vector API, code snippets, a reimplementation of core reflection, a UTF-8 charset, a second incubator of a foreign function and memory API, a second preview of pattern matching for switch statements, and the deprecation of finalization, which was the last addition.

To read this article in full, please click here

Categories: Technology

Understand Diffie-Hellman key exchange

Thu, 01/20/2022 - 12:00

Whitfield Diffie and Martin Hellman were outsiders in the field of cryptography when they devised a scheme hitherto unknown: The ability to establish secure communications over public channels between two parties that don’t know each other.

The algorithm they presented in 1976, known as Diffie-Hellman, introduced the general notion of what is now called asymmetric encryption, or public-key cryptography.

[ Also on InfoWorld: 5 signs your agile development process must change ]

The far-ranging and long-lasting impact of this development is impossible to exaggerate. Not only is the algorithm still in use to this day, but it opened up a whole landscape of possibilities that others have expanded into. But what is the Diffie-Hellman algorithm exactly, and how does it fit into the context of online communications as it works today?

To read this article in full, please click here

Categories: Technology

Faker NPM package back on track after malicious coding incident

Wed, 01/19/2022 - 12:47

In the wake of a recent incident that wreaked havoc on the NPM package registry, a new group of maintainers is reestablishing the Faker project, making it a community effort. The previous maintainer had sabotaged the Faker NPM package with malicious code, impacting more than 2,500 other NPM packages that depend on it.

The Faker JavaScript library generates mock data for testing and development. A group of engineers has created a GitHub repo for the new Faker package and released previous versions at @faker-js/faker on NPM.

To read this article in full, please click here

Categories: Technology

Securing Azure Kubernetes networking with Calico

Wed, 01/19/2022 - 04:00

One of the interesting aspects of moving to a top-down, application-centric way of working is rethinking how we do networking. Much as the application model first abstracted away physical infrastructure with virtualization and is now using Kubernetes and similar orchestration tools to abstract away the underlying virtual machines, networking is moving away from general-purpose routed protocol stacks to software-driven networking that uses common protocols to implement application-specific network functions.

We can see how networking is evolving with Windows Server 2022’s introduction of SMB over QUIC as an alternative to general-purpose VPNs for file sharing between on-premises Azure Stack systems and the Azure public cloud. Similarly, in Kubernetes, we’re seeing technologies such as service mesh provide an application-defined networking model that delivers network meshes with your distributed application as part of the application definition rather than as a network that an application uses.

To read this article in full, please click here

Categories: Technology

Airtable review: Flexible low-code/no-code in the cloud

Wed, 01/19/2022 - 04:00

Airtable may look like a spreadsheet in the cloud, but it’s actually more like a relational database in the cloud with its own development environment. That’s an oversimplification: Airtable has several development environments at a variety of skill levels ranging from non-programmers to power users to JavaScript programmers.

As a database-oriented, low-code/no-code development environment in the cloud, Airtable competes with many of the roughly 400 low-code/no-code app builders on the market, and certainly with the three major, cloud-specific low-code/no-code app builders, Amazon Honeycode, Microsoft Power Apps, and Google Cloud AppSheet. Airtable doesn’t really compete with the basic cloud spreadsheets such as Google Sheets.

To read this article in full, please click here

Categories: Technology

What’s new in Rust 1.58

Tue, 01/18/2022 - 12:24

The unique approach of the Rust programming language results in better code with fewer compromises than C, C++, Go, and the other languages you probably use. It also gets updated regularly, often every month.

Where to download the latest Rust version

If you already have a previous version of Rust installed via rustup, you can access the latest version via the following command:

$ rustup update stable Related video: Developing safer software with Rust

Get up to speed quickly on newcomer Rust, designed to create fast, system-level software. This two-minute animated explainer shows how Rust bypasses the vexing programming issues of memory and management.

To read this article in full, please click here

Categories: Technology

Suse open sources NeuVector container security platform

Tue, 01/18/2022 - 11:41

Suse has open sourced the code for the NeuVector container runtime security platform under an Apache 2.0 license on GitHub, less than three months after acquiring the company.

Container runtime security is an emerging model where developers aim to secure their ephemeral cloud-native workloads continuously, from hardening a Kubernetes cluster to constantly scanning for unexpected behaviors within a container after it goes into production.

To read this article in full, please click here

Categories: Technology

The lowdown on industry clouds

Tue, 01/18/2022 - 04:00

Industry clouds are nothing new. In the beginning, public clouds providers abounded until the market normalized around the big three: Google, Microsoft, and AWS. The players that could not keep up often declared that they would become a vertically oriented cloud, aka an industry cloud.

Industry clouds offer cloud services that are purpose-built for a specific industry, such as retail, insurance, banking, healthcare, manufacturing, and so forth. This means the cloud can deal with vertical-specific issues such as the rules and regulations of how an enterprise in a certain market sector and/or geographic location must process, store, audit, or secure its data and operations.

To read this article in full, please click here

Categories: Technology

A new kind of old-school testing

Mon, 01/17/2022 - 04:00

Perhaps there’s a planet with perfect software, but as Google’s Chris DiBona writes, that planet isn’t the one we live on. As such, developers are left with a trade-off: Tread cautiously and rigorously test your software to find all problems pre-deployment, or test less and ship faster with greater tolerance for bugs in production. The former camp is filled with developers working in regulated industries like healthcare and finance; the latter is populated by adherents to Werner Vogels’ famous “you build it, you run it” dictum (see the PDF at the link).

To read this article in full, please click here

Categories: Technology

A new kind of old-school testing

Mon, 01/17/2022 - 04:00

Perhaps there’s a planet with perfect software, but as Google’s Chris DiBona writes, that planet isn’t the one we live on. As such, developers are left with a trade-off: Tread cautiously and rigorously test your software to find all problems pre-deployment, or test less and ship faster with greater tolerance for bugs in production. The former camp is filled with developers working in regulated industries like healthcare and finance; the latter is populated by adherents to Werner Vogels’ famous ”you build it, you run it” dictum (see the PDF at the link).

To read this article in full, please click here

Categories: Technology

4 models for escalating access permissions during emergencies

Mon, 01/17/2022 - 04:00

When building modern applications, managing access permissions during operational events is tricky.

Security best practices specify that engineers—developers and operations engineers—should have as little access as possible to the production application and its infrastructure. Sometimes business requirements or industry regulations require access to production to be severely restricted. But even without industry or business requirements, security best practices, such as the principle of least privilege, dictate that engineers should have as little access to production as possible, including those engineers responsible for managing on-call operational issues.

To read this article in full, please click here

Categories: Technology

Parcel CSS parser offered as performance enhancer

Fri, 01/14/2022 - 14:42

Parcel CSS, a Rust-based CSS parser, compiler, and minifier, was announced this week and is being positioned as a tool offering benefits in performance and minification.

Written in the Rust language, the tool handles compiling of CSS modules as well as tree shaking and transpiling CSS features such as nesting, logical properties, and Level 4 color syntax. Unveiled January 12 by the makers of the Parcel build tool for the web, Parcel CSS can be found on GitHub. Parcel CSS can be used with Parcel or as a stand-alone library from JavaScript or Rust. It also can be wrapped as a plug-in within other tools.

To read this article in full, please click here

Categories: Technology

View cloud architecture through a new optimization lens

Fri, 01/14/2022 - 04:00

As cloud computing architecture comes of age, the ways we define success should mature as well. In 2021, I pointed out that optimizing cloud computing is more of a binary process than an analog one.

What I said then is still true: “There’s a lot at stake. Architectures that are underoptimized and costly (cloud architectures) may indeed work, but they may cause the business to lose millions a week while most people are none the wiser. Thirty technologies are used where 12 would have worked better, and not designing for change means that business agility suffers.”

To read this article in full, please click here

Categories: Technology

IPython REPL update advances code formatting

Thu, 01/13/2022 - 14:45

Version 8 of the IPython REPL (read-eval-print-loop) has arrived, with enhancements for code formatting, auto-suggestions, and tracebacks.

Unveiled January 12, IPython 8, which is under the Project Jupyter umbrella, has been in the making for three years, since the 7.0 release. One key feature is auto-reformatting with black in the CLI. If black is installed in the same environment as IPython, terminal IPython will now by default reformat the code in the CLI when possible.

To read this article in full, please click here

Categories: Technology

Hands-on with GatsbyJS

Thu, 01/13/2022 - 04:00

Somewhere between using a WYSIWYG editor like Wix and building your own stack from the ground up with something like Webpack is using a framework like Gatsby.

Gatsby is better known as a static site generator, though it also competes with full-blown full-stack, server-side rendering frameworks like Next.js and SvelteKit. Gatsby takes pains to make the development experience friendly and easy, while delivering essential website features like modern blur-up images out-of-the-box.

To read this article in full, please click here

Categories: Technology

Firefox 96 enhances CSS, Canvas support for developers

Wed, 01/12/2022 - 04:00

Mozilla has released Firefox 96, an update to the browser that provides support for new CSS properties and functions, and adds image encoder support for the WebP format to the Canvas API.

Firefox 96 was published to release channel users on January 11. For CSS, Firefox now supports the color-scheme property, which allows an element to indicate which color schemes in which it can be comfortably rendered. Also, the counter-reset property now supports the reversed() function for building reversed CSS counters, which are intended for numbering elements in descending order. The reversed() functon can be used with the list-item counter to number ordered lists in reverse order.

To read this article in full, please click here

Categories: Technology

What is Web3? A new decentralized web, or the latest marketing buzzword

Wed, 01/12/2022 - 04:00

Web3, as envisioned by the Web3 Foundation, will be a public internet where data and content are registered on blockchains, tokenized, or managed and accessed on peer-to-peer distributed networks.

Web3 promises to be a decentralized, immutable version of the web, free of intermediaries and built with the same cryptographic verifiability that has given rise to cryptocurrencies, non-fungible tokens (NFTs), and new types of decentralized applications underpinned by a distributed ledger, or Dapps.

To read this article in full, please click here

Categories: Technology

Pages