CrateDB packs NoSQL flexibility, SQL familiarity

CrateDB packs NoSQL flexibility, SQL familiarity

CrateDB, an open source, clustered database designed for missions like fast text search and analytics, released its first full 1.0 version last week after three years in development.

It’s built upon several existing open source technologies — Elasticsearch and Lucene, for instance — but no direct knowledge of them is needed to deploy it, as CrateDB offers more than a repackaging of those products.

The database caught the attention of InfoWorld’s Peter Wayner back in 2015 because it promised “a search engine like [Apache] Lucene [and ‘its larger, scalable, and distributed cousin Elasticsearch’], but with the structure and querying ease of SQL.”

The idea is to provide more than a full-text search system. CrateDB’s use cases include big data analytics and scalable aggregations across large data sets. It allows querying via standard ANSI SQL, but it uses a distributed, horizontally scalable architecture, so that any number of nodes can be spun up and run side by side with minimal work.

CrateDB gets two major advantages from the NoSQL side. One is support for unstructured data via JSON documents and BLOB storage, with JSON data queryable through SQL as well. Another is support for high-speed writing, to make the database a suitable target for high-speed data ingestion a la Hadoop.

But CrateDB’s biggest draw may be the setup process and the overall level of get-in-and-go usability. The only prerequisite is Java 8, or you can use Docker to run a provided container image. Nodes automatically discover each other as long as they’re on a network that supports multicast. The web UI can bootstrap a cluster with sample data (courtesy of Twitter), and the command-line shell uses conventional SQL syntax for inserting and querying data. Also included is support for PostgreSQL’s wire protocol, although any actual SQL commands sent through it need to adhere to CrateDB’s implementation of SQL.

CrateDB’s one of a flood of recent database products that all address specific issues that have sprung up: scalability, resiliency, mixing modalities (NoSQL vs. SQL, document vs. graph), high-speed writes, and so on. The philosophy behind such products generally runs like this: Existing solutions are too old, hidebound, or legacy-oriented to solve current and future problems, so we need a clean slate. The trick will be to see whether the benefits of the clean slate outweigh the difficulties of moving to it — hence, CrateDB’s emphasis on usability and quick starts.

 

[Source:- Infoworld]

 

Snapchat is now using the third-party ad targeting it once called ‘creepy’

Snapchat is now accessing its users’ offline purchase data to improve the targeting of its ads, despite its CEO having previously deemed this kind of advertising “creepy.”

Following in the footsteps of tech and social media giants such as Facebook, Twitter, and Google, Snap Inc has partnered with a third party offline data provider called Oracle Data Cloud according to the Wall Street Journal.

This partnership will allow Snapchat advertisers to access data about what users buy offline in order to more accurately target ads.

Snapchat gets specific

Now rather than seeing generally less invasive advertisements appear on Snapchat which have a broad consumer appeal, you’re more likely to see ads that make you think “how did they know?” as you’ll now be assigned a specific consumer demographic such as “consumer tech purchaser.”

This decision shows the company is taking its growth seriously as it’s a different approach CEO Evan Spiegel laid out in June 2015. Back then, Spiegel stated his distaste for such personalized advertising saying “I got an ad this morning for something I was thinking about buying yesterday, and it’s really annoying. We care about not being creepy. That’s something that’s really important to us.”

Now, however, Snap Inc has to do all it can to guarantee that its stock is worth buying when it goes public later this year. Such an advertising approach is a good way to do so because it should make Snapchat a more attractive option to advertisers as targeted adverts are more likely to earn more per view.

Fortunately, if this kind of advertising doesn’t sit well with you whether because you consider it invasive or because you’re just incredibly susceptible, Snapchat is giving its users the ability to opt out. It’s already started rolling out the changed adverts so you’ll be able to change it now.

To do so, simply go into the settings section within the Snapchat app, go to Manage Preferences, select Ad Preferences and switch off the Snap Audience Match function.

 

 

[Source:- Techrader]

 

Upcoming Windows 10 update reduces spying, but Microsoft is still mum on which data it specifically collects

Privacy-2-1024x812

There’s some good news for privacy-minded individuals who haven’t been fond of Microsoft’s data collection policy with Windows 10. When the upcoming Creators Update drops this spring, it will overhaul Microsoft’s data collection policies. Terry Myerson, executive vice president of Microsoft’s Windows and Devices Group, has published a blog post with a list of the changes Microsoft will be making.

First, Microsoft has launched a new web-based privacy dashboard with the goal of giving people an easy, one-stop location for controlling how much data Microsoft collects. Your privacy dashboard has sections for Browse, Search, Location, and Cortana’s Notebook, each covering a different category of data MS might have received from your hardware. Personally, I keep the Digital Assistant side of Cortana permanently deactivated and already set telemetry to minimal, but if you haven’t taken those steps you can adjust how much data Microsoft keeps from this page.

Second, Microsoft is condensing its telemetry options. Currently, there are four options — Security, Basic, Enhanced, and Full. Most consumers only have access to three of these settings — Basic, Enhanced, and Full. The fourth, security, is reserved for Windows 10 Enterprise or Windows 10 Education. Here’s how Microsoft describes each category:

Security: Information that’s required to help keep Windows, Windows Server, and System Center secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.

Basic: Basic device info, including: quality-related data, app compatibility, app usage data, and data from the Security level.

Enhanced: Additional insights, including: how Windows, Windows Server, System Center, and apps are used, how they perform, advanced reliability data, and data from both the Basic and the Security levels.

Full: All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels.

That’s the old system. Going forward, Microsoft is collapsing the number of telemetry levels to two. Here’s how Myerson describes the new “Basic” level:

[We’ve] further reduced the data collected at the Basic level. This includes data that is vital to the operation of Windows. We use this data to help keep Windows and apps secure, up-to-date, and running properly when you let Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also includes basic error reporting back to Microsoft.

Windows 10 will also include an enhanced privacy section that will show during start-up and offer much better granularity over privacy settings. Currently, many of these controls are buried in various menus that you have to manually configure after installing the operating system.

It’s nice that Microsoft is cutting back on telemetry collection at the basic level. The problem is, as Stephen J Vaughn-Nichols writes, Microsoft is still collecting a creepy amount of information on “Full,” and it still defaults to sharing all this information with Cortana — which means Microsoft has data files on people it can be compelled to turn over by a warrant from an organization like the NSA or FBI. Given the recent expansion of the NSA’s powers, this information can now be shared with a variety of other agencies without filtering it first. And while Microsoft’s business model doesn’t directly depend on scraping and selling customer data the way Google does, the company is still gathering an unspecified amount of information. Full telemetry, for example, may “unintentionally include parts of a document you were using when a problem occurred.” Vaughn-Nichols isn’t thrilled about that idea, and neither am I.

The problem with Microsoft’s disclosure is it mostly doesn’t disclose. Even basic telemetry is described as “includes data that is vital to the operation of Windows.” Okay. But what does that mean?

I’m glad to see Microsoft taking steps towards restoring user privacy, but these are small steps that only modify policies around the edges. Until the company actually and meaningfully discloses what telemetry is collected under Basic settings and precisely what Full settings do and don’t send in the way of personally identifying information, the company isn’t explaining anything so much as it’s using vague terms and PR in place of a disclosure policy.

As I noted above, I’d recommend turning Cortana (the assistant) off. If you don’t want to do that, you should regularly review the information MS has collected about you and delete any items you don’t want to part of the company’s permanent record.

 

 

[Source:- Extremetech]

Attackers start wiping data from CouchDB and Hadoop databases

Data-wiping attacks have hit exposed Hadoop and CouchDB databases.

It was only a matter of time until ransomware groups that wiped data from thousands of MongoDB databases and Elasticsearch clusters started targeting other data storage technologies. Researchers are now observing similar destructive attacks hitting openly accessible Hadoop and CouchDB deployments.

Security researchers Victor Gevers and Niall Merrigan, who monitored the MongoDB and Elasticsearch attacks so far, have also started keeping track of the new Hadoop and CouchDB victims. The two have put together spreadsheets on Google Docs where they document the different attack signatures and messages left behind after data gets wiped from databases.

In the case of Hadoop, a framework used for distributed storage and processing of large data sets, the attacks observed so far can be described as vandalism.

That’s because the attackers don’t ask for payments to be made in exchange for returning the deleted data. Instead, their message instructs the Hadoop administrators to secure their deployments in the future.

According to Merrigan’s latest count, 126 Hadoop instances have been wiped so far. The number of victims is likely to increase because there are thousands of Hadoop deployments accessible from the internet — although it’s hard to say how many are vulnerable.

The attacks against MongoDB and Elasticsearch followed a similar pattern. The number of MongoDB victims jumped from hundreds to thousands in a matter of hours and to tens of thousands within a week. The latest count puts the number of wiped MongoDB databases at more than 34,000 and that of deleted Elasticsearch clusters at more than 4,600.

A group called Kraken0, responsible for most of the ransomware attacks against databases, is trying to sell its attack toolkit and a list of vulnerable MongoDB and Elasticsearch installations for the equivalent of US$500 in bitcoins.

The number of wiped CouchDB databases is also growing rapidly, reaching more than 400 so far. CouchDB is a NoSQL-style database platform similar to MongoDB.

Unlike the Hadoop vandalism, the CouchDB attacks are accompanied by ransom messages, with attackers asking for 0.1 bitcoins (around $100) to return the data. Victims are advised against paying because, in many of the MongoDB attacks, there was no evidence that attackers had actually copied the data before deleting it.

Researchers from Fidelis Cybersecurity have also observed the Hadoop attacks and have published a blog post with more details and recommendations on securing such deployments.

The destructive attacks against online database storage systems are not likely to stop soon because there are other technologies that have not yet been targeted and that might be similarly misconfigured and left unprotected on the internet by users.

 

 

[Source:- JW]

91% off Microsoft Certified Solutions Associate: SQL Server Certification Bundle – Deal Alert

sql course

Whether or not you’ve dabbled with queries or databases, earning a MCSA certification will attract the eyes and wallets of company execs across the states and beyond. SQL is a go-to software for implementing data warehouses, as well as efficiently managing massive amounts of data. In this bundle, currently discounted 91%, you’ll access three courses:

  • Microsoft 70-461: Querying Microsoft SQL Server 2012
  • Microsoft 70-462: Administering Microsoft SQL Server 2012 Databases
  • Microsoft 70-463: Implementing A Data Warehouse With Microsoft SQL Server 2012

This $438 course bundle is available, for a limited time, for just $35.99. Learn more about this bundle, the courses included, the instructor, and how to purchase.

 

 

[Source:- Infoworld]

 

What’s on your Start Screen, Zac Bowden?

Image result for What's on your Start Screen, Zac Bowden?

It’s been a little while since we last did a “What’s on your Start Screen?”, and that’s because so much has been changing within the world of Windows phone over the last couple of years. With the introduction of Windows 10 Mobile, the redesign of several Windows phone apps, and the slow transition from several different versions of Windows to one single Windows that works across every device, we just haven’t found the time!

A lot of Windows Phone users have since left the platform since our last Start Screen article, and that’s unfortunate. However, there’s still a few of us left using Windows phones as our daily drivers, and I thought it’d be a good idea to share some of the apps I’m using on the lead up to 2017.

I don’t have many apps pinned, and that’s simply because I don’t like scrolling on my Start Screen. I’m a huge user of live tiles, and I think live tiles should be on screen at all times so I can see what information they have to offer. Still, I try to make good use of my screen real estate.

My Apps

  • Messaging: I’m super big on SMS. I know that’s kind of odd leading into 2017, but I much prefer it over any form of instant messenger such as WhatsApp or Skype. If I can, I’ll always opt to send an SMS if trying to contact someone. Everybody has SMS.
  • Phone: The standard built-in Phone app. I don’t make calls all that often, but I feel like I need to have this app pinned on my Start Screen just in case I am in a situation in which I do need to make a call.
  • Outlook Calendar: I like being able to see the date and upcoming appointments on my Start Screen, and the Calendar app does just that. Rarely do I open the Calendar app, this is definitely one of those situations in which the live tile does everything I need it to do.
  • Microsoft Edge: Edge is the best way to browse the web on a Windows 10 Mobile device, so I’m constantly using it to view websites, read news, watch videos and more. It syncs favorites across Windows 10 devices, and is lightweight and easy to use.
  • Windows Store: The Windows Store is home to all purchasable Content in the Windows ecosystem. Whether it be apps, games, music or movies/TV, I’m always in the Store looking for something new to spend my money on. I often find a movie, or a game that catches my interest.
  • Twitter: When it comes to Twitter, I opt for the official Twitter app from Twitter themselves. Yes, I know there are far better Twitter clients out there built by third parties, but I like the simplicity of the official app. It’s universal and works across PC and Phone, and what’s more, even though there are a plethora of bugs and missing features, it gets the job done.
  • Cortana: I don’t actually use Cortana all that much, but I have it pinned just in case I want to mess with a setting or two with syncing notifications and whatnot. I like the news ticker that pops up on the live tile, and will sometimes open it up to check on reminders and adjust things.
  • Outlook Mail: The built-in Mail app is my choice of email client on Windows 10 Mobile. It does everything I need, from a reliable live tile all the way down to the simplicity of the app. I can add my Outlook, Google, Yahoo and other email accounts with ease, and configure notification popups from specific accounts if needed.
  • GroupMe: GroupMe is one of the best group messaging apps available on Windows 10 Mobile, and I use it frequently with some of the Windows Central team. It’s great for team collaboration, goofing around, and just sharing things for later.
  • WhatsApp Beta: Although I’m big on SMS, I do have a need for WhatsApp too. A lot of my personal friends would rather be contacted through WhatsApp, so that’s what I use when contacting them. The WhatsApp Beta app, although still a Windows Phone 8.1 app, is coming along quite nicely being updated constantly with new features and changes.
  • Slack: Slack is the main communication platform we use here at Mobile Nations. It’s how I message the team, and how the team message me. It’s still in beta, but the app is feature-filled enough to be usable as one of my “must-have” apps on my phone.
  • Groove Music: Groove is the best music streaming service available on Windows 10 Mobile. Sure, there’s Pandora and Spotify, but those apps aren’t all that great compared to Groove, which is arguable the best app available on Windows 10 right now. I’m a subscriber to Groove music, and most of the music I’d want to listen to is ready to stream from the service.
  • Windows Central: Of course, how could I not have this one pinned to my Start Screen? I love the Windows Central app, it’s easy to use and is always updated with the latest articles direct from our feed. The live tile is super customizable too!
  • Weather: I live in the United Kingdom, so I need to know whether the weather outside is grey and raining. It usually is, but sometimes that live tile shows a bit of sunshine, and that makes me smile.
  • Instagram: Not a huge user of Instagram, I generally only use it when procrastinating. Maybe one day I’ll be Instagram-famous.
  • Trello Central: We use Trello for article planning and scheduling here at Mobile Nations, so it makes sense for me to have an app on my phone that allows me to jump in there and check on things. It’s not super feature-filled, being a 3rd-party app, but it gets the job done.
  • Uber: As a kid, I always wanted own my own car so I could drive wherever I needed, whenever I needed to. In 2016 however, all I need is Uber. Who needs to drive these days when you can get someone else to drive for you?!

 

[Source:- Windowscentral]

An app to crack the teen exercise code

An app to crack the teen exercise code

Pokémon GO has motivated its players to walk 2.8 billion miles. Now, a new mobile game from UVM researchers aims to encourage teens to exercise with similar virtual rewards.

The game, called “Camp Conquer,” is the brainchild of co-principal investigators Lizzy Pope, assistant professor in the Department of Nutrition and Food Science, and Bernice Garnett, assistant professor of education in the College of Education and Social Services, both of the University of Vermont. The project is one of the first in the area of gamification and obesity, and will test launch with 100 Burlington High School students this month.

Here’s how it works: Real-world physical activity, tracked by a Fitbit, translates into immediate rewards in the game, a capture-the-flag-style water balloon battle with fun, summer camp flair. Every step a player takes in the real world improves their strength, speed, and accuracy in the game. “For every hundred steps, you also get currency in the game to buy items like a special water balloon launcher or new sneakers for your avatar,” says Pope.

Helping Schools Meet Mandates

In 2014, Vermont established a requirement for students to get 30 minutes of physical activity during the school day (in addition to P.E. classes), a mark Pope says schools are struggling to hit. And it’s not just Vermont; according to the CDC, only 27 percent of high school students nationwide hit recommended activity goals, and 34 percent of US teens are overweight or obese.

Camp Conquer is a promising solution. The idea struck after Pope and Garnett visited Burlington High School, where they saw students playing lots of games on school-provided Chromebook laptops. Pope and Garnett approached Kerry Swift in UVM’s Office of Technology Commercialization for help. “I thought, if we’re going to make a game, it’s going to be legit,” says Pope.

Where Public Meets Private

The team is working with GameTheory, a local design studio whose mission is to create games that drive change. Pope says forming these types of UVM/private business partnerships to create technology that can be commercialized is the whole point of UVMVentures Funds, which partially support this project.

A key result of this public/private partnership, and of the cross-departmental collaboration between Pope and Garnett, was a methodology shift. Pope says it’s less common for health behavior researchers to involve their target demographic in “intervention design.” But Garnett, who has experience in community-based participatory research, and GameTheory, which commonly utilizes customer research, helped shift this. “Putting the experience of Bernice and GameTheory together, we came up with student focus groups to determine when they’re active, why they’re not, and what types of games they like to play,” says Pope. She believes this student input has Camp Conquer poised for success. “It gave us a lot of good insight, and created game champions.”

What does success look like? Pope says in her eyes, “it’s all about exciting kids to move more.” But another important aspect is the eventual commercialization of the app. “It could be widely disseminated at a very low cost. You could imagine a whole school district adopting the app,” says Pope. She expects that if the January test shows promise, GameTheory will take the game forward into the marketplace, and continue to update and improve it. “There’s definitely potential,” says Pope.

[Source:- Phys.org]

Google open-sources test suite to find crypto bugs

Google open-sources test suite to find crypto bugs

Working with cryptographic libraries is hard, and a single implementation mistake can result in serious security problems. To help developers check their code for implementation errors and find weaknesses in cryptographic software libraries, Google has released a test suite as part of Project Wycheproof.

“In cryptography, subtle mistakes can have catastrophic consequences, and mistakes in open source cryptographic software libraries repeat too often and remain undiscovered for too long,” Google security engineers Daniel Bleichenbacher and Thai Duong, wrote in a post announcing the project on the Google Security blog.

Named after Australia’s Mount Wycheproof, the world’s smallest mountain, Wycheproof provides developers with a collection of unit tests that detect known weaknesses in cryptographic algorithms and check for expected behaviors. The first set of tests is written in Java because Java has a common cryptographic interface and can be used to test multiple providers.

“We recognize that software engineers fix and prevent bugs with unit testing, and we found that many cryptographic issues can be resolved by the same means,” Bleichenbacker and Duong wrote.

The suite can be used to test such cryptographic algorithms as RSA, elliptic curve cryptography, and authenticated encryption, among others. The project also has ready-to-use tools to check Java Cryptography Architecture providers, such as Bouncy Castle and the default providers in OpenJDK. The engineers said they are converting the tests into sets of test vectors to simplify the process of porting them to other languages.

The tests in this release are low-level and should not be used directly, but they still can be applied for testing the algorithms against publicly known attacks, the engineers said. For example, developers can use Wycheproof to verify whether algorithms are vulnerable to invalid curve attacks or biased nonces in digital signature schemes.

So far the project has been used to run more than 80 test cases and has identified 40-plus vulnerabilities, including one issue where the private key of DSA and ECDHC algorithms could be recovered under specific circumstances. The weakness in the algorithm was present because libraries were not checking the elliptic curve points they received from outside sources.

“Encodings of public keys typically contain the curve for the public key point. If such an encoding is used in the key exchange, then it is important to check that the public and secret key used to compute the shared ECDH secret are using the same curve. Some libraries fail to do this check,” according to the available documentation.

Cryptographic libraries can be quite difficult to implement, and attackers frequently look for weak cryptographic implementations rather than trying to break the actual mathematics underlying the encryption. With Wycheproof, developers and users can check their libraries against a large number of known attacks without having to dig through academic papers to find out what kind of attacks they need to worry about.

The engineers looked through public cryptographic literature and implemented known attacks to build the test suite. However, developers should not consider the suite to be comprehensive or able to detect all weaknesses, because new weaknesses are always being discovered and disclosed.

“Project Wycheproof is by no means complete. Passing the tests does not imply that the library is secure, it just means that it is not vulnerable to the attacks that Project Wycheproof tries to detect,” the engineers wrote.

Wycheproof comes two weeks after Google released a fuzzer to help developers discover programming errors in open source software. Like OSS-Fuzz, all the code for Wycheproof is available on GitHub. OSS-Fuzz is still in beta, but it has already worked through 4 trillion test cases and uncovered 150 bugs in open source projects since it was publicly announced.

 

 

[Source:- JW]

Microsoft rolls out SQL Server 2016 with a special deal to woo Oracle customers

Microsoft has released SQL Server 2016.

The next version of Microsoft’s SQL Server relational database management system is now available, and along with it comes a special offer designed specifically to woo Oracle customers.

Until the end of this month, Oracle users can migrate their databases to SQL Server 2016 and receive the necessary licenses for free with a subscription to Microsoft’s Software Assurance maintenance program.

Microsoft announced the June 1 release date for SQL Server 2016 early last month. Among the more notable enhancements it brings are updateable, in-memory column stores and advanced analytics. As a result, applications can now deploy sophisticated analytics and machine learning models within the database at performance levels as much as 100 times faster than what they’d be outside it, Microsoft said.

The software’s new Always Encrypted feature helps protect data at rest and in memory, while Stretch Database aims to reduce storage costs while keeping data available for querying in Microsoft’s Azure cloud. A new Polybase tool allows you to run queries on external data in Hadoop or Azure blob storage.

Also included are JSON support, “significantly faster” geospatial query support, a feature called Temporal Tables for “traveling back in time” and a Query Store for ensuring performance consistency.

SQL Server 2016 features were first released in Microsoft Azure and stress-tested through more than 1.7 million Azure SQL DB databases. The software comes in Enterprise and Standard editions along with free Developer and Express versions.

Support for SQL Server 2005 ended in April.

Though Wednesday’s announcement didn’t mention it, Microsoft previously said it’s planning to bring SQL Server to Linux. That version is now due to be released in the middle of next year, Microsoft said.

 

[Source:- Infoworld]

 

The SIM-unlocked Alcatel IDOL 4S quietly goes on sale through the Microsoft Store

Image result for The SIM-unlocked Alcatel IDOL 4S quietly goes on sale through the Microsoft Store

Looks like speculation that Alcatel’s Idol 4S running Windows 10 Mobile going carrier-unlocked (GSM) after a T-Mobile exclusivity ended were true. As spotted on MSPU Microsoft has begun to make the rather powerful – and impressive – Windows 10 Mobile phone available for purchase in the US through their store.

Asking price is still the same $470, which includes the VR goggle package and 21MP rear camera.

Alcatel Idol 4S with Windows 10 Specs

CPU Snapdragon 820 | Quad Core CPU @2.15 GHz
Display 5.5-inch FHD AMOLED
Dragontrail 2.5D Glass
Memory 64GB ROM
4GB RAM
microSD
Camera 21 MP rear camera
8 MP front-facing camera
Battery 3,000 mAh
Quick Charge 3.0
420Hrs Standby
15Hrs Talk
Continuum Yes
VR Yes
Windows Hello Yes (Fingerprint)
Audio Dual speakers with Hi-Fi surround sound
Dimensions 153.9 x 75.4 x 6.99 mm
Weight 152g
HD Voice Yes
VoLTE Yes
Wi-Fi 802.11 a/b/g/n/ac
Wi-Fi Calling 1.0
Bluetooth BT 4.1
A2DP, OPP, HFP, AVRCP, PBAP

The rest of the specifications and color (‘Halo Gold’) are all the same as well. In fact, it’s likely the same device as our review unit, which was unlocked as well and worked brilliantly on AT&T with no issue.

Microsoft notes that the unlocked version should work on AT&T, T-Mobile, H20, Straight Talk, Cricket Wireless, MetroPCS, and select prepaid carriers.

 

[Source:- Windowscentral]