Programming: nGraph Compiler, JavaScript Trademark, PyPI and Pip

• Intel Opens Up nGraph Source Code For DNN Model Compiler

  Intel tonight announced they are open-sourcing their nGraph compiler code, which serves as a framework-neutral deep neural network model compiler. Intel claims with nGraph and Xeon Scalable hardware that researchers can obtain up to 10x performance improvements over previous TensorFlow integrations, as one example. Besides TensorFlow, nGraph also supports PyTorch, MXNet, Neon, Caffe2, and CNTK while also planning to support other frameworks moving forward.

• Why it's finally time to give up on the name JavaScript

  An iOS developer has apparently received a cease and desist notice from Oracle over the use of the word "JavaScript" in the title of their app. The developer, Tyanya Software, shared the notice on perennial internet soapbox Reddit to seek advice on how to fight the order. [...] If user reviews are any indication, the app is not even particularly good, with reviewers stating things such as "Not ready for production," "Does not work as advertised," and "Waste of money, don't buy this." The last update to the app was in 2014, which the changelog notes was only an upgrade to add support for iOS 8. The app developer is at least honest about the intent behind the unwieldy name for the app, saying in a Reddit comment that "we game the App Store ranking by adding all the keywords to the app name." While Oracle has a duty to protect their trademarks, this type of legal bludgeoning underscores a historical problem that has been left unaddressed for too long: JavaScript is a terrible name for the thing being described. It has nothing to do with Java, an actual product developed by Sun (now owned by Oracle). JavaScript was developed at Mozilla, and the name was changed during beta releases of Netscape Navigator 2.0 from "LiveScript" to "JavaScript." It has, for some time, caused confusion among casual web users about the difference between Java and JavaScript. Given that ECMAScript is also a trademarked term, it seems best to revert to calling the language "LiveScript" to undercut trademark-related legal posturing. [...] Oracle declined to comment on this story.

• New PyPI launched

  The new PyPI has been launched. Browser traffic and API calls (including "pip install") have been redirected from the old pypi.python.org to the new site. The old PyPI will shut down on April 30. LWN covered the new PyPI last week.

• Pip 10.0 has been released

  The release of pip 10.0 has been announced. Some highlights of this release include the removal of Python 2.6 support, limited PEP 518 support (with more to come), a new "pip config" command, and other improvements.

Meltdown/PTI Mitigation Impact On BSDs vs. Linux

Besides the fresh BSD/Linux disk performance tests, some other tests I ran on various BSDs and Linux distributions this week was looking at the performance impact of Intel Meltdown CPU vulnerability mitigation on each of them, namely the performance impact of using kernel page-table isolation. On DragonFlyBSD 5.2, TrueOS 18.03, Ubuntu 16.04, Ubuntu 18.04, and Clear Linux I ran tests when the mitigation was enabled and then again when it was off for seeing the performance impact.

Red Hat and Fedora Leftovers

• Enterprise Node.js on OpenShift, April 19th, 12 p.m. EDT

  The next online DevNation Live Tech Talk is Thursday, April 19th at 12pm EDT. The topic is “Enterprise Node.js on Red Hat OpenShift” presented by Lance Ball, and hosted by Burr Sutter. The popularity of JavaScript on the front end and the JSON format for data has led to a “JavaScript Everywhere” movement with Node.js at the center. Node.js offers developers an event-driven, non-blocking I/O model that is perfect for high concurrency, low-latency applications that run across distributed devices. Its reactive architecture makes it an ideal technology for containerized microservices architectures you’ve been hearing so much about.

• President to President with Luc Villeneuve, Red Hat Canada

  ITWC President Fawn Annan gets to the point with Red Hat’s general manager for Canada. Villeneuve speaks about building the open source technology firm in the country, the unique differences when dealing with the Quebec market, and how he fosters a positive culture in the workplace. Plus, he dishes on how his experience in journey hockey taught him how to build a successful sales team.

• Be mindful of jumping into an open source project too soon: RedHat CTO

  Open source software has long been seen as a movement towards collaborative development. In a conversation with BusinessLine, Chris Wright, Vice-President & CTO at RedHat, talks about some of the challenges the open source community is facing and why it is important to set expectations right when it comes to promoting open source software. Edited excerpts:

• DevOps Tool Market Global Manufacturers: Chef, Atlassian, Saltstac, Red Hat and Docker Inc.

• Two sizzlers stock’s are not to be missed: Red Hat, Inc. (RHT), Navient Corporation (NAVI)

• Fedora Community Blog: Fedora meetup at Pune – March 2018

  Long time we did not had any meetup at Pune, Maharashtra, India, so we decided to get started again. Details about this meetup are available at Fedora Wiki page. Planning for meetup started 1 month before. Initially Ompragash proposed to have meetup.com account for Fedora Pune to get more awareness. Later dropped this plan, since this is not only Fedora Pune level topic but applicable for all Fedora events.

• Fedora 28 Beta – dnf system-upgrade

  Used DNF to remove duplicate rpms, reinstalled the new kernel and libwbclient, and corrected GNOME’s right-click behaviour, and all is well.

Security Leftovers

• Mitigating Open Source Security Vulnerabilities

• NHS slammed for 'alarming' lack of cybersecurity defences post-WannaCry [iophk: "Windows TCO"]

  Despite 22 recommendation created by the Department of Health and Social Care, NHS England and NHS Improvement to help the NHS improve its cyber defences, the PAC noted it was "alarmed" that these measures had not yet been implemented.

• House panel advances bills to guard energy grid from cyberattacks

  The four bipartisan legislative proposals aim to elevate the Department of Energy’s efforts on cyber response and engagement and to create new programs to address grid and pipeline security.

• A pirate-obsessed Nigerian hacking [sic] group is attacking the maritime industry

  A business email compromise (BEC) scam is a highly targeted attack designed to convince finance departments or C-suite executives to sign off on fraudulent invoices.

• Simplify and Secure Your Online Logins With a YubiKey

  Several manufacturers make these types keys, and they all basically work the same way. They adhere to an industry standard called Universal 2nd Factor, or U2F. The standard weds hardware-based authentication with public key cryptography—a set of tools that’s extremely difficult to compromise. These U2F keys simplify the process of securely accessing online services like Google, Facebook, Dropbox, Windows, and Mac OS. They also support password managers like Lastpass, Dashlane and Keepass. U2F keys can even be used to unlock your Mac or Windows PC from the home screen.

• Polyverse raises more cash for Linux cybersecurity product that can prevent zero-day attacks [Ed: Polyverse is selling snake oil pseudoscience like polygraph; nontechnical VCs fall for it, I hope technical companies do not.]