The Presto Foundation launches under the Linux Foundation

Facebook’s widely popular data query engine Presto now has the full support of the Linux Foundation. The Presto Foundation has been formed around the project.

According to the Linux Foundation, Presto is a distributed system that can be run on large clusters of machines. What makes it special is that it can query data where it is stored, rather than having to move it to a separate location before running queries on it. The foundation first launched early this year to help advance the query engine. 

RELATED CONTENT: SD Times Open-Source Project of the Week: Presto

“Presto has been designed for high performance exabyte-scale data processing on a large number of machines. Its flexible design allows processing data from a wide variety of data sources. From day one Presto has been designed with efficiency, scalability, and reliability in mind, and it has been improved over the years to take on additional use cases at Facebook, such as batch and other application specific interactive use cases,” said Nezih Yigitbasi, engineering manager of Presto at Facebook.

Founding members of the Presto Foundation include Facebook, Alibaba, Twitter, and Uber. These founding companies plan on using the foundation to allow contributors to drive the future direction of the project. Eventually, they hope that Presto will be the “fastest and most reliable SQL engine for massively distributed data processing.”

Presto was developed in 2012 by Facebook. It was created so that data scientists would no longer have to choose between an expensive commercial solution to get fast analytics, or a slow, but free solution. “At Facebook alone, over a thousand employees use Presto, running several million queries and processing petabytes of data per day. After creating Presto we open sourced it to see if other companies were having the same issues and wanted to collaborate. It turns out many other companies were interested and so under The Linux Foundation, we believe the project can engage others and grow the community for the benefit of all,” said Kathy Kam, head of open source at Facebook.

Under the Linux Foundation, the Presto Foundation will have an open and neutral governance model. This will allow the project to scale and diversify its community.

“The Linux Foundation is excited to work with the Presto community, collaborating to solve the increasing problem of massive distributed data processing at internet scale,” said Michael Dolan, vice president of strategic programs at the Linux Foundation.

The post The Presto Foundation launches under the Linux Foundation appeared first on SD Times.

via Click on the link for the full article

SD Times news digest: New Kotlin code lab courses available, Mobile Labs launches device refresh subscription program, Tricentis and Tasktop announce OEM partner

Google introduced Kotlin Bootcamp for Programmers and Developing Android apps in Kotlin Codelab courses to help developers learn how to develop apps using Kotlin, including Kotlin-friendly APIs and API extensions. 

The language interoperates with Java and is included with IntelliJ and Android Studio. 

The course teaches Kotlin features such as coroutines to help developers write code more quickly and concisely and offers the ability to work with a realistically architected app and to implement key features. 

The full details of the course are available here.

Mobile Labs introduces new device refresh subscription program
Mobile Labs launched a device refresh program that enables testing teams to swap out a certain number (based on the subscription) of devices required for app testing. 

“Due to the time and effort it can take for mobile developers and engineers to purchase and replace devices, we wanted to offer a program that makes it easier for development and testing teams to keep up with the latest technology,” stated Margaret Heberling, vice-president of worldwide sales for Mobile Labs.

The program follows Mobile Labs’ launch of the GigaFox Family Testing Suite that includes both GigaFox Red and Silver. The solutions were created to make mobile devices easily accessible via a privately hosted cloud environment. 

The full details are available here.

Tricentis and Tasktop announce OEM partnerships 
Continuous testing provider Tasktop and value stream management tool provider Tasktop announced a partnership in which Tricentis will offer an OEM solution based on the Tasktop Integration Hub, which integrates Tricentis qTest Manager with third-party tools.

“This latest agreement tightens our relationship and makes it easy for customers to assemble a best-of-breed development tool stack standardized on Tricentis qTest Manager, Tricentis Tosca or both,” said Dr. Mik Kersten, the CEO of Tasktop.

According to the companies, a typical scenario might be an integration of Jama, qTest Manager and Tosca to improve product quality, collaboration and visibility. 

Percona announces open-source distribution of PostgreSQL
Percona announced a new distribution of PostgreSQL to expand support for open-source database software and services for customers that need enterprise-class support. 

The Percona distribution includes open-source tools such as pg_repack, a popular third-party extension to rebuild PostgreSQL database objects without requiring a table lock, pgaudit, an extension that provides in-depth session and/or object audit logging through the standard logging facility in PostgreSQL, along with pgBackRest and Patroni. 

“Adding a distribution of PostgreSQL alongside our current options for MySQL and MongoDB helps our customers leverage the best of open source for their applications as well as get reliable and efficient support,” said Peter Zaitsev, co-founder, and CEO of Percona.

The full details of the new distribution are available here.

The post SD Times news digest: New Kotlin code lab courses available, Mobile Labs launches device refresh subscription program, Tricentis and Tasktop announce OEM partner appeared first on SD Times.

via Click on the link for the full article

InstallAware X10 allows developers to build Single Click installers

Software installation company InstallAware Software has released the latest version of its flagship product, InstallAware X10. This platform allows development teams to create Windows and Azure installers, and MSIX, APPX, Microsoft App-V Virtualization, and InstallAware Virtualization packages. 

According to the company, version X10 went through almost a full year of research and development to get to this point.

InstallAware X10 makes it so that PC users don’t have to click through endless “Next” buttons when installing software. It includes a new Single Click installation template that allows applications to be installed and uninstalled in a single click. This feature is fully customizable in both its user interface and its runtime setup logic. 

It also includes a major upgrade to the IDE, the company explained. Now, IntelliScan will highlight incorrect setup script statements, which will prevent developers from building breaking edits. It also added Code Preview, providing a bird’s eye view of the script topology. 

The latest version also includes a number of other features, like Azure DevOps Services, an extensible download engine, multi-part downloads, and features and server roles. 

The post InstallAware X10 allows developers to build Single Click installers appeared first on SD Times.

via Click on the link for the full article

Report: BSIMM10 shows new wave of engineering-led software security in DevOps

The security aspect of DevOps is evolving as new data found a new wave of engineering-led software security efforts originating bottom-up in the development and operations teams rather than top-down from a centralized software security group (SSG). 

Software security initiatives (SSIs) have identified a number of individuals (often developers, testers, and architects) who are invested in improving software security but are not directly employed in the SSG. These individuals are regarded as the satellite in an organization and BSIMM stated that “many organizations are now referring to this group as their software security champions.”

RELATED CONTENT: For effective DevSecOps, shift left AND extend right

Sixty-seven percent of firms that have been assessed more than once for the BSIMM have a satellite, while 66 percent of firms on their first assessment do not. This shows that as SSI matures, its activities become distribute

The report found that emerging engineering-led efforts attempt to understand software inventory by extracting it from the same tools they use to manage IT assets from which they then craft an inventory “brick-by-brick” rather than top-down. 

“Development teams are being asked for more story points, more features, [and] better feature velocity, but the security programs haven’t seriously kept up with that feature velocity,” Sammy Migues, a principal scientist at Synopsys, told SD Times. “So a lot of development organizations are self-organizing into this new DevOps culture, this new CI/CD tooling, and they’re starting to do some security things for themselves.”

The 10th iteration of BSIMM defined the three phases of SSI maturity—emerging, maturing and optimizing—and described how 122 firms typically progress through them. It spanned 119 activities that organizations can look at to see which activities are common across different vertical markets. Electronic Design Automation (EDA) and semiconductor IP provider Synopsys oversaw the report. 

DevOps teams are now implementing their own sensors in their toolchains and production as well as creating strategies that allow for quick A/B testing deployment strategies that allow them to pull back deployments with vulnerabilities very quickly, Migues explained. 

Meanwhile, organizations with highly centralized security structures from the past 10-15 years are still working to catch up to get in sync with what is happening in development. 

The data also found that Cloud, IoT and high-technology firms are three of the most mature verticals in the BSIMM10 pool, while the healthcare vertical remains low. 

The report showed that on average, cloud firms (which are not necessarily equivalent to cloud service providers) are noticeably more mature in the governance and intelligence domains compared to the technology and IoT firms but noticeably less mature in the attack models practice. However, technology and IoT firms show greater maturity in the penetration testing and software environment practices.

“In IoT and ISV there’s a broader set of concerns, especially for products that live a very long time such as in the embedded space,” said Migues. “In health care, we haven’t quite seen that uptake yet or at least it isn’t reflected in the BSIMM.”

When healthcare was compared to other highly-regulated industries such as financial services and insurance, the report found that financial services SSG average age was 5.4 years, insurance was at 3.2 years and healthcare last at 3.1.

“The DevOps culture that we see today isn’t necessarily the DevOps culture that was first described… It has also adapted to include application security software security as a first- class citizen, along with things like performance, resilience and reliability,” Migues said. “As the idea changes, the culture will change and as the culture changes the tooling will change.”

The post Report: BSIMM10 shows new wave of engineering-led software security in DevOps appeared first on SD Times.

via Click on the link for the full article

SD Times news digest: Uno 2.0 released LLVM 9.0.0 released, and npm announces rate limiting for the public registry

Uno announced version 2.0 of its open-source platform and a new integration with Xamarin Forms that enables developers to extend existing Xamarin Forms apps to the Web via WebAssembly and Mono. 

“With the Uno Platform support for Xamarin Forms, enterprises using Xamarin Forms-powered apps gain seamless bridge for their apps to the Web without wasting investments already made in Xamarin Forms,” Uno wrote in a post.

Syncfusion also announced support for the Uno Platform and introduced preview versions of its UWP DataGrid, Charts and Scheduler controls to bring enterprise-level data visualization to developers on Uno Platform. 

Other Uno Platform 2.0 features include “Hot Reload,” which enables developers to make changes to app XAML UI and see them reflected live and UI testing for Uno Platform-built apps. 

LLVM 9.0.0 now available
LLVM 9.0.0, the latest update to the compiler infrastructure project that is a collection of modular and reusable compiler and toolchain technologies, has been released.

The updated version includes support for asm goto, which enables the mainline Linux kernel for x86_64 to build with Clang; a default RISCV-V target; and experimental support for C++ for OpenCL. The new release also includes many bug fixes, optimizations and diagnostics improvements.

The detailed list of features is available here.

npm announces rate limiting for the public registry
Npm said it will enforce rate limiting on large commercial enterprises with which it can not reach an agreement to resolve excessive use. 

These few large commercial enterprises make tens to hundreds of millions of registry requests per month, which the registry finds is “well outside any reasonable scope of acceptable use.” 

Now, up to 5 million requests to the registry per month are considered acceptable, and npm will reach out to companies to try to stay within that threshold, otherwise a rate limit will be imposed on them. Npm said the vast majority of users will not be affected by the change.

The full details are available here.

Linux Foundation announces new course for Hyperledger Sawtooth app developers
The Linux Foundation announced a new free course titled Hyperledger Sawtooth for Application Developers.”

Hyperledger Sawtooth works as an enterprise-level blockchain system used for building, deploying and running distributed ledger applications and networks. The course will teach blockchain concepts, the basics of Sawtooth, principles of application design and the ability to create a full-featured Hyperledger Sawtooth application. 

“This is a great course for developers to learn how to develop for Hyperledger Sawtooth and simultaneously learn a simplified supply chain use case. With this course as a basis, developers will be ready to explore on their own deeper into Sawtooth application development or using the supply chain concepts branch out into Hyperledger Grid,” said Dan Middleton, head of technology for Intel’s blockchain and distributed ledger program and Hyperledger Sawtooth project maintainer.

The details on the course are available here.

The post SD Times news digest: Uno 2.0 released LLVM 9.0.0 released, and npm announces rate limiting for the public registry appeared first on SD Times.

via Click on the link for the full article

SD Times Open-Source Project of the Week: STL

The Microsoft Visual C++ compiler and libraries (MSVC) team announced this week that it would be releasing its implementation of the C++ Standard Library (STL) into open source. 

The project will include all product source code, a CMake build system, and a README for more information. 

“Working on the STL in GitHub will allow our customers to follow our development as it happens, try out our latest changes, and help improve our pull requests by reviewing them. As C++ Standardization accelerates, with more large features being voted in every year, we believe that accepting major features as open source contributions will be important,” the MSVC team wrote in a post.

The project will be distributed under the Apache License v2.0 with LLVM Exceptions. This is the same open-source license as libc++, which will make it easier to share code between the two libraries, the team explained. STL and lic__ will remain separate projects. 

“We’re going to spend some time overhauling our build system, test infrastructure, and issue tracking, which will delay some work on C++20 library features,” the team wrote. “This will allow us to work on the STL more efficiently and ultimately reach C++20 completeness faster.” 

The team is still in the process of migrating everything to GitHub. The code is done and the build system is in progress. Next, the team will work on migrating tests, continuous integration, contribution guidelines, issues and plans. 

The post SD Times Open-Source Project of the Week: STL appeared first on SD Times.

via Click on the link for the full article

Instana releases .Net Core APM solution

APM provider Instana released its code-level monitoring and tracing tool for .Net Core and expanded the number of programming languages that can be automatically instrumented to 12.

Whether it’s for Java, C#, .Net, Ruby, Node, Go or other, developers can use automatic tracing with the .Net Core agent, the company explained. 

 “It’s critical for any management tool to provide complete code-level visibility and tracing of all user requests across all possible programming languages, including .Net Core,” said  Chris Farrell, director of marketing at Instana.

The solution has the ability to track user requests across the full stack and all services of dynamic microservice applications. Users can automatically understand the quality of the services they provide without ongoing engineering effort, human configuration or application restarts. 

Instana brought the fully automatic monitoring experience to the .NET ecosystem last year with the AutoTrace feature. The feature integrates the ability to automatically enhance existing services with tracing and metrics capabilities without the need to change the source code and fill the application with non-business related artifacts. 

“Instana offers the unique and fully automatic monitoring experience to the .NET ecosystem. Apart from performance metrics of the CLR itself, Instana constantly analyses the infrastructure and container landscape to discover newly started services and their dependencies between infrastructure, hosts, and services; fully polyglot,” Instana wrote in a blog post.

The post Instana releases .Net Core APM solution appeared first on SD Times.

via Click on the link for the full article

Code analysis tool Semmle joins GitHub

The code analysis platform provider Semmle wants to expand its reach with the announcement that it is joining GitHub. Together, the companies will work on addressing a big issue in open-source software: security

RELATED CONTENT: Going to school on open-source security

“Software security is a community effort; no single company can find every vulnerability or secure the open source supply chain behind everyone’s code. Semmle’s community-driven approach to identifying and preventing security vulnerabilities is the very best way forward,” Nat Friedman, CEO of GitHub, wrote in a blog post

Semmle’s code analysis engine works to help developers write queries, identify code patterns, and search for vulnerabilities. It also allows security researchers to share queries with the Semmle community in order to help improve the security of other codebases. 

Semmle’s co-founder and CEO Oege de Moor explained GitHub was a natural fit for the company because of its open-source community and platform for maintainers to collaborate. “GitHub’s recent moves to secure the ecosystem (with maintainer security advisories, automated security fixes, token scanning, and many other advances in secure development) are all pieces of the same puzzle. The Semmle vision and technology belong at GitHub,” he wrote in a post

Existing Semmle users should not experience any disruption. The company’s continuous security analysis LGTM will continue to be available for free and open source, and it will continue to conduct its own open-source security research. In addition, Semmle plans on providing deeper integration with GitHub’s existing product portfolio. 

The post Code analysis tool Semmle joins GitHub appeared first on SD Times.

via Click on the link for the full article

New Relic One released as an observability platform for developers

New Relic wants to provider users with more than just dashboard analytics solution for their applications. The company announced a new observability platform at its FutureStack conference today in New York City.

New Relic One is designed to connect user experience and business data with capabilities like New Relic Logs, Traces, Metrics and AI. The platform “is open, enabling customers to bring in agent-based and open telemetry data so they have no blind spots; connected, allowing customers to see relationships between their systems so they can act more quickly and effectively; and programmable, empowering customers to build entirely new applications on top of New Relic to fuel their business. It’s not a platform unless you can build apps on it,” according to Lew Cirne, CEO and founder of New Relic.

The logs capabilities brings log data in one place so users can easily track performance issues and infrastructure metrics without having to switch between tools. The traces API collects open-source trace data for visualization, anomaly detection, and alerts on trace behavior. The new metrics API collects, queries and visualizes metric data.

“New Relic collects metric and trace data from open source, vendor agnostic tools,then displays that data alongside other systems and services. Reduce the operational burden of systems dedicated to storing, querying, and viewing all that data and empower your DevOps team to focus on what they’ve instrumented, rather than the management of that instrumentation,” the company wrote on its website.

The release also features Serverless for AWS Lambda, enabling users to monitor, visualize, troubleshoot and monitor alerts for AWS Lambda functions.

Other features include React Native agent support in the company’s mobile solution, and a new AIOps solution for proactively detecting and resolving incidents faster.

In addition, the platform features freely available apps such as Cloud Optimize, GitHub Integration, Site Analyzer, Status Page and Customer Journeys.

“When we started on this journey of programmability, our CEO and founder, Lew Cirne, challenged us to radically shift the way we deliver solutions to customers on our platform. The ability to create more perfect software doesn’t come from a “bag of metrics”—it comes from entity-centric context creation, rapid innovation, and the delivery of amazing customer experiences. To do that, we’ve given our customers the first observability platform that they can build on,” wrote Mark Weitzel, senior director of product management for the platform and ecosystem group at New Relic.

The post New Relic One released as an observability platform for developers appeared first on SD Times.

via Click on the link for the full article

SD Times news digest: Tableau2019.3, Redgate SQL Change Automation 4.0, and Microsoft releases Cascadia Code

Tableau Software announced the general availability of Explain Data in its 2019.3 release. This capability enables users to use advanced statistical analysis with no complex data modeling or data science expertise, the company explained.

Additionally, the release also expands the company’s data management capabilities with a new Tableau Catalog that introduced a new Tableau Server Management Add-On. The add-on is designed to help customers more efficiently manage their enterprise-wide deployments of Tableau Server.

“As the amount of data increases and the pace of decision-making accelerates, the need for data management has never been more critical to foster a thriving data culture,” said Francois Ajenstat, chief product officer at Tableau. “With Tableau 2019.3, we’re integrating data management directly into the analytics experience, making it easier for customers to curate and prepare all the data needed for analysis and improving visibility and increasing trust in the data for everyone within an organization.”

Redgate SQL Change Automation 4.0
Redgate launched its SQL Change Automation 4.0 tool, which extends the database change management automation tool to the free Microsoft SQL Server Management Studio (SSMS). Developers can now choose whether to work in Microsoft Visual Studio or SSMS.

With Database DevOps, companies are increasingly adopting CI/CD of database changes. Change automation supports this with, freeing teams from manual database change management tasks, like sorting out deployment scripts, speeding up deployments and allowing developers to focus on more value-added work, the company explained.

“This new capability especially benefits heterogenous development teams where developers and database administrators want to use their development environment of choice, but still follow the same DevOps processes when it comes to database changes,” Redgate wrote, adding that this will especially benefit specialist database developers and DBAs to work with SSMS even if they’re collaborating with full stack developers. 

Microsoft releases Cascadia Code
Microsoft released Cascadia Code, the latest open-source monospaced font shipped from Microsoft. The company recommended that it be used with terminal applications and text editors such as Visual Studio. 

The language supports programming ligatures, which create new glyphs by combining characters and making the code more readable and user-friendly for some users. 

Cascadia Code version 1909.16 is now available on GitHub and it’ll be following the Windows versioning syntax as the font receives updates with new and refined glyphs.

The full details are available here.

Eclipse 2019-09 released
Eclipse announced the 2019-09 release of its Eclipse IDE is now available with 76 participating projects. 

The updated version introduced new features for Git integration for Eclipse, C and C++ development tooling (CDT) as well many others. The full list of new and noteworthy items of various projects is available here.

The post SD Times news digest: Tableau2019.3, Redgate SQL Change Automation 4.0, and Microsoft releases Cascadia Code appeared first on SD Times.

via Click on the link for the full article