Netlify, a service for quickly rolling out static websites, raises $2.1

Mathias Biilmann — a former CTO of a firm that built websites for small businesses — says developers have gotten so used to using Github as a central workflow, they expect the entire rest of the developer experience to work the same way.

“The way that a front-end developer would work would be to go into a server and change how things were structured, but then Git came in and became the basic way of operating,” Biilmann, co-founder of Netlify, said. “You get more and more the expectation that pushing to Git something happens.”

That’s his goal for his and his co-founder Chris Bach’s new company. Netlify basically initiates its own kind of repository that pushes both to a Github repository and its own services. Then, those updates execute and are distributed across a wide network of content delivery networks to deliver pre-built static pages to visitors — with Netlify picking the best one from the cloud services available. Netlify then distributes all those static sites across its own content delivery network, meaning that when visitors access those pages they are pre-built.

The idea here is that, instead of a program running every time a visitor goes to a page, the pre-loading has already been done and the user is immediately served a page that’s directed from the closest geographic server, in order to reduce load times. More dynamically built pages may also be vulnerable to slowdowns if they suddenly get a spike of traffic, Biilmann said.

The hope is that, by simplifying the deployment process, he can convince developers that are looking for a lightweight page experience to use something like Netlify instead of simply deploying directly to Amazon Web Services or other providers. To do all this, the company has raised $2.1 million from Bloomberg Beta and Tank Hill Ventures.

Part of the process that’s developed over time is simply pushing Git updates directly to a server, like AWS. The expectation over time has become to simply run a push update through a command line and expect it to work on the other end. Since this has become an increasing expectation over time, especially with front-end developers, Biilmann and his team decided to build a set of tools that bundled together all the necessary components of building out those pages and deploying them.

So, Netlify enables those developers to roll out changes across a larger network of servers that can easily be rolled back with those kinds of simple updates. And all this can be done directly from a command line interface.

So, why pre-built? There are a few reasons: sometimes, when visiting a site, the page will build dynamically based on the applications running on something like Amazon Web Services. That not only requires the page to build itself, but also leaves open the opportunity for malicious attacks (like finding a vulnerability in a Flask server, for example). By essentially pushing the site in isolation from a CDN, they aren’t tapping into a dynamic setup that might be open to attack.

We say static site it’s not like 1994 where sites were static, 99.9% of sites serviced by Netlify are very dynamic,” Biilmann said. “They just interact with the browser instead of having to be built server-side every time.”

If a developer ends up breaking a line of code, they can quickly roll back to a previous instance of the site that’s out there. While most of the operations can be done from a command line interface, Netlify users can also view a snapshot of their running pages through a web-based interface and monitor their health.

At the moment Netlify doesn’t serve tools that interact with a database layer. Biilmann says this is primarily because many modern pages implement an experience that’s hooked through a set of APIs into other services. One example he gave would be running comments through an API like Disqus, or running search functions through another API.

Investors in Netlify include Heroku founder Adam Wiggins and Github founder Tom Preston-Werner, who clearly seem to have an interest in helping individuals deploy fuller — and faster — website experiences with a simpler developer experience.

The challenge for Netlify will to keep those experiences simple and quickly adjust to developer demands for these kinds of tools. It’s not much of a stretch to imagine something like AWS implementing a similar tool, and with so many developers already running on AWS, it might be hard to peel them away. But Biilmann says that, while larger companies have enjoyed the capability to deploy these kinds of experiences, tools like these will help attract a wider long tail or developer activity.

Read More

Huawei replaces Xiaomi at top of Chinese smartphone marke

The most recent numbers out of analyst firm IDC show a major shakeup in the Chinese smartphone market for Q2. During an especially rough quarter, local handset maker Xiaomi’s shipment dipped significantly from 17.1 to 10.5 million year over year, according to the firm.

The 38 percent drop was enough to knock the company down to the fourth position, as Huawei took over the top spot with 19.1 million units moved, comprising 17.2 percent of the country’s massive market share. Huawei was followed closely by fellow domestic manufacturers OPPO and Vivo, at 18 and 14.7 million units, respectively.

For its part, Xiaomi has disputed IDC’s numbers, pointing to higher estimates from other prominent research firms, though all noted numbers significantly below Q2 2015’s 17 million.

The highest spot by a non-domestic company on IDC’s list was secured by Apple, which rounded out the top five with 8.6 million shipments, also down fairly significantly (31.7 percent) from 12.6 the year prior.

Read More

Cisco and Fortinet say vulnerabilities disclosed in ‘NSA hack’ are legit

A group calling itself the Shadow Brokers dumped data online this weekend that it claimed to have stolen from the Equation Group, a hacking team widely believed to be associated with the NSA. Firewall makers Cisco and Fortinet have now confirmed that vulnerabilities included in the data dump affected their products — a disclosure that lends credence to the theory that the Equation Group is indeed an NSA operation.

Cisco said in a security advisory that two vulnerabilities in the Shadow Brokers’ data could be used to breach its Adaptive Security Appliance (ASA) software used in its firewalls. “An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system,” Cisco’s disclosure says.

The data being offered for sale by the Shadow Brokers is dated between 2010 and 2013, so Cisco firewalls may have been vulnerable for years.

Fortinet also said that some of its products released prior to August 2012 contained a vulnerability that would allow an attacker to take execution control over a firewall. More recent versions should not be affected, Fortinet said, although the company noted that its investigation into the code released by the Shadow Brokers is continuing.

Cisco security engineer Omar Santos wrote that one of the two vulnerabilities affecting Cisco products was patched in 2011. However, Santos said he wanted to discuss it publicly “to increase its visibility with our customers so they can ensure they are running software versions that defend against the exploit Shadow Broker has shared.” This exploit is referred to in the Shadow Brokers’ dump as EPICBANANA.

The second exploit, EXTRABACON, affects all releases of Cisco’s ASA software — but getting it to work is is tricky. (Santos walks through it in his blog post.) The exploit would allow an attacker to take full control of the firewall system, but its complexity — and the fact that Cisco hadn’t discovered and patched it — suggests it was developed by a talented adversary.

Meanwhile, the Shadow Brokers also claim that their exploits will work on firewalls from Juniper Networks and TopSec, but neither company has publicly acknowledged the leak. The Shadow Brokers say they have additional yet-to-be-released exploits and are offering the data for sale in a Bitcoin auction. The group is asking for $1 million, but the auction has yet to receive any significant bids.

If the auction is unsuccessful, the vulnerabilities contained in the Shadow Brokers data may still come to light. Wikileaks has claimed to have access to the data and says it will publish a “pristine copy” soon.

Read More

International technical standards needed to accelerate IoT growth

International standards are needed for the Internet of Things (IoT) in order to accelerate growth in industrial and manufacturing environments, particularly among small to medium-sized businesses.

"We need to get to global standards in the Industrial Internet Consortium [IIC]. Ensure the architectures are aligned and ideas and standards are being promoted at the same time," said Hans Jörg Stotz, senior vice president of IoT products and innovation at SAP.

Earlier this year, SAP announced that it partnered with Bosch to create a European IoT testbed to try to develop standards to connect sensors, machines, moving assets, and facilities to permeate all layers of the industrial IoT stack.

Other partners in the testbed are Dassault Systemes of France and Tata Consultancy Services (TCS) of India. TCS is doing the data acquisition, and Bosch provides energy components, and is continuously collecting data from all the machinery in the plant, generating a stream of information about the electricity consumed in the process of manufacturing. Dassault 3D Experience Platform brings a multidimensional representation of all the plant's machinery and functions, and SAP provides a platform and database for predictive analytics and big data.

SEE: AT&T launches $99 IoTStarter Kit to push innovation to market faster(TechRepublic)

Having international standards in place will mean that data coming from the IoT machines will be consistently identified, and mapped in the same way, whether that's data about usage, or when the machine needs maintenance. Right now, most companies are mapping data manually, and it takes so much time and costs so much in personnel labor that many small to medium-sized companies aren't able to afford it, Stotz said.

"We're pushing hard for semantic standards, so that machines identify themselves. The trick is at the end of the day to identify the vast amount of things out there which could at some point talk to the system," Stotz said.

• 
  

Matt Jennings, regional president of the Americas for Bosch Software Innovations, said, "There are probably thousands of standards. I think as we look at IoT going forward, we want to eliminate some complexity of connectivity, and we need to discuss ways to do this."

Jennings explained that developing standards is really about "developing best practices," and the more complex standards are, the more it can cost a company to follow all of them, particularly in a manufacturing environment.

"Having common reference architecture for various types of industry use cases or solutions would speed up the opportunities for the organization to implement these types of solutions and it will make them less expensive to maintain," Jennings said. "I also think it will probably speed innovation because there will be a common way to look at things."

Nils Herzberg, senior vice president and global co-lead for the Internet of Things at SAP, said, "Most sensors are stupid. They do not describe themselves to the Internet of Things. Most cars do not say, 'I'm a Chrysler 200 and my serial number is...'. It would be helpful if the machines could volunteer this information, and the Internet of Things would describe itself to itself."

A standardized language would help make sense of industrial data. Sanjay Khatri, director of product marketing and IoT services for Jasper, which was acquired by Cisco earlier this year, said, "Those sensors and those devices that are being embedded into the industrial assets and all of the equipment that's being used in an industrial context, you want to make sure that those are standardized. If you're a car manufacturer like GM, you have manufacturing equipment on the factory floor, but you also have forklifts and you have various different types of other equipment within your manufacturing operation that you're using to run your entire operation. You want to make sure that there is some level of standardization so that when you collect all that data into a central repository you can get a consistent view."

While there are some standards in place, such as the OPC UA, an industrial M2M communication protocol, they aren't sufficient for international IoT use.

Stotz said, "What we are developing here isn't new and unrelated to all standards. OPC UA is a standard that could easily implement the ideas that are currently being discussed in the German platform industry. We believe that existing standards could extend and adopt the ideas being brought forward."

"From a Cisco perspective, we totally agree," said Paul Didier, solutions architect manager for

Cisco's IoT solutions group. "We're working really hard to make sure that those standards exist."

Didier said, "It's really clear there's a lot of value in IoT. A lot of people will say, 'f I had the data, I could do this, I could do that, I could do a lot of amazing things.' That first part of the sentence, 'if I had the data,' is one of the biggest hurdles. Many of these industrial environments are using segmented, proprietary networks that don't communicate with other networks. Anything in there is a challenge to deliver with industrial IoT networks if they remain unmerged."

"Even in sub-verticals like manufacturing for industrial IoT there's a lot of work that needs to be done about trying to simplify and make sense of all these different protocols," he said.

Stotz said, "At the end of the day, I think IoT will only become real if we have standards. Otherwise the small suppliers will not be able to enter the game."

Three takeaways for TechRepublic readers:

1. International standards are needed to fuel IoT industrial growth particularly among smaller companies.
2. SAP and Bosch have partnered to create a European testbed for IoT to accelerate growth.
3. Existing standards such as OPC UA could be modified and reworked to serve as a base for new international standards.

Read More

Why haven't we seen the smartphone security apocalypse in iPhone and Android yet?

Mobile phones present a ripe attack vector for hackers, but so far we've avoided the nightmares of Windows 95. Is it just a matter of time?

Finally, the mobile security apocalypse is upon us. A recent BBC headline warned: "Android bug fear in 900 million phones." For those of us who lived through Windows 95, widespread, catastrophic malware and security vulnerabilities were the norm, not the exception, which is why one of life's great mysteries has been the apparent absence of massive mobile security threats.

Despite everyone carrying around multitudinous attack vectors 24/7, when was the last time a friend or family member called you up to ask how to remove a virus on their phone? Something like the extremely destructive Chernobyl virus that plagued Windows 95? Probably never. Yet, that was a routine occurrence in the early days of the desktop.

But, according to a new MobileIron report, enterprises are about to get a severe wake-up call as "The velocity of mobile attacks is increasing," but a mere 8% of enterprises are enforcing OS updates to keep employee phones secure.

What, me worry?

Security is one of those things that only seems obvious in retrospect. Intuitively we know that mobile security must be an issue, with billions of phones in circulation. Yet, as individuals and employers, we do very little about it.

SEE The state of mobile device security: Android vs. iOS (ZDNet)

For many of us, we haven't needed to. Apple's iOS, for example, is a closed system that has made it difficult for hackers to crack its security. However,according to noted security expert Eugene Kaspersky, iOS' closed nature is actually the very thing that makes it most problematic:

[T]he most dangerous scenario, I am afraid, is with iPhones. It's less probable because it is very difficult to develop malware for iPhones, because the [operating] system is closed [for outside programmers]. But, every system has a vulnerability. If it happens—in the worst case scenario, if millions of the devices are infected—there is no antivirus, because antivirus companies don't have any rights to develop true end-point security [for Apple].

Given that MobileIron found that 81% of devices used in the enterprise are iOS, this could portend trouble. Even so, it is Android, not iOS, that gets targeted 92% of the time, according to a 2013 Juniper Networks study.

Regardless, the problem for enterprises is that they seem to exercise very little control over the mobile devices on their networks, as Conner Forrest reportedon MobileIron's findings:

• 40% of companies had missing devices, up from 33% in Q4 2015;
• 27% of companies had out-of-date policies, up from 20% in Q4 2015; and
• 8% of companies were enforcing OS updates, which was comparable to Q4 2015.

Personal devices on corporate networks

This isn't so hard to understand when we remember the personal nature of mobile devices. Back in the days of the Chernobyl virus, "personal computers" were often paid for by their companies. Today, Gartner estimates that 40% of all "enterprise devices" are actually personal smartphones and laptops, and I'd wager that the percentage of personal smartphones in use is actually significantly higher.

• 
  
• 
  
• 
  

After all, even if the enterprise buys the phone, I've seen plenty of employees skirt mobile device management policies to be able to use "their" phone as they choose. Mobile is personal, and individuals will go to great lengths to keep their mobile devices off of IT's radar...

...though not off the network. And that's where the risks lie.

In an increasingly connected and interconnected world, everything—including our lighting systems—creates a potential attack vector. While it would be nice to believe that widespread malware attacks are a thing of the desktop past, that would also be incredibly naive, given how tempting today's targets are.

Many of us (myself included), remember when the desktop was ripe with Chernobyl virus-like attacks. It would be foolish to believe that we're not headed there on our mobile devices, too, though in a much bigger way. And yet, we still haven't had a Chernobyl. The question is, "Why?"

What do you think?

I'd love to hear your thoughts. Are we headed for another Chernobyl-like virus in mobile? What is the biggest threat mobile presents in the enterprise? Share your thoughts in the comments or on Twitter.

Read More

Nissan up the EV design game with new model

Aside from a couple distinctiv

Read More

Facebook continues push to be more like Snapchat with new camera feature

In its bid to become more like Snapchat, Facebook is finally putting its MSQRD acquisition to good use.

The social network is testing a new feature that puts a Snapchat-like camera at the top of News Feed, allowing users to add filters and animations to their selfies. The test is limited to users in Canda and Brazil right now and will feature content celebrating the Olympics. 

SEE ALSO: Facebook's obsession with live video will be short-lived

The test is powered by MSQRD, the Snapchat-like app for video filters Facebook acquired earlier this year. 

Users in Brazil and Canada will see a prompt to "celebrate the Olympic Games" using the new camera feature. Launching the camera allows you to add filters and "masks" (MSQRD's name for the Snapchat-like lenses) to their photos, which they can then share across Facebook. 

The feature is only an experiment for now and whether or not Facebook expands it to more people in more countries will likely depend on how it's received during the initial testing period. The test is also notable in that it marks MSQRD's formal debut in a Facebook product. Even if it's not successful though, this will not be the last time we see the company integrate MSQRD into one of its services, as Facebook previously announced it would integrate MSQRD's filterswith its live streaming platform.

The test also comes on the heels of Instagram's new Stories feature, which many see as its most blatant attempt at copying Snapchat yet. (Facebook says both Instagram Stories and this latest test in News Feed are all part of its current strategy to put video front and center in as many places as it can.)

But Facebook may find the feature to be a hard sell with users who may be growing weary of the network's repeated attempts at cloning Snapchat. The company previously launched (and shuttered) two standalone apps that were Snapchat clones. It also made efforts to build similar features into its main apps, testing a Snapchat-like feature called Quick Updates that it decided not to launch. And a report earlier this year suggested Facebook is working on yet anotherstandalone camera app to get more users to share photo and video.

Read More