Jenna Sargent Barron, Author at SD Times https://sdtimes.com/author/jennifer-sargent/ Software Development News Fri, 12 May 2023 17:37:01 +0000 en-US hourly 1 https://wordpress.org/?v=6.1.1 https://sdtimes.com/wp-content/uploads/2019/06/bnGl7Am3_400x400-50x50.jpeg Jenna Sargent Barron, Author at SD Times https://sdtimes.com/author/jennifer-sargent/ 32 32 Google removes waitlist for Bard, highlights recent and upcoming improvements https://sdtimes.com/ai/google-removes-waitlist-for-bard-highlights-recent-and-upcoming-improvements/ Fri, 12 May 2023 17:37:01 +0000 https://sdtimes.com/?p=51150 Earlier this year, Google announced Bard, a generative AI solution meant to compete with OpenAI’s ChatGPT. Previously the only way to use Bard was to get on the waitlist, but now the company is announcing that it is removing that waitlist and opening Bard up to all. With this announcement, Bard will be available in … continue reading

The post Google removes waitlist for Bard, highlights recent and upcoming improvements appeared first on SD Times.

]]>
Earlier this year, Google announced Bard, a generative AI solution meant to compete with OpenAI’s ChatGPT. Previously the only way to use Bard was to get on the waitlist, but now the company is announcing that it is removing that waitlist and opening Bard up to all.

With this announcement, Bard will be available in 180 countries and territories, and more will be added. 

Google also revealed that Bard now supports Japanese and Korean. Soon it will support 40 different languages.

RELATED CONTENT: Google announces updates to Android, Google Cloud, Workspaces, Google Play, and more at Google I/O

Since its initial launch, Google has also made some improvements to Bard, such as changing the large language model (LLM) to PaLM 2, which enables Bard to have more advanced math, reasoning, and coding skills. 

An upcoming update will add visuals to Bard. For example, the prompt “What are some must-see sights in New Orleans?” will provide images along with text. 

In addition to responses containing images, prompts will also be able to use images, with Google Lens being used to analyze photos. For example, you could upload a photo of your dog and ask Bard to write a funny caption for it, and it will analyze the photo, detect your dog’s breed, and write a few captions. 

Google will also be improving on the coding side of Bard, with new features like better citations that can be clicked through to see the source, dark mode, and an export button so that code can be run in Replit. 

It is also adding an export function to Gmail and Google Docs. “For example, let’s say — like me — you’re a die-hard pickleball fan. You can ask Bard to write an email invitation for your new pickleball league, summarizing the rules of the game and highlighting its inclusivity of all ages and levels. Just click the ‘draft in Gmail’ button so you can make those final tweaks before getting your pickleball league off the ground,” Sissie Hsiao, vice president and general manager for Google Assistant and Bard, wrote in a blog post

In the next few months, Google also has planned integrations with Adobe’s suite of products. It will integrate with Adobe Firefly, which is a set of generative AI models for image creation, and the results can be exported to Adobe Express. Other upcoming partners include Kayak, OpenTable, ZipRecruiter, Instacart, Wolfram, and Khan Academy.

“There’s a lot ahead for Bard — connecting tools from Google and amazing services across the web, to help you do and create anything you can imagine, through a fluid collaboration with our most capable large language models,” Hsaio wrote. 

The post Google removes waitlist for Bard, highlights recent and upcoming improvements appeared first on SD Times.

]]>
Open Source Summit: AWS open sources Cedar, SPDX Release Candidate 3.0, and OpenSSF updates https://sdtimes.com/open-source/open-source-summit-aws-open-sources-cedar-spdx-release-candidate-3-0-and-openssf-updates/ Wed, 10 May 2023 19:11:10 +0000 https://sdtimes.com/?p=51119 Open Source Summit North America is taking place this week in Vancouver. The event, hosted by the Linux Foundation, is a celebration of the open source community. It has the support of many major players in the industry, with news announced during the event coming from AWS, Meta, and more.  Here are highlights of the … continue reading

The post Open Source Summit: AWS open sources Cedar, SPDX Release Candidate 3.0, and OpenSSF updates appeared first on SD Times.

]]>
Open Source Summit North America is taking place this week in Vancouver. The event, hosted by the Linux Foundation, is a celebration of the open source community. It has the support of many major players in the industry, with news announced during the event coming from AWS, Meta, and more. 

Here are highlights of the event so far: 

AWS open sources Cedar policy language and SDK  

The Cedar language enables you to set permissions in your applications using easy-to-understand policies. By making use of Cedar, application teams can decouple access control from application logic. 

It supports role-based access control and attribute-based access control, and was developed using verification-guided development, which ensures Cedar is correct and secure. 

The language’s SDKs are also being made available, which include libraries for creating and evaluating policies. 

AWS hopes that by open sourcing the language, they can foster more innovation in the industry around fine-grained access management and make access control more accessible to all. 

AWS also announces new open-source fuzzing framework

According to AWS, current fuzzing practices require large codebases to be refactored in order to work properly. The new framework, Snapchange, allows targets to undergo fuzz testing with minimal modifications.

Built in Rust, Snapchange enables developers to build fuzzers that replay snapshots of physical memory in a KVM virtual machine.

SPDX Release Candidate 3.0 now available

Software Package Data Exchange (SPDX) is an open source standard for communicating the information in a bill of materials. It is currently hosted by the Linux Foundation. 

In RC 3.0, there are now six unique profiles that are designed for popular use cases, with the goal being that SPDX better meets the needs of the industry. The profiles were created based on community input and include specifications for security, licensing, AI, datasets, and software packaging build processes. 

According to the Linux Foundation, the United States’ executive order on cybersecurity and Europe’s Cyber Resiliency Act served as inspiration for the need to have an international standard for supply chain security, which SPDX hopes to be. 

OpenSSF gets major funding from Google and Microsoft, new members

Through its Alpha-Omega Project, OpenSSF has recently received $2.5 million from Google and $2.5 million from Microsoft. 

OpenSSF also announced that Hitachi, Lockheed Martin, Salesforce, and SAP have become general members.

The foundation also announced that Omkhar Arasaratnam will be its new general manager and Brian Behlendorf will be chief technology officer. 

Meta joins the OpenJS Foundation

The OpenJS Foundation provides support for the open source JavaScript community. With Meta joining the foundation as a Gold Member, they will be able to contribute and advocate in the community further.

Meta had already been highly involved with the open source JavaScript community, through its projects React, Jest, and Flow. Jest is an open source testing framework, which Meta contributed to the OpenJS Foundation last year. 

“The broader JavaScript ecosystem benefits from Meta becoming an OpenJS Foundation member. In fact, we’ve already been working together in multiple different ways, and this makes official what has already been a great relationship,” said Shayne Boyer, OpenJS Foundation Board Director. “

The post Open Source Summit: AWS open sources Cedar, SPDX Release Candidate 3.0, and OpenSSF updates appeared first on SD Times.

]]>
Report: Adoption of DevOps practices increasing, while code velocity remains the same https://sdtimes.com/devops/report-adoption-of-devops-practices-increasing-while-code-velocity-remains-the-same/ Mon, 08 May 2023 19:05:25 +0000 https://sdtimes.com/?p=51102 According to the latest State of Continuous Delivery report from the Continuous Delivery Foundation (CDF), the adoption of DevOps is continuing to increase, with 84% of developers participating in DevOps activities in the first quarter of the year. However, the report also found that code velocity has remained steady for the past two years, with … continue reading

The post Report: Adoption of DevOps practices increasing, while code velocity remains the same appeared first on SD Times.

]]>
According to the latest State of Continuous Delivery report from the Continuous Delivery Foundation (CDF), the adoption of DevOps is continuing to increase, with 84% of developers participating in DevOps activities in the first quarter of the year.

However, the report also found that code velocity has remained steady for the past two years, with about 15% of teams being considered top performers, meaning they have lead times of less than one day.

The CDF believes that while DevOps may be a help, it is likely the increasing complexity of projects that is slowing things down. 

Another finding in the report is that despite the increase in DevOps adoption, there hasn’t been an increase in the number of DevOps-related tools over the last year. The average number of tools sits at 4.5 currently. 

However, there is still a strong correlation between the number of tools in place and how likely a team is to be a top performer. These top performers were measured by three metrics: lead time for code changes, deployment frequency, and time to restore service.

The report also found that in general increasing CI/CD tools may increase performance, but interoperability concerns arise when multiple tools are used together. 

“We note that the proportion of top performers remains flat while that of low performers increases dramatically, with an increasing number of self-hosted CI/CD tools used. This suggests that there is a diminishing return from increasing the number of CI/CD tools a developer uses. The usage of an increasing number of tools may also be a response to increased complexity, which is having negative impacts on the performance of these developers. Similarly, the integration of multiple tools may not be optimally implemented, leading to function overlap that is impacting performance,” the report states. 

The report also shows a correlation between speed and stability metrics. 30% of the highest performers in code change lead time were also the highest performers when it came to service restoration. 

Interest in security is also clear from the survey, as testing applications for security measures was done by 37% of developers, rising up to the second most popular DevOps-related activity that teams engage in. 

“Developers who perform build-time security checks in an automated and continuous fashion are the most likely to be top performers, and the least likely to be low performers, across all

three metrics, of the types shown,” the report states. 

The report was conducted in partnership with SlashData, surveying over 125,000 respondents. It was released during the Linux Foundation’s Open Source Summit, happening this week in Vancouver, BC. At the event, the CDF also announced the addition of four new members: F5 NGINX, Prodvana, Salesforce, and Testkube.

The post Report: Adoption of DevOps practices increasing, while code velocity remains the same appeared first on SD Times.

]]>
Google begins its passwordless future with support for passkeys https://sdtimes.com/google/google-begins-its-passwordless-future-with-support-for-passkeys/ Wed, 03 May 2023 16:17:08 +0000 https://sdtimes.com/?p=51075 Last year, Google announced it was starting to work on adding support for passkeys, which is an authentication method that allows users to sign in with a fingerprint, facial recognition, or PIN code, similar to how you unlock your phone.  Today the company is announcing that passkeys can now be used to sign into your … continue reading

The post Google begins its passwordless future with support for passkeys appeared first on SD Times.

]]>
Last year, Google announced it was starting to work on adding support for passkeys, which is an authentication method that allows users to sign in with a fingerprint, facial recognition, or PIN code, similar to how you unlock your phone. 

Today the company is announcing that passkeys can now be used to sign into your Google Account. 

“Using passwords puts a lot of responsibility on users. Choosing strong passwords and remembering them across various accounts can be hard. In addition, even the most savvy users are often misled into giving them up during phishing attempts. 2SV (2FA/MFA) helps, but again puts strain on the user with additional, unwanted friction and still doesn’t fully protect against phishing attacks and targeted attacks like “SIM swaps” for SMS verification. Passkeys help address all these issues,” Arnar Birgisson, software engineer at Google, and Diana K Smetters, principal engineer at Google, wrote in a blog post

When you add a passkey to your Google Account, it is stored locally on your device. This means that passkeys cannot be shared or written down like a password, so they are less prone to phishing attempts or ending up in the wrong hands. 

Because of their strong security, Google allows you to also skip two-factor authentication when using them. 

While passkeys are stored locally, this doesn’t mean you can only sign in from that one device. Each new device you enroll will have its own passkey. 

You can also sync passkeys in your own backup service if you desire. For example, you can create a passkey on your iPhone and back up the key in your iCloud account, and it will be available on all your Apple devices signed into that iCloud account. This makes it less likely that you are locked out of your account when you lose your device. The company advises against doing this on devices that are shared with other people as they would also gain access to your passkey. 

“While that might sound a bit alarming, most people will find it easier to control access to their devices rather than maintaining good security posture with passwords and having to be on constant lookout for phishing attempts,” Birgisson and Smetters wrote. 

The post Google begins its passwordless future with support for passkeys appeared first on SD Times.

]]>
GitLab and Google Cloud partner to add generative AI to DevSecOps workflows https://sdtimes.com/ai/gitlab-and-google-cloud-partner-to-add-generative-ai-to-devsecops-workflows/ Tue, 02 May 2023 18:18:31 +0000 https://sdtimes.com/?p=51068 GitLab and Google Cloud have announced a new partnership to deliver greater value to their customers. The result is that GitLab’s DevSecOps platform will gain the generative AI capabilities that Google Cloud has to offer.  “GitLab’s vision for generative AI is grounded in privacy, security, and transparency. Our partnership with Google Cloud enables GitLab to … continue reading

The post GitLab and Google Cloud partner to add generative AI to DevSecOps workflows appeared first on SD Times.

]]>
GitLab and Google Cloud have announced a new partnership to deliver greater value to their customers. The result is that GitLab’s DevSecOps platform will gain the generative AI capabilities that Google Cloud has to offer. 

“GitLab’s vision for generative AI is grounded in privacy, security, and transparency. Our partnership with Google Cloud enables GitLab to offer private and secure AI-powered features, while maintaining customer data in our cloud infrastructure,” said David DeSanto, chief product officer at GitLab. “This allows us to harness the power of Google Cloud, while continuing GitLab’s privacy-first approach to customer data. We look forward to our continued collaboration to deliver enterprise-grade AI-assisted functionalities to joint customers.” 

One of the new features is called “Explain this Vulnerability,” which provides natural language descriptions of vulnerabilities and also offers recommendations on what to do about them.

GitLab also has some existing AI features in its platform, such as Code Suggestions and Suggested Reviewers. There are also developer productivity features like Explain this Code, Summarize Issue Comments, and Summarize Merge Request Changes. 

The hope that GitLab has with this partnership is to improve “DevSecOps workflow efficiency by 10x.” According to a recent survey by the company, 62% of developers used AI to check code in 2023, which was up from just 51% in 2022. They also found that 36% use AI for code review. 

“Organizations today are required to deliver software faster than ever before to remain competitive while requiring a stronger security posture in order to maintain customer, investor, and stakeholder trust,” said June Yang, VP of Cloud AI and Industry Solutions at Google Cloud. “Together with GitLab, we’ll be able to deliver generative AI functionality that empowers our joint customers to increase delivery velocity without sacrificing security.”

The post GitLab and Google Cloud partner to add generative AI to DevSecOps workflows appeared first on SD Times.

]]>
Microsoft’s new open-source project makes it easy to build generative AI into your applications https://sdtimes.com/ai/microsofts-new-open-source-project-makes-it-easy-to-build-generative-ai-in-your-applications/ Tue, 02 May 2023 15:36:45 +0000 https://sdtimes.com/?p=51062 Over the past several months, companies have been feeling the pressure to incorporate generative AI into their applications, as users come to expect this sort of functionality in their tools.  Now, Microsoft is making it easier for companies to do so with the release of Semantic Kernel’s Copilot Chat sample app. Developers can use the … continue reading

The post Microsoft’s new open-source project makes it easy to build generative AI into your applications appeared first on SD Times.

]]>
Over the past several months, companies have been feeling the pressure to incorporate generative AI into their applications, as users come to expect this sort of functionality in their tools. 

Now, Microsoft is making it easier for companies to do so with the release of Semantic Kernel’s Copilot Chat sample app. Developers can use the new tool to integrate large language models (LLMs) into their applications. 

RELATED CONTENT: SD Times Open-Source Project of the Week: Semantic Kernel

The sample app enables multiple conversation topics, speech recognition, file uploads, persistent memory storage, and downloadable bots that can be shared with others. 

According to Microsoft, some ideas for apps that can be created are a customer service tool, personalized recommendation system, HR assistant, educational tool, or e-commerce assistant. 

Benefits include improved user experience because information is more easily obtained, improved efficiency by removing the need for human intervention, improved accessibility by providing personalized assistance to users based on their needs, and the ability to easily scale to meet demand. 

“By providing personalized assistance and natural language processing, your own chatbot can improve the user experience for customers, students, and employees alike. Users can get the information they need quickly and easily, without having to navigate complex websites or wait for assistance from a customer service representative,” Shannon Monroe, principal program manager at Microsoft, wrote in a blog post

Like the Semantic Kernel that it is built upon, Copilot Chat is open-source and can be accessed through GitHub.  

The post Microsoft’s new open-source project makes it easy to build generative AI into your applications appeared first on SD Times.

]]>
How the RESTRICT Act could impact the software ecosystem https://sdtimes.com/software-development/how-the-restrict-act-could-impact-the-software-ecosystem/ Wed, 19 Apr 2023 14:58:24 +0000 https://sdtimes.com/?p=50952 Last month, legislation was proposed in the United States that could have potential impacts on the software ecosystem. Sponsored by Sens. Mark Warner (D-Va.) and John Thune (R-S.D.), the RESTRICT Act is a bipartisan piece of legislation with the goal of “Restricting the Emergence of Security Threats that Risk Information and Communications Technology,” thus the … continue reading

The post How the RESTRICT Act could impact the software ecosystem appeared first on SD Times.

]]>
Last month, legislation was proposed in the United States that could have potential impacts on the software ecosystem.

Sponsored by Sens. Mark Warner (D-Va.) and John Thune (R-S.D.), the RESTRICT Act is a bipartisan piece of legislation with the goal of “Restricting the Emergence of Security Threats that Risk Information and Communications Technology,” thus the name.

The general public may be familiar with it as the act aiming to ban TikTok, but it’s broader in scope than that. 

According to Min Hwan Ahn, lawyer and founder of EZ485, the law would give the U.S. Commerce secretary the ability to “review transactions involving information and communications technologies products or services (ICTS) connected to foreign adversaries.” The bill in its current state labels six countries as foreign adversaries: China, Cuba, Iran, North Korea, Russia, and Venezuela.

“Today, the threat that everyone is talking about is TikTok, and how it could enable surveillance by the Chinese Communist Party, or facilitate the spread of malign influence campaigns in the U.S.,” Warner said in a statement. “Before TikTok, however, it was Huawei and ZTE [that] threatened our nation’s telecommunications networks. And before that, it was Russia’s Kaspersky Lab, which threatened the security of government and corporate devices,”  Warner said. “We need a comprehensive, risk-based approach that proactively tackles sources of potentially dangerous technology before they gain a foothold in America, so we aren’t playing Whac-A-Mole and scrambling to catch up once they’re already ubiquitous.”

According to Warner, in a document announcing the act, individual agencies have tried to step in to address those threats over the years, but efforts were disjointed and under-suited to the complexity and interconnectedness of the global technology supply chain. Therefore, he set out to create a new approach with this RESTRICT Act. 

The bill obtained bipartisan support in Congress, but within the tech industry there is a lot of debate on whether or not this would be a good thing.

“Some argue that it is necessary to protect national security interests and prevent adversaries from exploiting vulnerabilities in our digital infrastructure,” said Ahn. “They believe that increased oversight is crucial for safeguarding sensitive data and maintaining the integrity of our democratic processes. On the other hand, critics argue that the Act may have unintended consequences, such as stifling innovation and hindering collaboration between developers across borders.”

According to Ahn, another concern technologists have expressed is whether the act would violate First Amendment rights if entire services are being blocked. There are also other concerns around transparency and oversight for those enforcing the law. 

Andrew Pickett, lead trial attorney at Andrew Pickett Law, is on the side of being opposed to the bill, stating that it’s just too broad in scope. “Before taking such drastic measures, the government should provide specific evidence showing a real problem and a narrowly tailored solution. It’s important to remember that the internet is a global network that enables people to exchange ideas and access information freely,” he said. 

He also said that he is concerned by the fact that the law also provides criminal penalties of up to 20 years in prison for those trying to evade the ban. Though not explicitly mentioned in the bill, many have taken this to mean that using a VPN might land you in trouble. 

A spokesperson for Warner has said: “The bill is squarely aimed at companies like Kaspersky, Huawei and TikTok that create systemic risks to the United States’ national security, not individual users.”

Will LaSala, field CTO of security company OneSpan, believes the ability of TikTok to “collect any and all data from a device is dangerous,” but that this law banning it is just a Band-Aid and not a real solution. 

According to LaSala, app developers have the ability to better protect user data, but may not have implemented the technology to do so, which opens up the possibility of data leakage and bad actors misusing user data. 

Instead of a ban, app developers should be making use of the security tools that are available, security vendors should make sure their tools aren’t causing negative user experiences, and operating systems manufacturers should implement controls that mitigate risks. 

“Users should be able to quickly see what data is being collected, when it is being collected and for what purpose, and should be able to shut off the stream of a specific type of data in real time at any time,” said LaSala. 

Ahn believes that it will be important for lawmakers to strike the right balance to ensure the law meets its objectives without causing unnecessary harm. Doing so might require refining some of the provisions of the bill, increasing transparency of enforcement mechanisms, and including safeguards for protecting individual rights and promoting innovation. 

“As an experienced lawyer who has dealt with numerous technology-related cases, I understand both sides of this debate. While it’s essential to take measures to protect national security interests, it’s also important not to hinder technological progress or infringe upon individual rights,” said Ahn. 

There has already been a congressional hearing with the CEO of TiKTok, but as of this writing there has been no indication about when, or if, the RESTRICT Act will be brought to a vote.

The post How the RESTRICT Act could impact the software ecosystem appeared first on SD Times.

]]>
Node.js 20 released with new experimental permission model https://sdtimes.com/web-development/node-js-20-released-with-new-experimental-permission-model/ Tue, 18 Apr 2023 19:56:43 +0000 https://sdtimes.com/?p=50946 The new permission model was designed to provide better security. It allows developers to restrict access to certain resources during program execution. This can include restricting access to the file system and spawn process and restricting the ability to create worker_threads.  According to the feature roadmap, upcoming additions to the permission model will include adoption … continue reading

The post Node.js 20 released with new experimental permission model appeared first on SD Times.

]]>
The new permission model was designed to provide better security. It allows developers to restrict access to certain resources during program execution. This can include restricting access to the file system and spawn process and restricting the ability to create worker_threads. 

According to the feature roadmap, upcoming additions to the permission model will include adoption on package managers, support for path.resolve in C++, support for kFileSystem as a THROW_IF_INSUFFICIENT_PERMISSIONS argument, and the ability to read permissions from a configuration file. 

Another big change in this release is that the V8 engine has been updated to version 11.3, which brings with it five new features: String.prototype.isWellFormed and toWellFormed, methods that change Array and TypedArray, resizable ArrayBuffer and growable SharedArrayBuffer, RegExp v flag with set notation and properties of strings, and WebAssembly Tail Call.

“With the addition of the experimental Permission Model and updates to V8, Node.js 20 is perfect for testing and assessing how Node.js will fit into your development environment. We have made excellent progress making Node.js more secure and performant over the past year,” said Rafael Gonzaga, Node.js TSC Member. “Many thanks to our broad and energetic community of open source contributors for constantly improving Node.js.”

Also in Node.js 20 are Single Executable Apps, which allow Node.js apps to be distributed without the language having to be installed. Currently, it is in use by the Electron project and Microsoft is also experimenting with it as a way to reduce vector attacks. 

Another update is that test runner, which can be used to create JavaScript tests, is now stable. 

Node.js 20 will enter Long-Term Support in October, making it ready for full production deployments. 

“From security to testing to portability, Node.js has made important gains in the past year and Node.js 20 shows it. If you’re already using Node.js, Node.js 20 is a great way to get a close-up look at new features before LTS comes out,” said Robin Ginn, executive director of the OpenJS Foundation. “Thank you to our open source contributors from around the world. Node.js 20 is a great example of open source making a difference.”

The post Node.js 20 released with new experimental permission model appeared first on SD Times.

]]>
How does blockchain fit into today’s enterprise? https://sdtimes.com/data/how-does-blockchain-fit-into-todays-enterprise/ Mon, 17 Apr 2023 21:09:33 +0000 https://sdtimes.com/?p=50928 Web3. Cryptocurrency. Non-fungible tokens. Those are the words many think of when they hear the word blockchain.  These are the areas where this emerging technology has garnered the most popularity over the years, but blockchain as a technical concept can be applied in many different ways, and it has uses in the enterprise, particularly when … continue reading

The post How does blockchain fit into today’s enterprise? appeared first on SD Times.

]]>
Web3. Cryptocurrency. Non-fungible tokens. Those are the words many think of when they hear the word blockchain. 

These are the areas where this emerging technology has garnered the most popularity over the years, but blockchain as a technical concept can be applied in many different ways, and it has uses in the enterprise, particularly when it comes to supply chain management. 

“There’s — less so now — I think a conflation of Bitcoin and cryptocurrencies and blockchain that’s becoming better over the years that I’ve been engaging in it,” said Cindy Vestergaard, VP of special projects and external relations at blockhain API company RKVST. “What is less known is that actually a couple of months before the Bitcoin whitepaper was that Estonia was already looking at distributed ledger technology (DLT) for securing services among its citizens and protecting its citizens’ data. So while Bitcoin gets all the popularity, it’s actually the enterprise, if you will, or the permissioned DLT platforms that were already starting to move at that time, and then obviously, in parallel as well.”

She also noted that blockchain is just one type of DLT, but it has become so associated with cryptocurrency that many people have this association in their head. But there are many types of DLT other than what is used in cryptocurrency. 

According to Martha Bennett, VP, principal analyst at Forrester, there are two major types of blockchain: permissioned and permissionless. Permissionless, or public, blockchain is the type that cryptocurrencies run on. Permissioned blockchains are what people are talking about when they talk about enterprise blockchain. 

Bennett said that even NFTs have their place in the enterprise, at least as a technical concept. In essence, all an NFT is is a representation of an asset, which makes it really great when it comes to supply chains. 

“[Blockchain] can be useful in any situation where you’ve got multiple parties involved and where it’s important that everybody has the same version of the data, and that there is a reasonable guarantee that nobody has messed with that data, falsified the data,” she said.

Of course, this can also be accomplished without needing a blockchain, she noted. A reason one might want to use a blockchain, however, would be if you want a different governance model besides the one in which a single party is in charge, or if you want to make use of smart contracts, which are essentially automated business rules. 

An example of this data verification that Vestergaard shared is determining whether photos are authentic and original.  

“Let’s say, I take a snapshot of you right now, Jenna, but I removed your glasses. In another picture, I tried to superimpose that and it won’t let me do it. Because it’s not the original, and it doesn’t have that original hash.”

She explained that this can also be used for files. “It could be used for anything that has data that follows it wherever it goes and needs to be immutable, secured and shared,” Vestergaard said.

However, according to Bennett, it’s a misconception that blockchains are by definition more secure. “The blockchain will only preserve the data that’s fed into it,” she said. “If the data is fraudulent, all the goods associated with the data have been tampered with. No blockchain can help with that.”

For example, this has been something that has come up in the luxury goods industry. “If the goods are actually fake at the point they enter the supply chain, or if the fake bags are made by the same factory as your real bags, then how do you tell a fake from the real goods?”

RELATED CONTENT: Blockchain and the promise of better electronic health records 

What about Web3?

In addition to supply chain, one of the other use cases for blockchain that gets brought up frequently is Web3, which is an overhaul of the internet that would make it decentralized and blockchain-based.

The Web3 Foundation is a non-profit organization aimed at driving this initiative. Its goals for Web3 are an internet where:

  • Users own their data
  • Digital transactions are secure
  • Online exchanges of information and value are decentralized

However, the idea is still in its early stages, and if it takes hold, it’ll likely be a while before we’re there.

“The current environment is dominated by speculators,” Martha Bennett, VP, principal analyst at Forrester, said in an episode of the research firm’s “What it Means” podcast. “Sadly, some of the more worthy endeavors get drowned out or even hijacked by the more scammy elements in the environment.”

Another analyst firm, Gartner, also predicts Web3 won’t overtake Web 2.0 (the current web) by the end of the decade. 

“Web3 innovations will take the internet into new realms and give rise to applications not previously possible,” said Avivah Litan, distinguished VP analyst at Gartner. “But Web 2.0 still has advantages in terms of scale, customer service and customer protections. Potential Web3 risks include lack of customer protections, new security threats and a swing back to centralized control, so organizations will want to shore up governance and risk management before replacing Web 2.0 applications.”

Is blockchain overhyped?

According to Bennett, outside of the financial services sector, “we are still not at the point where we can confidently say that blockchain really is delivering the business value that people are looking for, simply because it is incredibly difficult to actually set up a blockchain network that at the end of the day really needs all those blockchain features,” she said. 

Stack Overflow recently conducted a survey to find out what new technologies made it past what Gartner refers to as the hype cycle. Many new technologies can stir up excitement in the industry, but not all will actually see widespread adoption. 

They ranked technologies on a scale of experimental to proven and positive to negative impact.

On a scale from zero (experimental) to 10 (proven), blockchain technology came in towards the middle at 4.8. And on a scale from zero (negative impact) to 10 (positive impact), it received a score of 5.3.  

Another survey by Foundry echoes these sentiments. It found that 51% of respondents were not interested in adopting blockchain technology within their organization. 

Compared to previous years that the survey has been conducted, interest has not really improved. In 2020, 39% of respondents said they were researching the technology and in 2021 that had dropped to 34%. In this year’s survey, only 25% of respondents were researching it. 

Successful blockchain implementations in the enterprise

Yet, there have been some successes in the technology’s use. For example, Walmart has experimented with blockchain technology to enable food traceability.

According to a case study it published, in 2016 the vice president of food safety asked his team to trace a package of sliced mangoes to their source. They were able to do it, but it took them 6 days and 18 hours to track it down. 

Then, the company partnered with IBM to create a food traceability system based on the Linux Foundation’s Hyperledger Fabric. The result? Now they could trace their mangoes in just 2.2 seconds. 

They then used that same technology to trace pork in China and now have blockchain partnerships with several big food companies, including Dole, McCormick, Nestlé, Tyson Foods, and Unilever. As of 2018, it was possible for the company to trace more than 25 food products from as many as five different suppliers. 

“The system was so efficient that one could take a jar of a product or a salad box and trace the ingredients back to the farms from where they were harvested,” Walmart claimed. 

You may recall that back in 2018 there was an outbreak of E. coli in romaine lettuce from a farm in California that ended up affecting over 17 states. At the time, many stores pulled all of their romaine lettuce off the shelves out of caution because they weren’t able to quickly identify the source. 

Before Walmart had implemented some of these new initiatives, it would have taken days to trace the lettuce to the source, but now that they can access that information in a matter of seconds they can ensure that what’s on the shelves is safe.

“For public health and safety, this [blockchain program] obviously creates a lot more confidence in the ability to track and locate if there are any disease outbreaks among farms where it came from once it’s been identified,” said Vestergaard.

Another example Vestergaard highlighted is the diamond company De Beers. One huge problem with the diamond industry is that many diamonds are mined in war zones and then sold to fund military efforts, resulting in the name “blood diamonds.” Historically, it has been hard to trace the origin of diamonds, so you could never tell if you were getting a blood diamond or one harvested more ethically. 

In 2022, De Beers introduced its Tracr blockchain platform, which enables tracing of diamonds from their source, as well as all stops in the supply chain.

“De Beers discovers diamonds with our partners in Botswana, Canada, Namibia and South Africa and, with our long-term investment in Tracr, we are proud to join with our Sightholders to provide the industry with immutable diamond source assurance at scale,” said Bruce Cleaver, CEO of De Beers Group. “Tracr, which will enable the provision of provenance information from source to Sightholder to store on a secure blockchain, will underpin confidence in natural diamonds and represents the first step in a technological transformation that will enhance standards and raise expectations of what we are capable of providing to our end clients.”

The environmental impact

One of the big criticisms of blockchain technology is the detrimental impact on the environment. Particularly during the Bitcoin mining craze, people were running their computers to the max and driving up their electric bills. The profit from mining may have paid for the increased electric bill, but what about the environmental impact of that mining?

President Biden even commissioned a report on the environmental impact of “crypto-assets,” which are assets based on DLT. The report, which was published last year, found that from 2018 to 2022 electricity usage from these crypto-assets grew rapidly and in 2022, the published estimates for energy usage ranged from 120 to 240 kilowatt-hours per year. According to the White House, this is more than the total electricity usage for many companies and makes up about 0.4% to 0.9% of total global electricity usage. 

The report clarified that most of the environmental impact does come from consensus mechanisms, which are used in mining and verifying assets. The dominant mechanism for energy consumption was Proof of Work (PoW), which at the time of the report was used by both the Bitcoin and Ethereum blockchains. 

According to the White House, the PoW mechanism uses a lot of electricity by design. “The PoW mechanism is designed to require more computing power as more entities attempt to validate transactions for coin rewards, and this feature helps disincentivize malicious actors from attacking the network,” the White House wrote in a statement

However, PoW is just one option, and there are other less energy-intensive DLT technologies and consensus mechanisms out there, such as Proof of Stake. By switching, it is estimated that energy usage could be reduced to less than 1% of today’s current levels. 

For example, the Ethereum network has since begun to migrate to a Proof of Stake blockchain and this has reduced its energy consumption by about 99.95%.

The overpromise of blockchain technology

Bennett explained that while there have been some very successful implementations, there’s not a lot of examples of follow-on projects. 

“When I see a project is hugely successful, and everybody talks up the benefits — which I do not doubt, by the way, I wouldn’t accuse people of lying about the benefits they’ve achieved — and then nobody else does the same thing,” said Bennett. “That either means that they’re being economical with the truth about how much it costs to run, or how much effort was involved in setting it up. Or that there are some quite unique circumstances associated with a particular company or a particular ecosystem that just lent itself to putting something on a blockchain.”

There have also been a number of bankruptcies with blockchain companies over the past year. For example, the crypto exchange FTX collapsed and the CEO, Sam Bankman-Fried, was arrested on multiple charges, including wire fraud and defrauding investors. 

“Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy financial information as occurred here,” said John Ray, who was brought on to replace Bankman-Fried after the arrest. 

This has been a very public failure, but it’s not the only one.  Other companies that went under include BlockFi, 3AC, Marco Polo, We.trade, B3i, and TradeLens, an open and neutral supply chain industry platform solution underpinned by blockchain technology.

According to Bennett, one of the main reasons TradeLens shut down was because it was in “an ecosystem that’s dominated by one of the largest shippers in the world around data sharing.”

She continued:  “You can see the reluctance of competitors wanting to join that, which reduces the attraction for port operators to join as well. And also, it’s back to how do you want that ecosystem to run? Because TradeLens was always meant to be in some way for profit. And where does that come from? How do you charge for transactions? What do people want to pay? Nobody has really come up with a workable recipe there yet.”

According to Bennett, when hearing about the benefits of any new technology, it’s important to remember that company goals are not really about the technology, it’s about what you want to do. If you have a clear vision, you can work backwards from that end goal.

She sees that a lot of digitization initiatives are becoming co-mingled with blockchain. But a lot of the benefits companies see are from the digitization itself, not putting those digital assets on a blockchain.

“Just for digitizing paper, you don’t need a blockchain, but you still need everybody to accept the digital format of what previously was physical,” said Bennett. “And then if all you do is digitize a PDF file, and then send that around, you save some time clearly because a PDF file is quicker than the mail between Africa and the United States. But they also have a limit to the benefits from digitization too. My message here would be really think about what it takes to digitize before you think about the technology that you use to do it is.”

The post How does blockchain fit into today’s enterprise? appeared first on SD Times.

]]>
Android 14 Beta 1 shows new back arrow for gesture navigation https://sdtimes.com/software-development/android-14-beta-1-shows-new-back-arrow-for-gesture-navigation/ Wed, 12 Apr 2023 18:38:25 +0000 https://sdtimes.com/?p=50863 The Android development team at Google is ready with the first beta version of Android 14. Beta 1 is available for developers enrolled in the Android Beta program.  In this release, developers can expect updates to the system UI, additional graphics capabilities, and privacy and security features.  The UI has been updated with a more … continue reading

The post Android 14 Beta 1 shows new back arrow for gesture navigation appeared first on SD Times.

]]>
The Android development team at Google is ready with the first beta version of Android 14. Beta 1 is available for developers enrolled in the Android Beta program. 

In this release, developers can expect updates to the system UI, additional graphics capabilities, and privacy and security features. 

The UI has been updated with a more prominent back arrow when using gestures to navigate and the ability to add custom actions to system sharesheets.

One of the graphics updates is that you can now query the path API to discover what is inside of paths. The API was also updated so that you can interpolate between paths with matching structures.

This release also adds the accessibilityDataSensitive attribute, which allows apps to limit visibility of specified views to accessibility services. According to the team, this attribute can be used to protect user data and prevent critical actions from being unintentionally executed, such as transfering money or checking out in a shopping app. 

Even though this is just the first beta of many, the Android team recommends developers begin testing their apps for compatibility with Android 14. 

The post Android 14 Beta 1 shows new back arrow for gesture navigation appeared first on SD Times.

]]>