Archives

now browsing by author

 

What is Slack?

slack

Slack is a different kind of messaging service that allows an unlimited number of people to communicate quickly and send ideas back and forth to team members with the push of a button.
Slack can be used both on desktop and notebook computers, as well as on smartphones via apps. Despite its name, the focus is on helping your team to be more productive than ever before.
Since its launch in 2014, Slack has become a popular tool for enterprise collaboration, more than six million people use Slack daily, around a third of whom are paying customers, people are spending on average more than two hours each day inside the chat app. Slack wants to make interactions more fun, which has been a big part of the secret behind its success: public channels messages can be accompanied with GIFs.
Three types of channels exist within each workplace for team members: public, private and, more recently, shared channels. The latter enables communications with staffers at external companies. Channels allow discussions to center on a specific project, team (such as sales or marketing) or a shared interest topic (video, for example). The app also offers direct messages for quick conversations with another team member, using private channel. And you can drag and drop just about any file into the system to quickly and effortlessly share it with team members.
Since launch, the platform has quickly added new features. Video and voice-calling capabilities were rolled out in 2016 and last year screen sharing was enabled – the result of Slack’s ScreenHero acquisition.

Can my boss read my messages?

There are two types of privileged Slack users: admins and “workspace owners.” Both of these special users can download a “standard export” of anything posted to public channels, but only workspace owners can see your messages, through what’s called a “compliance export.” Not all workplaces have compliance exports enabled.
Slack added the compliance exports feature in 2014 for some of its paid customers and the feature is only available on the Plus plan. If your workspace owner has the feature turned on, they will have access to a .zip file with your message history, both from private channels and direct messages. But if your company has such exports currently turned off, you will get a Slackbot notification if any change happens, and your message history prior to the feature being enabled will not be available to view.
A small number of people at Slack have access to the systems that store and process your data, but it’s unclear exactly how many Slack employees do, and who, exactly, those people are.

Has Slack been hacked?

In 2014, a programmer spotted a vulnerability in the chat app that let anyone view a company’s internal Slack teams. And in February 2015, the company suffered a data breach. In a March 2015 blog post, Slack described the news as a “security incident” and announced the rollout of two-factor authentication.

Google and Microsoft are far from the only competitors to Slack. Microsoft reportedly considered acquiring Slack two years ago before deciding to build out its existing collaboration and communication capabilities. The result was the launch in early 2017 of Teams, which is set to replace Skype for Business over time. Google, meanwhile, has relaunched its Hangouts tool, separating it into two apps: Meet and Chat.

Microsoft acquires GitHub for $7.5 billion

GitHub

Microsoft is acquiring GitHub, the largest code repository in the world, for $7.5 billion, the companies announced on 4 June. GitHub, an online community for software developers to collaborate and share code, has never been profitable, though it was last valued at $2 billion in 2015. The company is host to a community of 28 million developers who maintain a total of 85 million code repositories. While GitHub offers a free version of its service to developers willing to share code, it began charging for private storage on the service six months after its launch.
GitHub is used by many developers and big tech companies including Apple, Amazon, Google, Facebook, and IBM to store their corporate code and privately collaborate on software, but Microsoft is one of the top contributors to the web-hosting service.
GitHub was acquired for close to 30x annual recurring revenue (an astronomical multiple). To put this in perspective, Microsoft acquired LinkedIn, the job-oriented professional social network, for $26 billion in 2016 (7.2x revenue), in what was considered one of the richest tech deals ever.

The decision has brought fear among some developers at open source community, with some Twitter users proclaiming the death of GitHub and open source software. The concern is completely rational and understandable. Despite the company’s lack of a CEO and money, Github holds a privileged position in the software development ecosystem and plays a critical role. Microsoft, on the other hand, has once opposed to such open-source software development, with its ex-CEO Steve Ballmer describing Linux as “cancer”. This changed over the years, Microsoft has been actively pushing open source technology and the company has open sourced PowerShell, Visual Studio Code and the Microsoft Edge JavaScript engine. Microsoft also partnered with Canonical to bring Ubuntu to Windows 10 and acquired Xamarin to assist with mobile app development.

Microsoft recently integrated Visual Studio App Center and GitHub, to help GitHub developers automate DevOps processes as they build mobile apps for iOS, Android, Windows, and macOS devices. Visual Studio App Center enables mobile developers to build, test and distribute mobile apps to a variety of different devices, including iOS and Android, monitor the performance of those apps and collect analytics and crash dumps to iteratively improve their apps. Additionally, integration with Microsoft’s Azure DevOps Project lets GitHub developers configure a DevOps pipeline and connect it to the cloud with no prior knowledge.These are moves that have been met with surprise by developers initially, but that have earned respect.

GitHub will now be led by CEO Nat Friedman, the founder of Xamarin, who will report to Microsoft’s Cloud and AI chief Scott Guthrie. GitHub CEO and co-founder Chris Wanstrath will now become a technical fellow at Microsoft, also reporting into Guthrie.
Microsoft killed its own GitHub competitor, Codeplex, in December and is now the top contributor to GitHub. Microsoft now has more than 1,000 employees actively pushing code to GitHub repositories.
In a blog post, Chief Executive Satya Nadella said Microsoft plans to “accelerate enterprise developers’ use of GitHub” by selling the service through Microsoft’s sales channels. He also expects GitHub to bring Microsoft’s developer tools and services to new customers. Microsoft said the GitHub acquisition is expected to have a negative impact on 2019 earnings but positive beginning in 2020.

HTTP 2.0

IT

The Hypertext Transfer Protocol (HTTP) is the foundation of data communication for the World Wide Web. Standards development of HTTP was coordinated by the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C), and currently we are witnessing a worldwide rollout of the HTTP/2 protocol.

Release history

Year HTTP Version
1991 0.9
1996 1.0
1997 1.1
2015 2.0

 

This major update to HTTP is the first in nearly 20 years and addresses many of the shortcomings in HTTP 1.x

- Request/response multiplexing: Receiving tons of media content via individual streams sent one by one is both inefficient and resource consuming. HTTP/2 changes have helped establish a new binary framing layer to addresses these concerns. This layer allows client and server to disintegrate the HTTP payload into small, independent and manageable interleaved sequence of frames. This information is then reassembled at the other end.

This approach presents an array of benefits of HTTP/2 explained below:

  • The parallel multiplexed requests and response do not block each other.
  • A single TCP connection is used to ensure effective network resource utilization despite transmitting multiple data streams.
  • No need to apply unnecessary optimization hacks – such as image sprites, concatenation and domain sharding, among others – that compromise other areas of network performance.
  • Reduced latency, faster web performance, better search engine rankings.
  • Reduced OpEx and CapEx in running network and IT resources.

- Header compression: Delivering high-end web user experience requires websites rich in content and graphics. The HTTP application protocol is state-less, which means each client request must include as much information as the server needs to perform the desired operation. This mechanism causes the data streams to carry multiple repetitive frames of information such that the server itself does not have to store information from previous client requests.

HPACK header compression for HTTP/2 implementation presents immense performance advantages, including some benefits of HTTP/2 explained below:

  • Effective stream prioritization.
  • Effective utilization of multiplexing mechanisms.
  • Reduced resource overhead – one of the earliest areas of concerns in debates on HTTP/2 vs HTTP1 and HTTP/2 vs SPDY.
  • Encodes large headers as well as commonly used headers which eliminates the need to send the entire header frame itself. The individual transfer size of each data stream shrinks rapidly.
  • Not vulnerable to security attacks such as CRIME exploiting data streams with compressed headers.

- Stream prioritization: HTTP/2 implementation allows the client to provide preference to particular data streams. Although the server is not bound to follow these instructions from the client, the mechanism allows the server to optimize network resource allocation based on end-user requirements.
Stream prioritization mechanism presents benefits of HTTP/2 explained as follows:

  • Effective network resource utilization.
  • Reduced time to deliver primary content requests.
  • Improved page load speed and end-user experience.
  • Optimized data communication between client and server.
  • Reduced negative effect of network latency concerns.

- Server push: This capability allows the server to send additional cacheable information to the client that isn’t requested but is anticipated in future requests. For example, if the client requests for the resource X and it is understood that the resource Y is referenced with the requested file, the server can choose to push Y along with X instead of waiting for an appropriate client request.

HTTP/2 implementation presents significant performance for pushed resources, with other benefits of HTTP/2 explained below:

  • The client saves pushed resources in the cache.
  • The client can reuse these cached resources across different pages.
  • The server can multiplex pushed resources along with originally requested information within the same TCP connection.
  • The server can prioritize pushed resources – a key performance differentiator in HTTP/2 vs HTTP1.
  • The client can decline pushed resources to maintain an effective repository of cached resources or disable Server Push entirely.
  • The client can also limit the number of pushed streams multiplexed concurrently.

Similarities with HTTP1.x and SPDY

HTTP1.x SPDY HTTP2
SSL not required but recommended. SSL required. SSL not required but recommended.
Slow encryption. Fast encryption. Even faster encryption.
One client-server request per TCP connection. Multiple client-server request per TCP connection. Occurs on a single host at a time. Multi-host multiplexing. Occurs on multiple hosts at a single instant.
No header compression. Header compression introduced. Header compression using improved algorithms that improve performance as well as security.
No stream prioritization. Stream prioritization introduced. Improved stream prioritization mechanisms used.

 Benefits of HTTP/2

  • web performance – The protocol’s ability to send and receive more data per client-server communication cycle is not an optimization hack but a real, realizable and practical HTTP/2 advantage in terms of performance.
  • mobile web performance – HTTP/2 optimizes web experience for mobile users with high performance and security previously only attributed to desktop internet usage.
  • cheaper internet – The HTTP/2 promising enhanced data communication efficiencies will allow internet providers to shrink operational expenses while maintaining the standards of high speed internet.
  • expansive reach – HTTP/2 advantages leading to large-scale adoption of the advanced application protocol will naturally reduce network congestion to spare resources and bandwidth for distant underserved geographic locations.
  • improved mobile experience – the HTTP/2 cuts load times and mobile network latency to manageable levels.
  • security – HTTP/2 contains commands in binary and enable compression of the HTTP header metadata in following a ‘Security by Obscurity’ approach to protecting sensitive data transmitted between clients and servers.
  • innovation – HTTP/2 embodies innovation and the concept of high performance web.
  • media rich experience – Modern web experience is all about delivering media-rich content at lightning-fast page load speeds.
  • improved technology utilization – Features such as Header Compression, Server Push, Stream Dependencies and Multiplexing all contribute toward improved network utilization as a key HTTP/2 advantage.

Wi-Fi Alliance announces new WPA3 security protections

nexusae0_image48

Chances are that you connect to Wi-Fi every day, but you might not realize that “Wi-Fi” is in fact a trademark of the Wi-Fi Alliance, a non-profit that promotes the use of wireless technology and sets voluntary safety standards for all wireless devices.
The Wi-Fi Alliance is made up of companies including Apple, Microsoft, Intel, Samsung, Cisco. They finally announced at the beginning of the year, the new security protocol with the name WPA3. You must know its predecessor WPA2 (Wi-Fi Protected Access II) which has been a standard security protocol and security certification program online since 2004, built to be a more secure than the original WPA and its predecessor, WEP. You can find it while connecting to any Wi-Fi network and it is found on every modern phone, computer and router in any network.


Mathy Vanhoef, a computer security academic, have found severe flaws in the Wi-Fi Protected Access II protocol (WPA2) through an attack called KRACK (Key Reinstallation Attack). A flaw in WPA2′s cryptographic protocols could be exploited to read and steal data that would otherwise be protected. That means hackers could steal your passwords, intercept your financial data, or even manipulate commands to, say, send your money to themselves.


One of the key improvements in WPA3 will aim to solve a common security problem: open Wi-Fi networks. Seen in coffee shops and airports, open Wi-Fi networks are convenient but unencrypted, allowing anyone on the same network to intercept data sent from other devices. The new standards will offer robust protections even when users choose to protect their documents with “1234,” as well as simplify the process of setting up security for devices with limited or no display interface for smart home devices.
Attackers won’t be able to use brute force dictionary attacks to guess your password. WPA3 will automatically block users who try to enter an incorrect password too many times.
For devices that don’t have displays, WPA3 will include new configuration options that make it easier to setup and maintain security. This will enable Wi-Fi to grow its footprint in the Internet of Things (IoT), offering more robust security than rivals such as Bluetooth.


WPA3 also comes with a new security suite aimed specifically at high-risk networks. Government, defense, security and industrial providers using Wi-Fi networking will be able to access a 192-bit set of enhancements. The dedicated suite is compatible with the Commercial National Security Algorithm and is intended to prevent information loss from sensitive environments. Full details of the suite haven’t yet been released.
WPA3 is expected to arrive in the first consumer devices from later in 2018. Customers will need new routers and client devices to benefit from the upgraded standard.


So what should you do if you’re concerned about your digital safety?

First and most important, update your phone, computer, or other devices when they receive security updates. In the meantime, if you want to be particularly safe, assume that any Wi-Fi network you are using (especially public ones) may be compromised. Don’t transmit any sensitive personal information (like credit card numbers, or important login credentials) unless you are using an app with end-to-end encryption or connected to a website via HTTPS — if your browser shows a little lock in the address bar and says “secure” you should be safe.

What is NFC?

NFC

NFC (“Near Field Communication”) is a form of radio-frequency identification. RFID is nothing new, in fact it dates as far back as 1945 and versions of it were used in WW2 to track whether aircrafts were friends or foes.
Whilst the tech itself is pretty old, it didn’t begin to gather much pace until 2004 when Nokia, Sony and Philips came together to form the NFC Forum. Why was a forum needed? Well the success and usability of NFC depends on widespread compatibility and security. So the Forum are responsible for managing this. Otherwise we’d end up with a load of different varieties that operate over a mix of different ranges and it won’t be convenient or useful to anyone.

NFC enables short range (maximum communication range of 10 cm) ”tap” or “touch” radio technology that enables communication between devices. It uses electro-magnetic radio fields and it usually involves two compatible NFC enabled devices getting in close proximity to each other. The NFC enabled devices can be considered either passive or active.

Passive devices are storing information that can be read, but does not read any information itself. The passive device or ‘tag’ starts to transmit the info it has when it comes within a few centimeters of an active NFC device. The reader (active device) deciphers the signals and will use the info it gets however it was designed to. Some tags are re-writable so readers can actually update data.

Active devices can send, receive and even alter information. The active device or reader (this could be your smartphone) generally polls/looks for nearby NFC devices. Initiator and target device generate their own radio frequency waves to transmit/receive data.

The transmission frequency for data across NFC is 13.56 MHz, and data can be sent at either 106, 212 or 424 kilobits per second, which is quick enough for a range of data transfers – from contact details to swapping pictures and music.
NFC devices defined by the NFC Forum Specifications (‘NFC Forum Devices’) support three modes of operation:

  • Card Emulation Mode - can substitute the functionality of existing contactless IC cards. The NFC device behaves like a contactless smart card. It is functioning as a target in a passive mode. While a contactless card is powered by the magnetic field generated by the interrogator, an NFC device may require more energy to operate, requires an internal power source, a battery or power supply.
  • Reader/Writer Mode - can be used to read information from NFC tags. In reader mode NFC device behaves like a simple contactless card reader. It initiates communication by generating a magnetic field and then sending a command to the target. The target responds to the interrogator by retro-reflecting the incident wave. The specificity of NFC operating modes is that the target can be not only a tag or a contactless card, but also an NFC Device that behaves like a contactless card (in card emulation mode). Usages of reader mode are principally information reading, when NFC devices is used to read data by waving it in front of electronic labels available on streets, bus stops, sightseeing monuments, ad banners, parcels, products or on business cards
  • Peer-to-Peer Mode – allows to exchange messages (containing for example information like web or e-mail addresses) directly between NFC Forum devices. Each of these devices supports both interrogator and target communication modes, sending or receiving by turns the data. Communication in peer-to-peer mode is slower than in conventional reader / card emulation mode, because of the management of a heavier protocol, which is necessary for the repartition of roles between the two NFC devices. This mode can be used to initiate gateways (pairing) with other technologies for data transfer at higher than NFC (Bluetooth, Wi-Fi or Wi-Fi Direct) data rates.

Considering existing mobile and contactless infrastructures, NFC devices increase customer convenience and enable services such as:

  1. Contactless Cards - most bank cards ship with NFC in them now so you can tap to pay
  2. Data transfer – share photos, files, links and more between phones, tablets and cameras
  3. Touristy Stuff – tour guide services, museums and monuments often use NFC tags to store more detailed information at a specific point
  4. Healthcare - the speed of NFC enables doctors and nurses to quickly upload patient data straight into their shared systems from various locations round the building
  5. Device charging – various companies have developed ‘charging mats’ for their devices
  6. Music - you can use NFC to bypass the tedious Bluetooth or Wi-Fi setups on speakers and headphones
  7. Mobile Payment Samsung Pay, Android Pay, and even Apple Pay for iOS all utilize NFC technology
  8. Product Inventory
  9. Transport and eTicketing
  10. Access Control
  11. Loyalty Programs
  12. Device Pairing
  13. Smart Poster Reading
  14. Peer to Peer Information Exchange

NFC communications have been standardised under ECMA-340 and ISO/IEC 18092 and is compatible with other major contactless standards like ISO/IEC 14443. There are other standardization bodies that are involved in NFC, which include:

  • ETSI / SCP (Smart Card Platform) to specify the interface between the SIM card and the NFC chipset.
  • GlobalPlatform to specify a multi-application architecture of the secure element and OTA provisioning etc.
  • EMVCo for the impacts on the EMV payment applications.

NFC tags are thin simple electronic devices (no batteries or moving components) that contain an antenna and a small amount of memory. They are the type of passive devices we talked about. The specification differentiates tags based on memory capacity and configuration:

NFC-Forum Type 1: Includes tags complying with ISO/IEC 14443. Memory capacity between 96 bytes and 2 kilobytes. Can be encoded several times and a write-protection can be applied. Compatible products: Broadcom Topaz.
NFC-Forum Type 2: The same as Type 1, but includes only chips with a memory capacity between 48 bytes and 2 kilobytes. Compatible products: NXP NTAG21x series, NXP MIFARE.
NFC-Forum Type 3: Includes tags complying with the Japanese industry standard (JIS) FeliCa. Tags are pre-configured either as rewriteable or read-only. Typical tags have a memory capacity of up to 9 kilobytes. The theoretical limit is at 1 MB. Compatible products: Sony FeliCa.
NFC-Forum Type 4: Includes tags complying with ISO/IEC 14443. Tags are pre-configured either as rewriteable or read-only. The theoretical limit of memory capacity is at 32 kilobytes. Compatible products: NXP DESFire, ST Microelectronics.
NFC-Forum Type 5: Includes tags complying with ISO/IEC 15693. Compatible products: NXP ICODE SLI, Texas Instruments Tag-It HF-I, EM423x, ST Microelectronics.

A suitable NFC Tag should comply with the ISO 14443 standard. Moreover, tags should comply with the NFC-Forum Type 2 specification. This guarantees that the tag can be used for all common applications. If a tag should also be compatible with all NFC-enabled devices, the NFC Tag should be NDEF formatted.

Anyone can buy blank NFC tags and then write customized data to them. Type1 and Type2 tags can be written to multiple times. These tags can also be permanently locked, or encrypted, so that no one can manipulate the data. Although they have quite a small memory, especially compared to your typical SD card, that’s enough data for some very simple pieces of information, such as a website URL, and is all you need for most basic NFC tags. Type3 and Type 4 tags can only be written to once, like a CD, and they lack the security of types 1 and 2 and these tend to be used for more complicated applications.

NFC is here to stay, and as time passes by we’ll see more and more applications of it. So it’s about time to jump the bandwagon. For Android developers, you can find a document that can guide you through building your first NFC powered app. Good luck!