Docs startup Almanac raises $34 million from Tiger as remote work shift hardens

As companies continue to delay their returns to the office and find temporary remote work policies becoming permanent, the startups building tooling for remote work-first cultures are finding a seemingly endless supply of customers.

“Companies are finding the shift to remote work is not a one-time aberration due to Covid,” Almanac CEO Adam Nathan tells TechCrunch. “Over the past several months we’ve seen pretty explosive revenue growth.”

Almanac, which builds a doc editor that takes feature cues like version control from developer platforms like Github, has been seizing on the shift to remote work, onboarding new customers through its open source office document library Core while pushing features that allow for easier onboarding like an online company handbook builder.

In the past couple years, timelines between funding rounds have been shrinking for fast-growing startups. Almanac announced its $9 million seed round earlier this year led by Floodgate, now they’re taking the wraps off of a $34 million Series A led by the pandemic’s most prolific startup investment powerhouse — Tiger Global. Floodgate again participated in the raise, alongside General Catalyst and a host of angels.

The company wants its collaborative doc editor to be the way more companies fully embrace online productivity software, leaving local-first document editors in the dust. While Alphabet’s G Suite is a rising presence in the office productivity suite world, Microsoft Office is still the market’s dominant force.

“We see ourselves as a generational challenger to Microsoft Office,” Nathan says. “It’s not only an old product, but it’s totally outmoded for what we do to today.”

While investors have backed plenty of startups based on pandemic era trends that have already seemed to fizzle out, the growing shift away from office culture or even hybrid culture towards full remote work has only grown more apparent as employees place a premium on jobs with flexible remote policies.

Major tech companies like Facebook have found themselves gradually adjusting policies towards full-remote work for staff that can do their jobs remotely. Meanwhile, Apple’s more aggressive return-to-office plan has prompted a rare outpouring of public and private criticism from employees at the company. Nathan only expects this divide to accelerate as more companies come tor grips with the shifting reality.

“I personally don’t believe that hybrid is a thing,” he says. “You have to pick a side, you’re either office culture or ‘cloud culture.’”

#almanac, #alphabet, #articles, #ceo, #cloud-computing, #economy, #general-catalyst, #github, #human-resource-management, #major, #microsoft, #onboarding, #productivity, #recruitment, #software, #startup-company, #startups, #telecommuting, #tiger-global

Inside GitLab’s IPO filing

While the technology and business world worked towards the weekend, developer operations (DevOps) firm GitLab filed to go public. Before we get into our time off, we need to pause, digest the company’s S-1 filing, and come to some early conclusions.

GitLab competes with GitHub, which Microsoft purchased for $7.5 billion back in 2018.

The company is notable for its long-held, remote-first stance, and for being more public with its metrics than most unicorns — for some time, GitLab had a November 18, 2020 IPO target in its public plans, to pick an example. We also knew when it crossed the $100 million recurring revenue threshold.

Considering GitLab’s more recent results, a narrowing operating loss in the last two quarters is good news for the company.

The company’s IPO has therefore been long expected. In its last primary transaction, GitLab raised $286 million at a post-money valuation of $2.75 billion, per Pitchbook data. The same information source also notes that GitLab executed a secondary transaction earlier this year worth $195 million, which gave the company a $6 billion valuation.

Let’s parse GitLab’s growth rate, its final pre-IPO scale, its SaaS metrics, and then ask if we think it can surpass its most recent private-market price. Sound good? Let’s rock.

The GitLab S-1

GitLab intends to list on the Nasdaq under the symbol “GTLB.” Its IPO filing lists a placeholder $100 million raise estimate, though that figure will change when the company sets an initial price range for its shares. Its fiscal year ends January 31, meaning that its quarters are offset from traditional calendar periods by a single month.

Let’s start with the big numbers.

In its fiscal year ended January 2020, GitLab posted revenues of $81.2 million, gross profit of $71.9 million, an operating loss of $128.4 million, and a modestly greater net loss of $130.7 million.

And in the year ended January 31, 2021, GitLab’s revenue rose roughly 87% to $152.2 million from a year earlier. The company’s gross profit rose around 86% to $133.7 million, and operating loss widened nearly 67% to $213.9 million. Its net loss totaled $192.2 million.

This paints a picture of a SaaS company growing quickly at scale, with essentially flat gross margins (88%). Growth has not been inexpensive either — GitLab spent more on sales and marketing than it generated in gross profit in the past two fiscal years.

#computing, #crowdstrike, #datadog, #ec-news-analysis, #enterprise-software, #fundings-exits, #git, #github, #gitlab, #ipo, #microsoft, #saas, #software, #software-engineering, #startups, #tc, #twilio, #version-control

Cryptocurrency launchpad hit by $3 million supply chain attack

Cryptocurrency launchpad hit by $3 million supply chain attack

Enlarge (credit: Austin Distel)

SushiSwap’s chief technology officer says the company’s MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets all from one place. Launched earlier this year, Sushi’s newest offering, Minimal Initial SushiSwap Offering (MISO), is a token launchpad that lets projects launch their own tokens on the Sushi network.

Unlike cryptocurrency coins that need a native blockchain and substantive groundwork, DeFi tokens are an easier alternative to implement, as they can function on an existing blockchain. For example, anybody can create their own “digital tokens” on top of the Ethereum blockchain without having to recreate a new cryptocurrency altogether.

Attacker steals $3 million in Ethereum via one GitHub commit

In a Twitter thread today, SushiSwap CTO Joseph Delong announced that an auction on MISO launchpad had been hijacked via a supply chain attack. An “anonymous contractor” with the GitHub handle AristoK3 and access to the project’s code repository had pushed a malicious code commit that was distributed on the platform’s front-end.

Read 13 remaining paragraphs | Comments

#biz-it, #cryptocurrency, #defi, #github, #miso, #open-source, #supply-chain-attack, #sushi, #tech

Travis CI flaw exposed secrets of thousands of open source projects

Travis CI flaw exposed secrets of thousands of open source projects

Enlarge (credit: Getty Images)

A security flaw in Travis CI potentially exposed the secrets of thousands of open source projects that rely on the hosted continuous integration service. Travis CI is a software-testing solution used by over 900,000 open source projects and 600,000 users. A vulnerability in the tool made it possible for secure environment variables—signing keys, access credentials, and API tokens of all public open source projects—to be exfiltrated.

Worse, the dev community is upset about the poor handling of the vulnerability disclosure process and the brief “security bulletin” it had to force out of Travis.

Environment variables injected into pull request builds

Travis CI is a popular software-testing tool due to its seamless integration with GitHub and Bitbucket. As the makers of the tool explain:

Read 15 remaining paragraphs | Comments

#bitbucket, #biz-it, #data-leak, #github, #open-source, #secrets, #tech, #travis-ci, #vulnerability

China roundup: Beijing wants tech giants to shoulder more social responsibilities

Hello and welcome back to TechCrunch’s China roundup, a digest of recent events shaping the Chinese tech landscape and what they mean to people in the rest of the world.

This week, the gaming industry again became a target of Beijing, which imposed arguably the world’s strictest limits on underage players. On the other hand, China’s tech titans are hastily answering Beijing’s call for them to take on more social responsibilities and take a break from unfettered expansion.

Gaming curfew

China dropped a bombshell on the country’s young gamers. As of September 1, users under the age of 18 are limited to only one hour of online gaming time: on Fridays, Saturdays and Sundays between 8-9 p.m.

The stringent rule adds to already tightening gaming policies for minors, as the government blames video games for causing myopia, as well as deteriorating mental and physical health. Remember China recently announced a suite of restrictions on after-school tutoring? The joke going around is that working parents will have an even harder time keeping their kids occupied.

A few aspects of the new regulation are worth unpacking. For one, the new rule was instituted by the National Press and Publication Administration (NPPA), the regulatory body that approves gaming titles in China and that in 2019 froze the approval process for nine months, which led to plunges in gaming stocks like Tencent.

It’s curious that the directive on playtime came from the NPPA, which reviews gaming content and issues publishing licenses. Like other industries in China, video games are subject to regulations by multiple authorities: NPPA; the Cyberspace Administration of China (CAC), the country’s top internet watchdog; and the Ministry of Industry and Information Technology, which oversees the country’s industrial standards and telecommunications infrastructure.

As analysts long observe, the mighty CAC, which sits under the Central Cyberspace Affairs Commission chaired by President Xi Jinping, has run into “bureaucratic struggles” with other ministries unwilling to relinquish power. This may well be the case for regulating the lucrative gaming industry.

For Tencent and other major gaming companies, the impact of the new rule on their balance sheet may be trifling. Following the news, several listed Chinese gaming firms, including NetEase and 37 Games, hurried to announce that underage players made up less than 1% of their gaming revenues.

Tencent saw the change coming and disclosed in its Q2 earnings that “under-16-year-olds accounted for only 2.6% of its China-based grossing receipts for games and under-12-year-olds accounted for just 0.3%.”

These numbers may not reflect the reality, as minors have long found ways around gaming restrictions, such as using an adult’s ID for user registration (just as the previous generation borrowed IDs from adult friends to sneak into internet cafes). Tencent and other gaming firms have vowed to clamp down on these workarounds, forcing kids to seek even more sophisticated tricks, including using VPNs to access foreign versions of gaming titles. The cat and mouse game continues. 

Prosper together

While China curtails the power of its tech behemoths, it has also pressured them to take on more social responsibilities, which include respecting the worker’s rights in the gig economy.

Last week, the Supreme People’s Court of China declared the “996” schedule, working 9 a.m. to 9 p.m. six days a week, illegal. The declaration followed years of worker resistance against the tech industry’s burnout culture, which has manifested in actions like a GitHub project listing companies practicing “996.”

Meanwhile, hardworking and compliant employees have often been cited as a competitive advantage of China’s tech industry. It’s in part why some Silicon Valley companies, especially those run by people familiar with China, often set up branches in the country to tap its pool of tech talent.

The days when overworking is glorified and tolerated seem to be drawing to an end. Both ByteDance and its short video rival Kuaishou recently scrapped their weekend overtime policies.

Similarly, Meituan announced that it will introduce compulsory break time for its food delivery riders. The on-demand services giant has been slammed for “inhumane” algorithms that force riders into brutal hours or dangerous driving.

In groundbreaking moves, ride-hailing giant Didi and Alibaba’s e-commerce rival JD.com have set up unions for their staff, though it’s still unclear what tangible impact the organizations will have on safeguarding employee rights.

Tencent and Alibaba have also acted. On August 17, President Xi Jinping delivered a speech calling for “common prosperity,” which caught widespread attention from the country’s ultra-rich.

“As China marches towards its second centenary goal, the focus of promoting people’s well-being should be put on boosting common prosperity to strengthen the foundation for the Party’s long-term governance.”

This week, both Tencent and Alibaba pledged to invest 100 billion yuan ($15.5 billion) in support of “common prosperity.” The purposes of their funds are similar and align neatly with Beijing’s national development goals, from growing the rural economy to improving the healthcare system.

#alibaba, #asia, #beijing, #bytedance, #china, #china-roundup, #didi, #gaming, #github, #government, #jd-com, #kuaishou, #ministry-of-industry-and-information-technology, #netease, #tc, #tencent, #xi-jinping

Apple’s CSAM detection tech is under fire — again

Apple has encountered monumental backlash to a new child sexual abuse imagery (CSAM) detection technology it announced earlier this month. The system, which Apple calls NeuralHash, has yet to be activated for its billion-plus users, but the technology is already facing heat from security researchers who say the algorithm is producing flawed results.

NeuralHash is designed to identify known CSAM on a user’s device without having to possess the image or knowing the contents of the image. Because a user’s photos stored in iCloud are end-to-end encrypted so that even Apple can’t access the data, NeuralHash instead scans for known CSAM on a user’s device, which Apple claims is more privacy friendly as it limits the scanning to just photos rather than other companies which scan all of a user’s file.

Apple does this by looking for images on a user’s device that have the same hash — a string of letters and numbers that can uniquely identify an image — that are provided by child protection organizations like NCMEC. If NeuralHash finds 30 or more matching hashes, the images are flagged to Apple for a manual review before the account owner is reported to law enforcement. Apple says the chance of a false positive is about one in one trillion accounts.

But security experts and privacy advocates have expressed concern that the system could be abused by highly-resourced actors, like governments, to implicate innocent victims or to manipulate the system to detect other materials that authoritarian nation states find objectionable. NCMEC called critics the “screeching voices of the minority,” according to a leaked memo distributed internally to Apple staff.

Last night, Asuhariet Ygvar reverse-engineered Apple’s NeuralHash into a Python script and published code to GitHub, allowing anyone to test the technology regardless of whether they have an Apple device to test. In a Reddit post, Ygvar said NeuralHash “already exists” in iOS 14.3 as obfuscated code, but was able to reconstruct the technology to help other security researchers understand the algorithm better before it’s rolled out to iOS and macOS devices later this year.

It didn’t take long before others tinkered with the published code and soon came the first reported case of a “hash collision,” which in NeuralHash’s case is where two entirely different images produce the same hash. Cory Cornelius, a well-known research scientist at Intel Labs, discovered the hash collision. Ygvar confirmed the collision a short time later.

Hash collisions can be a death knell to systems that rely on cryptography to keep them secure, such as encryption. Over the years several well-known password hashing algorithms, like MD5 and SHA-1, were retired after collision attacks rendered them ineffective.

Kenneth White, a cryptography expert and founder of the Open Crypto Audit Project, said in a tweet: “I think some people aren’t grasping that the time between the iOS NeuralHash code being found and [the] first collision was not months or days, but a couple of hours.”

When reached, an Apple spokesperson declined to comment on the record. But in a background call where reporters were not allowed to quote executives directly or by name, Apple downplayed the hash collision and argued that the protections it puts in place — such as a manual review of photos before they are reported to law enforcement — are designed to prevent abuses. Apple also said that the version of NeuralHash that was reverse-engineered is a generic version, and not the complete version that will roll out later this year.

It’s not just civil liberties groups and security experts that are expressing concern about the technology. A senior lawmaker in the German parliament sent a letter to Apple chief executive Tim Cook this week saying that the company is walking down a “dangerous path” and urged Apple not to implement the system.

#algorithms, #apple, #apple-inc, #cryptography, #encryption, #github, #hash, #icloud, #law-enforcement, #password, #privacy, #python, #security, #sha-1, #spokesperson, #tim-cook

zeroheight raises $10M round led by Tribe Capital to scale DesignOps for UX teams

High quality UX for websites and apps is no longer a nice-to-have, it’s a must-have if a company is to succeed. But scaling the impact of UX teams is not simple, and in recent years teams have turned to what’s know as DesignOps platforms to help them.

Now, a new startup hopes to become a key DesignOps platform for UX teams, and has raised money to help it, in turn, scale-up.

zeroheight has now raised a $10 million Series A funding round led by Tribe Capital, with participation from Adobe, Y Combinator, FundersClub, and Expa, as well as angel investors including Tom Preston-Werner (co-founder of GitHub), Bradley Horrowitz (VP Product at Google), Irene Au (built and ran UX design for Google) and Nick Caldwell (VP Engineering at Twitter).

London-based zeroheight will now expand to the San Francisco/Bay Area, and grow the team across the board. Its focus so far has been on UX documentation but it will now also explore other areas such as closing the gap between design and development.

Co-founder Jerome de Lafargue said: “zeroheight does for UX what DevOps platforms like GitHub do for building and shipping code, providing a central place to document and manage UX components, coupled with design APIs that allow teams to skip the design hand-off stage entirely and speed up the UX delivery process.”

He said the company addresses the scaling problem for UX teams: “Problems have emerged because UX teams have grown dramatically in the past few years, because UX is now so important for most companies to just compete. And so because of this you now need centralization, you need components that are reusable so that teams can be efficient and not lose quality as it keeps shipping.”

zeroheight counts several Fortune 500 companies like Adobe and United Airlines as customers among its 1,300+ customer base.

#co-founder, #europe, #fundersclub, #github, #google, #london, #san-francisco, #tc, #tom-preston-werner, #touchwiz, #united-airlines, #y-combinator

Serverless Stack raises $1M for open-source application framework

Open-source framework startup Serverless Stack announced Friday that it raised $1 million in seed funding from a group of investors that includes Greylock Partners, SV Angel and Y Combinator.

The company was founded in 2017 by Jay V and Frank Wang in San Francisco, and they were part of Y Combinator’s 2021 winter batch.

Serverless Stack’s technology enables engineers to more easily build full-stack serverless apps. CEO V said he and Wang were working in this space for years with the aim of exposing it to a broader group of people.

While tooling around in the space, they determined that the ability to build serverless apps was not getting better, so they joined Y Combinator to hone their idea on how to make the process easier.

Here’s how the technology works: The open-source framework allows developers to test and make changes to their applications by directly connecting their local machines to the cloud. The problem with what V called an “old-school process” is that developers would upload their apps to the cloud, wait for it to run and then make any changes. Instead, Serverless Stack connects directly to the cloud for the ability to debug applications locally, he added.

Since its launch six months ago, Serverless Stack has grown to over 2,000 stars on GitHub and was downloaded more than 60,000 times.

Dalton Caldwell, managing director of YC, met V and Wang at the cohort and said he was “super impressed” because the pair were working in the space for a long time.

“These folks are experts — there are probably just half a dozen people who know as much as they do, as there aren’t that many people working on this technology,” Caldwell told TechCrunch. “The proof is in the pudding, and if they can get people to adopt it, like they did on GitHub so far, and keep that community engagement, that is my strongest signal of staying power.”

V has earmarked the new funding to expand the team, including hiring engineers to support new use cases.

Serverless initially gravitated toward specific use cases — APIs are now allowing its community to chime in and it is using that as a guide, V said. It recently announced more of a full-stack use case for building out APIs with a database and also building out the front end frameworks.

Ultimately, V’s roadmap includes building out more tools with a vision of getting Serverless Stack to the point where a developer can come on with an idea and take it all the way to an IPO using his platform.

“That’s why we want the community to drive the roadmap,” V told TechCrunch. “We are focused on what they are building and when they are in production, how they are managing it. Eventually, we will build out a dashboard to make it easier for them to manage all of their applications.”

 

#apps, #cloud, #cloud-infrastructure, #dalton-caldwell, #developer, #frank-wang, #funding, #github, #greylock-partners, #jay-v, #recent-funding, #serverless-computing, #serverless-stack, #startups, #sv-angel, #tc, #y-combinator

Audacity’s new owner is in another fight with the open source community

MuseScore (the website) offers access to hundreds of thousands of sheet music arrangements. MuseScore (the application) allows easy editing and modification, MIDI playback, and more.

Enlarge / MuseScore (the website) offers access to hundreds of thousands of sheet music arrangements. MuseScore (the application) allows easy editing and modification, MIDI playback, and more. (credit: Muse Group)

Muse Group—owner of the popular audio-editing app Audacity—is in hot water with the open source community again. This time, the controversy isn’t over Audacity—it’s about MuseScore, an open source application which allows musicians to create, share, and download musical scores (especially, but not only, in the form of sheet music).

The MuseScore app itself is licensed GPLv3, which gives developers the right to fork its source and modify it. One such developer, Wenzheng Tang (“Xmader” on GitHub) went considerably further than modifying the app—he also created separate apps designed to bypass MuseScore Pro subscription fees.

After thoroughly reviewing the public comments made by both sides at GitHub, Ars spoke at length with Muse Group’s Head of Strategy Daniel Ray—known on GitHub by the moniker “workedintheory”—to get to the bottom of the controversy.

Read 30 remaining paragraphs | Comments

#audacity, #github, #muse-group, #musescore, #open-source, #tech

GitHub previews new AI tool that makes coding suggestions

GitHub has unveiled a new product that leverages artificial intelligence to help you write code more efficiently. Named GitHub Copilot, today’s new product can suggest lines of code and even sometimes entire functions.

GitHub has partnered with OpenAI to develop this tool. It doesn’t replace developers, it’s just a tool that should improve productivity and make it easier to learn how to code. GitHub frames this new tool as an AI pair programmer.

The model behind GitHub Copilot has been trained on billions of lines of code — many of them are hosted and available publicly on GitHub itself. When you’re writing code, GitHub Copilot suggests code as you type. You can cycle through suggestions, accept or reject them.

In order to figure out what you’re currently coding, GitHub Copilot tries to parse the meaning of a comment, the name of the function you are writing, or the past couple of lines. The company shows a few demos on its website.

In particular, you can describe a function in plain English in a comment and then convert it to actual code. If you’re getting started with a new language or you’ve been using no-code or low-code tools in the past, that feature could be useful.

If you’re writing code every day, GitHub Copilot can be used to work with a new framework or library. You don’t have to read the documentation from start to finish as GitHub Copilot already knows the specific functions and features of the framework you’re working with. It could also replace many Stack Overflow queries.

GitHub Copilot integrates directly with Visual Studio Code. You can install it as an extension or use it in the cloud with GitHub Codespaces. Over time, the service should improve based on how you interact with GitHub Copilot. As you accept and reject suggestions, those suggestions should get better.

Currently available as a technical preview, GitHub plans to launch a commercial product based on GitHub Copilot. It currently works best with Python, JavaScript, TypeScript, Ruby and Go.

#developer, #enterprise, #github, #github-copilot, #microsoft, #openai

PlanetScale raises $30M Series B for its database service

PlanetScale, the company behind the open-source Vitess database clustering system for MySQL that was first developed at YouTube, today announced that it has raised a $30 million Series B funding round led by Insight Partners, with participation from a16z and SignalFire. With this, the company has now raised a total of $55 million, according to Crunchbase.

Today’s announcement comes only a few weeks after PlanetScale launched its new hosted database platform, also dubbed PlanetScale. The company had previously offered a hosted version of Vitess, but with this new service, it is going a step further and offering what it calls a “developer-first database” that abstracts away all of the infrastructures to ensure that developers won’t have to think about cloud zones, cluster sizes and other details.

Indeed, PlanetScale CEO and co-founder Jiten Vaidya was quite open about the limitations of this earlier product. “What we had built last year was pretty much hosted Vitess, which was no different than how a lot of cloud providers today give you databases,” he said. “So none of this ease of use, none of this elegance, none of these state-of-the-art experiences that the developers want and expect today, we had built into our product.”

But a few months ago, the company brought on former GitHub VP of Engineering Sam Lambert as its Chief Product Officer. Vaidya noted that Lambert brought a lot of developer empathy to PlanetScale and helped it launch this new product.

“People come to you because they’re not database experts, but they have data, they have problems,” Lambert said. “And too many companies, especially in the database world, do not think about the daily lives of their users like we do. They don’t think about the complete journey of what the user is actually trying to do, which is to provide value to their customers. They’re just very impressed with themselves for storing and retrieving data. And it’s like, yep, we’ve been doing that. We’ve been doing that since the 60s. Can we do something else now?”

The company’s users today include the likes of Slack, Figma, GitHub and Square, so it’s clearly delivering value to a lot of users. As Lambert noted, PlanetScale aims to offer them a product that is simple and easy to use. “Just because it is simple and easy to use, and beautiful, honestly — like just beautiful, well-designed tooling — it doesn’t mean it’s inferior. It doesn’t mean it’s missing anything. It means the others are missing the poetry and the additional elements of beauty that you can add to infrastructure products,” he said.

PlanetScale plans to use the new funding to scale its team globally and accelerate the adoption of its platform. Insight Partners Managing Director Nikhil Sachdev will join the company’s board, with the firm’s Managing Director Praveen Akkiraju also joining as a board observer.

“PlanetScale is setting a new bar for simplicity, performance and scalability for cloud-based databases in the serverless era,” said Sachdev. “The developer experience for databases has been painful for too long. PlanetScale is breaking that chain, solving longstanding problems related to scalability and reliability in an extremely elegant, tasteful, and useful way.”

#andreessen-horowitz, #cloud-computing, #computing, #database, #github, #insight-partners, #mysql, #planetscale, #serverless-computing, #software, #tc, #vitess, #youtube

Vercel raises $102M Series C for its front-end development platform

Vercel, the company behind the popular open-source Next.js React framework, today announced that it has raised a $102 million Series C funding round led by Bedrock Capital. Existing investors Accel, CRV,
Geodesic Capital, Greenoaks Capital and GV also participated in this round, together with new investors 8VC, Flex Capital, GGV, Latacora, Salesforce Ventures and Tiger Global. In total, the company has now raised $163 million and its current valuation is $1.1 billion.

As Vercel notes, the company saw strong growth in recent months, with traffic to all sites and apps on its network doubling since October 2020. About half of the world’s largest 10,000 websites now use Next.js . Given the open-source nature of the Next.js framework, not all of these users are obviously Vercel customers, but its current paying customers include the likes of Carhartt, Github, IBM, McDonald’s and Uber.

Image Credits: Vercel

“For us, it all starts with a front-end developer,” Vercel CEO Guillermo Rauch told me. “Our goal is to create and empower those developers — and their teams — to create delightful, immersive web experiences for their customers.”

With Vercel, Rauch and his team took the Next.js framework and then built a serverless platform that specifically caters to this framework and allows developers to focus on building their front ends without having to worry about scaling and performance.

Older solutions, Rauch argues, were built in isolation from the cloud platforms and serverless technologies, leaving it up to the developers to deploy and scale their solutions. And while some potential users may also be content with using a headless content management system, Rauch argues that increasingly, developers need to be able to build solutions that can go deeper than the off-the-shelf solutions that many businesses use today.

Rauch also noted that developers really like Vercel’s ability to generate a preview URL for a site’s front end every time a developer edits the code. “So instead of just spending all your time in code review, we’re shifting the equation to spending your time reviewing or experiencing your front end. That makes the experience a lot more collaborative,” he said. “So now, designers, marketers, IT, CEOs […] can now come together in this collaboration of building a front end and say, ‘that shade of blue is not the right shade of blue.’”

“Vercel is leading a market transition through which we are seeing the majority of value-add in web and cloud application development being delivered at the front end, closest to the user, where true experiences are made and enjoyed,” said Geoff Lewis, founder and managing partner at Bedrock. “We are extremely enthusiastic to work closely with Guillermo and the peerless team he has assembled to drive this revolution forward and are very pleased to have been able to co-lead this round.”

#bedrock-capital, #ceo, #cloud, #cloud-computing, #cloud-infrastructure, #computing, #content-management-system, #developer, #funding, #fundings-exits, #geodesic-capital, #geoff-lewis, #github, #greenoaks-capital, #ibm, #managing-partner, #mcdonalds, #react, #recent-funding, #salesforce, #salesforce-ventures, #serverless-computing, #software, #startups, #tc, #tiger-global

Twitch, Pinterest, Reddit and more go down in Fastly CDN outage

Countless popular websites including Reddit, Spotify, Twitch, Stack Overflow, GitHub, gov.uk, Hulu, HBO Max, Quora, PayPal, Vimeo, Shopify, and news outlets CNN, The Guardian, The New York Times, BBC and Financial Times are currently facing an outage. A glitch at Fastly, a popular CDN provider, is thought to be the reason, according to a product manager at Financial Times. Fastly has confirmed it’s facing an outage on its status website.

“We’re currently investigating potential impact to performance with our CDN services,” the firm said.

Content delivery networks (CDNs) are a key part of the internet infrastructure. These companies run global networks of server to improve performance and availability of web services. CDNs act as proxy servers and cache some data as close to the end user as possible. For instance, media content is often cached to a CDN server near you so that it doesn’t have to be fetched on the original server every time a user loads a web page.

Over time, CDNs have started adding more features, such as load balancing, DDoS protection, web application firewalls and several security features. Popular CDNs include Fastly, Cloudflare, CloudFront on Amazon Web Services and Akamai.

Fastly in particular is quite popular with media websites in particular. The company went public in 2019. Fastly shares (NYSE:FSLY) are currently trading at $48.06, down 5.21% compared to yesterday’s closing price.

This is a developing story. More to follow…

#apps, #developer, #fastly, #github, #reddit, #spotify, #stackoverflow, #tc, #twitch

Iterative raises $20M for its MLOps platform

Iterative, an open-source startup that is building an enterprise AI platform to help companies operationalize their models, today announced that it has raised a $20 million Series A round led by 468 Capital and Mesosphere co-founder Florian Leibert. Previous investors True Ventures and Afore Capital also participated in this round, which brings the company’s total funding to $25 million.

The core idea behind Iterative is to provide data scientists and data engineers with a platform that closely resembles a modern GitOps-driven development stack.

After spending time in academia, Iterative co-founder and CEO Dmitry Petrov joined Microsoft as a data scientist on the Bing team in 2013. He noted that the industry has changed quite a bit since then. While early on, the questions were about how to build machine learning models, today the problem is how to build predictable processes around machine learning, especially in large organizations with sizable teams. “How can we make the team productive not the person? This is a new challenge for the entire industry,” he said.

Big companies (like Microsoft) were able to build their own proprietary tooling and processes to build their AI operations, Petrov noted, but that’s not an option for smaller companies.

Currently, Iterative’s stack consists of a couple of different components that sit on top of tools like GitLab and GitHub. These include DVC for running experiments and data and model versioning, CML, the company’s CI/CD platform for machine learning, and the company’s newest product, Studio, its SaaS platform for enabling collaboration between teams. Instead of reinventing the wheel, Iterative essentially provides data scientists who already use GitHub or GitLab to collaborate on their source code with a tool like DVC Studio that extends this to help them collaborate on data and metrics, too.

Image Credits: Iterative

“DVC Studio enables machine learning developers to run hundreds of experiments with full transparency, giving other developers in the organization the ability to collaborate fully in the process,” said Dmitry Petrov, CEO and founder of Iterative. “The funding today will help us bring more innovative products and services into our ecosystem.”

Petrov stressed that he wants to build an ecosystem of tools, not a monolithic platform. When the company closed this current funding round about three months ago, Iterative had about 30 employees, many of which were previously active in the open-source community around its projects. Today, that number is already closer to 60.

“Data, ML and AI are becoming an essential part of the industry and IT infrastructure,” said Leibert, general partner at 468 Capital. “Companies with great open source adoption and bottom-up market strategy, like Iterative, are going to define the standards for AI tools and processes around building ML models.”

#afore-capital, #artificial-intelligence, #cloud, #cybernetics, #data-scientist, #developer, #enterprise, #free-software, #funding, #fundings-exits, #git, #github, #gitlab, #learning, #machine-learning, #microsoft, #ml, #recent-funding, #saas, #software-engineering, #startups, #true-ventures, #version-control

Swarmia raises $8M Seed to help software development teams deal with data

Swarmia, a B2B SaaS company for software development teams dealing with data, has raised a €5.7 M Seed round and a previously unannounced 1M€ pre-seed round, taking its raise to €6.7M ($8M). The Seed round was led by Alven Capital and joined by Jigsaw VC, Irena Goldenberg, Alex Algard, Lars Fjeldsoe-Nielsen, Jonathan Benhamou and Romain Huet. Lifeline Ventures, the sole investor in a previously unannounced 1M€ pre-seed round, also participated. The cash wil be used to scale to the US.

Founder Otto Hilska is a serial entrepreneur who started Flowdock (team collaboration product, acquired by Rally Software) and was Smartly.io’s Chief Product Officer.

Hilska says many software development organizations could be much more successful if they had a “better visibility to their work and a systematic approach for continuous improvement”.

Swarmia integrates with development tools such as GitHub, Jira, Linear and various CI tools to “create a holistic view to the engineering teams’ inner workings.”

Competitors include Pluralsight Flow (raised $192.5M) and CodeClimate Velocity ($15M).

However, Hilska says: “We’re the only product in the market that’s actually used by developers themselves. We don’t build features for stalking individual developers, but rather focus on how the team can improve. We’ve built the product together with our pilot customers (with shared Slack channels and daily iteration) to make sure that it actually scales with them. Every team is different, and our product adapts to these different ways of working by letting teams define their Working Agreements. That leads to much better data quality, since we actually understand how the teams work – while competitors are happy to plot any incorrect data. Our Slack bot also helps teams drive the behavioral change when teams choose to adopt a working agreement.”

Thomas Cuvelier, Partner at Alven commented: “Software is eating the world but software engineering, the largest cost center of the modern organization, is still a black box. Swarmia solves a considerable pain point by bringing visibility to engineering work and helping executives make the right business decisions based on data rather than anecdotal evidence. What Otto and his team have achieved so far is impressive and they’re well on their way to drive better working habits for the world’s 27m developers.”

#alven-capital, #computing, #europe, #github, #lars-fjeldsoe-nielsen, #lifeline-ventures, #operating-systems, #partner, #pluralsight, #rally-software, #romain-huet, #serial-entrepreneur, #slack, #software, #software-development, #software-engineering, #tc, #united-states

Github reverses takedown of reverse-engineered GTA source code

The reverse-engineered source code for the PC versions of Grand Theft Auto III and Vice City is back online today, months after it was originally posted and then quickly taken down due to a DMCA request from publisher Take-Two.

TorrentFreak reports on the restored version of the project, which was posted as a seemingly identical fork of the original by a New Zealand-based developer named Theo. While the original GitHub poster (who goes by the handle aac) has not contested Take-Two’s original takedown, Theo told TorrentFreak he filed a counterclaim to restore his copy of the project, saying it “contained no code owned by Take Two.”

A question of law

We’ve previously looked in depth at how video game fan coders use reverse-engineering techniques to deconstruct the packaged executable files distributed by a game’s original developers. This painstaking, function-by-function process creates raw programming code that can generate exactly the same binary file when compiled (though the code as distributed on GitHub still requires external, copyrighted art and sound assets from legitimate copies of the games).

Read 4 remaining paragraphs | Comments

#dmca, #gaming-culture, #github, #grand-theft-auto, #gta, #reverse-engineereing, #take-two

SaaS companies can grow to $20M+ ARR by selling exclusively to developers

With more than 200,000 customers, a market cap of nearly $56 billion, and the recent acquisition of Segment for $3.2 billion, Twilio is a SaaS behemoth.

It’s hard to imagine companies like Twilio as anything but a giant. But everybody starts out small, and you can usually trace success back to key decisions made in the early days.

First, you need to have a product that developers can actually sign up for. This means ditching demos for real-time free trials or freemium tools.

For Twilio, a big differentiator was being one of the first technology-focused SaaS organizations that focused on empowering and building for the end user (which in their case is developers) with a self-service function. Another differentiator was, the executive team designed the organization to create tight feedback loops between sales and product with national roadshows, during which CEO Jeff Lawson frequently met with users.

Moreover, Twilio’s “secret sauce” per their S-1 is a developer-focused model and a strong belief in the future of software. They encourage developers to explore and innovate with Twilio’s flexible offering, which led to an incredible 155% net-dollar expansion rate at the time of the IPO.

Most importantly, Twilio put the product in the hands of teams before the sale happened, standing by to answer hard questions about how Twilio would fit into their infrastructure. This was pretty rare at the time — sales engineering resources aren’t cheap — and it was a strong differentiating factor. So much so that when the company went public, they were growing at 106% annually.

Twilio sells to developers at large enterprises by solving a problem that developers come up against regularly: Getting in touch with customers.

But as more successful public software companies emerge, it’s clear that Twilio’s secret sauce can and will be replicated.

Why traditional marketing doesn’t work on developers

Before I started looking at successful developer-focused businesses, I understood the developer-focused playbook to look a little like this:
  1. Don’t hire marketing (or sales, either). If you do, hire someone super experienced from an enterprise sales background. And then fire them within three to six months.
  2. Just hire someone who’s passionate about the product to “manage the community.” What is community management? Lots of swag. Cool meetups. Publish 1–2 articles as a stab at content (bonus points if they’re listicles). Oh, wait. How can we show the ROI here? Make the community manager do that until she quits. Repeat.

#column, #cypress, #developer, #developer-documentation, #developer-relations, #ec-column, #ec-enterprise-applications, #enterprise, #github, #jeff-lawson, #saas, #snyk, #twilio

Cycode raises $20M to secure DevOps pipelines

Israeli security startup Cycode, which specializes in helping enterprises secure their DevOps pipelines and prevent code tampering, today announced that it has raised a $20 million Series A funding round led by Insight Partners. Seed investor YL Ventures also participated in this round, which brings the total funding in the company to $24.6 million.

Cycode’s focus was squarely on securing source code in its early days, but thanks to the advent of infrastructure as code (IaC), policies as code and similar processes, it has expanded its scope. In this context, it’s worth noting that Cycode’s tools are language and use case agnostic. To its tools, code is code.

“This ‘everything as code’ notion creates an opportunity because the code repositories, they become a single source of truth of what the operation should look like and how everything should function, Cycode CTO and co-founder Ronin Slavin told me. “So if we look at that and we understand it — the next phase is to verify this is indeed what’s happening, and then whenever something deviates from it, it’s probably something that you should look at and investigate.”

Cycode Dashboard

Cycode Dashboard. Image Credits: Cycode

The company’s service already provides the tools for managing code governance, leak detection, secret detection and access management. Recently it added its features for securing code that defines a business’ infrastructure; looking ahead, the team plans to add features like drift detection, integrity monitoring and alert prioritization.

“Cycode is here to protect the entire CI/CD pipeline — the development infrastructure — from end to end, from code to cloud,” Cycode CEO and co-founder Lior Levy told me.

“If we look at the landscape today, we can say that existing solutions in the market are kind of siloed, just like the DevOps stages used to be,” Levy explained. “They don’t really see the bigger picture, they don’t look at the pipeline from a holistic perspective. Essentially, this is causing them to generate thousands of alerts, which amplifies the problem even further, because not only don’t you get a holistic view, but also the noise level that comes from those thousands of alerts causes a lot of valuable time to get wasted on chasing down some irrelevant issues.”

What Cycode wants to do then is to break down these silos and integrate the relevant data from across a company’s CI/CD infrastructure, starting with the source code itself, which ideally allows the company to anticipate issues early on in the software life cycle. To do so, Cycode can pull in data from services like GitHub, GitLab, Bitbucket and Jenkins (among others) and scan it for security issues. Later this year, the company plans to integrate data from third-party security tools like Snyk and Checkmarx as well.

“The problem of protecting CI/CD tools like GitHub, Jenkins and AWS is a gap for virtually every enterprise,” said Jon Rosenbaum, principal at Insight Partners, who will join Cycode’s board of directors. “Cycode secures CI/CD pipelines in an elegant, developer-centric manner. This positions the company to be a leader within the new breed of application security companies — those that are rapidly expanding the market with solutions which secure every release without sacrificing velocity.”

The company plans to use the new funding to accelerate its R&D efforts, and expand its sales and marketing teams. Levy and Slavin expect that the company will grow to about 65 employees this year, spread between the development team in Israel and its sales and marketing operations in the U.S.

#access-management, #agile-software-development, #aws, #bitbucket, #checkmarx, #continuous-integration, #cycode, #devops, #enterprise, #funding, #fundings-exits, #github, #gitlab, #insight-partners, #israel, #jenkins, #recent-funding, #security, #security-tools, #software-development, #software-engineering, #startups, #tc, #united-states, #version-control, #yl-ventures

Cased announces $2.25M seed round to help developers work in production environments

An issue every developer faces is dealing with problems on a live application without messing it up. In fact, in many companies such access is restricted. Cased, an early stage startup, has come up with a solution to provide a way to work safely with the live application.

Today, the company announced a $2.25 million seed round led by Founders Fund along with a group of prestigious technology angel investors. The company also announced that the product is generally available to all developers today for the first time. It’s worth noting that the funding actually closed last April, and they are just announcing it today.

Bryan Byrne, CEO and co-founder at Cased says he and his fellow co-founders, all of whom cut their teeth at GitHub, experienced this problem of working in live production environments first hand. He says that the typical response by larger companies is to build a tool in-house, but this isn’t an option for many smaller companies.

“We saw firsthand at GitHub how the developer experience gets more difficult over time, and it becomes more difficult for developers to get production work done. So we wanted to provide a developer friendly way to get production work done,” Byrne explained.

He said without proper tooling, it forces CTOs to restrict access to the production code, which in turn makes it difficult to fix problems as they arise in production environments. “Companies are forced to restrict access to production and restrict access to tools that developers need to work in production. A lot of the biggest tech companies invest in millions to deliver great developer experiences, but obviously smaller companies don’t have those resources. So we want to give all companies the building blocks they need to deliver a great developer experience out of the box,” he said.

This involves providing development teams with open access to production command line tools by adding logging and approval workflows to sensitive operations. That enables executives to open up access with specific rules and the ability to audit who has been accessing the production environment.

The company launched at the beginning of last year and the founders have been working with design partners and early customers prior to officially opening the site to the general public today.

They currently have five people including the 4 founders, but Byrne says that they have had a good initial reaction to the product and are in the process of hiring additional employees. He says that as they do, diversity and inclusion is a big priority for the founders, even as a very early stage company.

“It’s very prominent in our company handbook, so that we make sure we prioritize an inclusive culture from the very beginning because […] we know firsthand that if you don’t invest in that early, it can really hold you back as a company and as a culture. Culture starts from day one, for sure,” he said.

As part of that, the company intends to be remote first even post-pandemic, a move he believes will make it easier to build a diverse company.

“We will definitely be remote first. We believe that also helps with diversity and inclusion as you allow people to work from anywhere, and we have a lot of experience in leading remote first culture from our time at GitHub, so we began as a remote culture and we will continue to do that,” he said.

#cased, #developer, #developer-tools, #funding, #github, #recent-funding, #seed-funding, #startups, #tc

Deep fake video app Avatarify, which process on-phone, plans digital watermark for videos

Making deep fake videos used to be hard. Now all you need is a smartphone. Avatarify, a startup that allows people to make deep-fake videos directly on their phone rather than in the Cloud, is soaring up the app charts after being used by celebrities such as Victoria Beckham.

However, the problem with many deep fake videos is that there is no digital watermark to determine that the video has been tampered with. So Avatarify says it will soon launch a digital watermark to prevent this from happening.

Run out of Moscow but with a US HQ, Avatarify launched in July 2020 and since then has been downloaded millions of times. The founders say that 140 million deepfake videos were created with Avatarify this year alone. There are now 125 million views of videos with the hashtag #avatarify on TikTok. While its competitors include the well-funded Reface, Snapchat, Wombo.ai, Mug Life, Xpression, Avatarify has yet to raise any money beyond an Angel round.

Despite taking only $120,000 in angel funding, the company has yet to accept any venture capital and says it has bootstrapped its way from zero to almost 10 million downloads and claims to have a $10 million annual run-rate with a team of less than 10 people.

It’s not hard to see why. Avatarify has a freemium subscription model. They offer a 7-day free trial and a 12-month subscription for $34.99 or a weekly plan for $2.49. Without a subscription, they offer the core features of the App for free, but videos then carry a visible watermark.

The founders also say the app protects privacy, because the videos are processed directly on the phone, rather than in the cloud where they could be hacked.

Avatarify processes user’s photos and turns them into short videos by animating faces, using machine learning algorithms, and adding sounds. The user chooses a picture she wants to animate, chooses the effects and music, and then taps to animate the picture. This short video can then be posted on Instagram or TikTok.

The Avatarify videos are taking off on TikTok because teens no longer need to learn a dance or be much more creative than finding a photo of a celebrity to animate to.

Avartify says you can’t use their app to impersonate someone, but there is of course no way to police this.

Founders Ali Aliev and Karim Iskakov wrote the app during the COVID-19 lockdown in April 2020. Ali spent 2 hours writing a program in Python to transfer his facial expressions to the other person’s face and use a filter in Zoom. The result was a real-time video, which could be streamed to Zoom. He joined a call with Elon Mask’s face and everyone on the call was shocked. The team posted the video, which then went viral.

The code on Github and immediately saw the number of downloads grow. The repository was published on 6 April 2020, and as of 19 March 2021 had been downloaded 50,000 times.

Ali left his job at Samsung AI Centre and devoted himself to the app. After Avatarify’s iOS app was released on 28 June 2020, viral videos on TikTok, created with the app, led it to App Store’s top charts without paid acquisition. In February 2021, Avatarify was ranked first among Top Free Apps worldwide. Between February and March, the app 2021 generated more than $1M in revenue (Source: AppMagic).

However, despite Avartify’s success, the ongoing problems with deep-fake videos remain, such as using these apps to make non-consensual porn, using the faces of innocent people.

#apps, #artificial-intelligence, #europe, #github, #instagram, #mobile-applications, #mobile-software, #moscow, #python, #reface, #samsung, #smartphone, #snapchat, #software, #tc, #tiktok, #united-states, #venture-capital, #video-hosting

1Password acquires SecretHub and launches new enterprise secrets management tool

1Password, the password management service that competes with the likes of LastPass and BitWarden, today announced a major push beyond the basics of password management and into the infrastructure secrets management space. To do so, the company has acquired secrets management service SecretHub and is now launching its new 1Password Secrets Automation service.

1Password did not disclose the price of the acquisition. According to CrunchBase, Netherlands-based SecretHub never raised any institutional funding ahead of today’s announcement.

For companies like 1Password, moving into the enterprise space, where managing corporate credentials, API tokens, keys and certificates for individual users and their increasingly complex infrastructure services, seems like a natural move. And with the combination of 1Password and its new Secrets Automation service, businesses can use a single tool that covers them from managing their employee’s passwords to handling infrastructure secrets. 1Password is currently in use by more then 80,000 businesses worldwide and a lot of these are surely potential users of its Secrets Automation service, too.

“Companies need to protect their infrastructure secrets as much if not more than their employees’ passwords,” said Jeff Shiner, CEO of 1Password. “With 1Password and Secrets Automation, there is a single source of truth to secure, manage and orchestrate all of your business secrets. We are the first company to bring both human and machine secrets together in a significant and easy-to-use way.”

In addition to the acquisition and new service, 1Password also today announced a new partnership with GitHub. “We’re partnering with 1Password because their cross-platform solution will make life easier for developers and security teams alike,” said Dana Lawson, VP of partner engineering and development at GitHub, the largest and most advanced development platform in the world. “With the upcoming GitHub and 1Password Secrets Automation integration, teams will be able to fully automate all of their infrastructure secrets, with full peace of mind that they are safe and secure.”

#1password, #ceo, #crunchbase, #exit, #github, #infrastructure-services, #lastpass, #netherlands, #password, #password-management, #security, #software, #startups

IonQ now supports IBM’s Qiskit quantum development kit

IonQ, the trapped ion quantum computing company that recently went public via a SPAC, today announced that it is integrating its quantum computing platform with the open-source Qiskit software development kit. This means Qiskit users can now bring their programs to IonQ’s platform without any major modifications to their code.

At first glance, that seems relatively unremarkable, but it’s worth noting that Qiskit was founded by IBM Research and is IBM’s default tool for working with its quantum computers. There is a healthy bit of competition between IBM and IonQ (and, to be fair, many others in this space), in part because both are betting on very different technologies at the core of their platforms. While IonQ is betting on trapped ions, which allows its machines able to run at room temperature, IBM’s technique requires its machine to be supercooled.

IonQ has now released a new provider library for Qiskit that is available as part of the Qiskit Partner repository on GitHub and via the Python Package Index.

“IonQ is excited to make our quantum computers and APIs easily accessible to the Qiskit community,” said IonQ CEO & President Peter Chapman. “Open source has already revolutionized traditional software development. With this integration, we’re bringing the world one step closer to the first generation of widely-applicable quantum applications.”

On the one hand, it’s hard not to look at this as IonQ needling IBM a bit, but it’s also an acknowledgment that Qiskit has become somewhat of a standard for developers who want to work with quantum computers. But putting these rivalries aside, we’re also in the early days of quantum computing and with no clear leader yet, anything that makes these various platforms more interoperable is a win for developers who want to dip their feet into writing for them.

#azure-quantum, #braket, #emerging-technologies, #github, #ibm, #ionq, #peter-chapman, #python, #quantum, #quantum-computing, #tc

Hackers backdoor PHP source code after breaching internal git server

A cartoon door leads to a wall of computer code.

Enlarge (credit: BeeBright / Getty Images / iStockphoto)

A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open source project said.

Two updates pushed to the PHP Git server over the weekend added a line that, if run by a PHP-powered website, would have allowed visitors with no authorization to execute code of their choice. The malicious commits here and here gave the code the code-injection capability to visitors who had the word “zerodium” in an HTTP header.

PHP.net hacked, code backdoored

The commits were made to the php-src repo under the account names of two well-known PHP developers, Rasmus Lerdorf and Nikita Popov. “We don’t yet know how exactly this happened, but everything points toward a compromise of the git.php.net server (rather than a compromise of an individual git account),” Popov wrote in a notice published on Sunday night.

Read 12 remaining paragraphs | Comments

#biz-it, #github, #hacking, #php, #supply-chain-attacks, #tech, #website-security

Co-founded by a leader of SpaceX’s missions operations, Epsilon3 wants to be the OS for space launches

Laura Crabtree spent a good chunk of her childhood watching rocket launches on television and her entire professional career launching rockets, first at Northrup Grumman and then at SpaceX.

Now, the former senior missions operations engineer at SpaceX is the co-founder and chief executive of a new LA-based space startup called Epsilon3, which says it has developed the operating system for launch operations.

“The tools I had wanted did not exist,” said Crabtree. So when she left SpaceX to pursue her next opportunity, it was a no-brainer to try and develop the toolkit she never had, the first-time entrepreneur said. “I started looking at ways in which I could help the space industry become more efficient and reduce errors.”

Joining Crabtree in the new business is Max Mednik, a serial entrepreneur whose last company, Epirus, raised at least $144.7 million from investors including 8VC, Bedrock Capital and L3 Harris Technologies, and Aaron Sullivan, a former Googler who serves as the chief software engineer. Mednik worked at Google too before turning his attention to entrepreneurship. His previous businesses ranged from financial services software to legal services software, Mednik too had an interest in aerospace. His first job offers out of school were with SpaceX, JPL, and Google. And Aaron Sullivan another former

Part of a growing network of SpaceX alumni launching businesses, Epsilon3, like its fellow travelers First Resonance and Prewitt Ridge, is creating a product around an aspect of the design, manufacturing mission management and operations of rockets that had previously been handled manually or with bespoke tools.

“They make mission management software for the launchers and for the satellite companies that are going to be the payload of the rocket companies,” said Alex Rubacalva, the founder and managing partner of Stage Venture Partners, an investor in the company’s recent seed round. “It’s not just the design and spec but for when they’re actually working what are they doing; when you’re uplinking and downlinking data and changing software.”

Rubacalva acknowledged that the market for Epsilon3 is entirely new, but it’s growing rapidly.

“This was an analysis based on the fact that access to space used to be really expensive and used to be the provenance of governments and ten or 20 commercial satellite operators in the world. And it was limited by the fact that there were only a handful of companies that could launch,” Rubacalva said. “Now all of a sudden there’s going to be thirty different space flights. Thirty different companies that have rockets… access to space used to scarce, expensive, and highly restricted and it’s no longer any of those things now.” 

Relativity Space's Terran 1 rocket, artist's rendering

Image Credits: Relativity Space

The demand for space services is exploding with some analysts estimating that the launch services industry could reach over $18 billion by 2026.

“It’s a very similar story and we all come from different places within SpaceX,” said Crabtree. First Resonance, provides software that moves from prototyping to production; Prewitt Ridge, provides engineering and management tools; and Epsilon3 has developed an operating system for launch operations.

“You’ve got design development, manufacturing, integration tests and operations. We’re trying to support that integration of tests and operations,” said Crabtree. 

While First Resonance and Prewitt Ridge have applications in aerospace and manufacturing broadly, Crabtree’s eyes, and her company’s mission, remain fixed on the stars.

“We’re laser focused on space and proving out that the software works in the highest stakes and most complex environments,” said Mednik. There are applications in other areas that require complex workflows for industries as diverse as nuclear plant construction and operations, energy, mining, and aviation broadly, but for now and the foreseeable future, it’s all about the space business.

Mednik described the software as an electronic toolkit for controlling and editing workflows and procedures. “You can think of it as Asana project management meets Github version control,” he said. “It should be for integration of subsystems or systems and operations of the systems.”

Named for the planet in Babylon Five, Epsilon3 could become an integral part of the rocket missions that eventually do explore other worlds. At least, that’s the bet that firms like Stage Venture Partners and MaC Ventures are making on the business with their early $1.8 million investment into the business.

Right now, the Epislon3’s early customers are coming from early stage space companies that are using the platform for live launches. These would be companies like Stoke Space and other new rocket entrants. 

“For us, space and deeptech is hot,” said MaC Ventures co-founder and managing partner, Adrian Fenty. The former mayor of Washington noted that the combination of Mednik’s serial entrepreneur status and Crabtree’s deep, deep expertise in the field.

“We had been looking at operating systems in general and thinking that there would be some good ones coming along,” Fenty said. In Epsilon3 the company found the combination of deep space, deep tech, and a thesis around developing verticalized operating systems that ticked all the boxes. 

“In doing diligence for the company… you just see how big space is and will become as a business,” said Michael Palank, a co-founder and managing partner at MaC Ventures predecessor, M Ventures alongside Fenty. “A lot of the challenges here on earth will and only can be solved in space. And you need better operating systems to manage getting to and from space.”

The view from Astra’s Rocket 3.2 second stage from space.

#adrian-fenty, #aerospace, #asana, #bedrock-capital, #elon-musk, #energy, #engineer, #entrepreneur, #github, #google, #hyperloop, #l3, #laser, #louisiana, #m-ventures, #mac-ventures, #managing-partner, #manufacturing, #mayor, #mining, #operating-system, #operating-systems, #outer-space, #project-management, #satellite, #serial-entrepreneur, #space-tourism, #spaceflight, #spacex, #tc, #washington

Fired GitHub employee reaches ‘amicable resolution’ with company

GitHub has reached an “amicable resolution” with the person the company fired in the aftermath of the attack on the U.S. Capitol in January, the former employee told TechCrunch.

On the day a violent mob of Trump supporters stormed the U.S. Capitol, a worried GitHub employee warned his co-workers in the D.C. area to be safe. After making a comment in Slack saying, “stay safe homies, Nazis are about,” a fellow employee took offense, saying that type of rhetoric wasn’t good for work, the former employee previously told me. Two days later, he was fired, with a human relations representative citing a “pattern of behavior that is not conducive to company policy” as the rationale for his termination, he previously told me.

Later that month, GitHub COO Erica Brescia said the company’s head of HR took full responsibility for what happened and resigned from the company. GitHub did not disclose the name of the person who resigned, but it’s widely known that Carrie Olesen was the chief human resources officer at GitHub. At that time, GitHub said it also “reversed the decision to separate with the employee” and was talking to his representative.

The fired employee, however, did not take his job back.

“We offered the employee his job back immediately after reviewing the investigation findings, and he declined,” a GitHub spokesperson told TechCrunch.

Instead, he told me, “Me and the company reached an amicable resolution. I appreciate that they have denounced white supremacy and the dangers it poses to everybody.”

He did not specify the terms of the resolution, but he previously told me he was seeking damages or some other form of reconciliation.

Below is his full statement, which he requested we publish in full:

Me and the company reached an amicable resolution. I appreciate that they have denounced white supremacy and the dangers it poses to everybody.

We all saw on January 6 that the greatest threat to the USA is not Islam, Black Lives, or defunding police.

White supremacy has us all held hostage using feigned civility, bad-faith arguments/negotiations, and amtssprache*, and it does not stop until we are all dead or subjugated. I am glad that the nazi coup was a failure, and we avoided a successful Reichstag fire. That said, nazis do not give up easily.

Keep your families and communities safe. Connect with your neighbors and local stores. Fascism and nazism succeed when we are divided. They demand that you abandon reason, that you acquiesce to power and hierarchy, and that you shun altruism. Love yourself. Support, join or create local unions. Build community. Don’t entertain nazis.

I appreciate those who have supported me and my family. I wish you safety and wellness.

Black Lives Matter & Black Power ✊

*Amtssprache
https://heartlesshypocrisy.com/what-is-amtssprache/

Enjoyment & learning for these times

Graphic novels:
Maus
Y the Last Man
Pulp
Sweet Tooth

Songs:
“Algorhythm” by Childish Gambino
“Plegaria a un Labrador” by Victor Jara
“Tweakin” by Vince Staples
“Operation: Mindcrime” by Queensrÿche

Shows:
Avatar Last Airbender & Legend of Korra
Attack on Titan
Atlanta
The Wire

Books:
Gang Leader for a Day by Sudhir Venkatesh
People & Permaculture by Looby Macnamara
The Ways of White Folks by Langston Hughes
Post Traumatic Slave Syndrome by Dr. Joy DeGruy

Movies:
Persepolis
Inglorious Basterds
Attack the Block
Shawshank Redemption

#diversity, #github, #tc

Hackers are exploiting vulnerable Exchange servers to drop ransomware, Microsoft says

Hackers are exploiting recently discovered vulnerabilities in Exchange email servers to drop ransomware, Microsoft has warned, a move that puts tens of thousands of email servers at risk of destructive attacks.

In a tweet late Thursday, the tech giant said it had detected the new kind of file-encrypting malware called DoejoCrypt — or DearCry — which uses the same four vulnerabilities that Microsoft linked to a new China-backed hacking group called Hafnium.

When chained together, the vulnerabilities allow a hacker to take full control of a vulnerable system.

Microsoft said Hafnium was the “primary” group exploiting these flaws, likely for espionage and intelligence gathering. But other security firms say they’ve seen other hacking groups exploit the same flaws. ESET said at least 10 groups are actively compromising Exchange servers.

Michael Gillespie, a ransomware expert who develops ransomware decryption tools, said many vulnerable Exchange servers in the U.S., Canada, and Australia had been infected with DearCry.

The new ransomware comes less than a day after a security researcher published proof-of-concept exploit code for the vulnerabilities to Microsoft-owned GitHub. The code was swiftly removed a short time later for violating the company’s policies.

Marcus Hutchins, a security researcher at Kryptos Logic, said in a tweet that the code worked, albeit with some fixes.

Threat intelligence company RiskIQ says it has detected over 82,000 vulnerable servers as of Thursday, but that the number is declining. The company said hundreds of servers belonging to banks and healthcare companies are still affected, as well as more than 150 servers in the U.S. federal government.

That’s a rapid drop compared to close to 400,000 vulnerable servers when Microsoft first disclosed the vulnerabilities on March 2, the company said.

Microsoft published security fixes last week, but the patches do not expel the hackers from already-breached servers. Both the FBI and CISA, the federal government’s cybersecurity advisory unit, have warned that the vulnerabilities present a major risk to businesses across the United States.

John Hultquist, vice president of analysis at FireEye’s Mandiant threat intelligence unit, said he anticipates more ransomware groups trying to cash in.

“Though many of the still unpatched organizations may have been exploited by cyber espionage actors, criminal ransomware operations may pose a greater risk as they disrupt organizations and even extort victims by releasing stolen emails,” said Hultquist.

#australia, #canada, #computer-security, #cyberattack, #cybercrime, #cyberwarfare, #federal-bureau-of-investigation, #fireeye, #github, #healthcare, #malware, #mandiant, #marcus-hutchins, #microsoft, #ransomware, #riskiq, #security, #security-breaches, #united-states

Scarf helps open-source developers track how their projects are being used

Almost by default, open-source developers get very little insight into who uses their projects. In part, that’s the beauty of open source, but for developers who want to monetize their projects, it’s also a bit of a curse because they get very little data back from these projects. While you usually know who bought your proprietary software — and those tools often send back some telemetry, too — that’s not something that holds true for open-source code. Scarf is trying to change that.

In its earliest incarnation, Scarf founder Avi Press tried to go the telemetry route for getting this kind of data. He had written a few successful developer tools and as they got more popular, he realized that he was spending an increasingly large amount of time supporting his users.

Scarf founder Avi Press

Scarf co-founder and CEO Avi Press (Image Credits: Scarf)

“This project was now really sapping my time and energy, but also clearly providing value to big companies,” he said. “And that’s really what got me thinking that there’s probably an opportunity to maybe provide support or build features just for these companies, or do something to try to make some money from that, or really just better support those commercial users.” But he also quickly realized that he had virtually no data about how the project was being used beyond what people told him directly and download stats from GitHub and other places. So as he tried to monetize the project, he had very little data to inform his decisions and he had no way of knowing which companies to target directly that were already quietly using his code.

“If you were working at any old company — pushing code out to an app or a website — if you pushed out code without any observability, that would be reckless. You would you get fired over something like that. Or maybe not, but it’s a really poor decision to make. And this is the norm for every domain of software — except open source.”

Image Credits: Scarf

That led to the first version of Scarf: a package manager that would provide usage analytics and make it easy to sell different versions of a project. But that wasn’t quite something the community was ready to accept — and a lot of people questioned the open-source nature of the project.

“What really came out of those conversations, even chatting with people who were really, really against this kind of approach — everyone agrees that the package registries already have all of this data. So NPM and Docker and all these companies that have this data — there are many, many requests of developers for this data,” Press said, and noted that there is obviously a lot of value in this data.

So the new Scarf now takes a more sophisticated approach. While it still offers an NPM library that does phone home and pixel tracking for documentation, its focus is now on registries. What the company is essentially launching this week is a kind of middle layer between the code and the registry that allows developers to, for example, point users of their containers to the Scarf registry first and then Scarf sits in front of the Docker Hub or the GitHub Container Registry.

“You tell us, where are your containers located? And then your users pull the image through Scarf and Scarf just redirects the traffic to wherever it needs to go. But then all the traffic that flows through Scarf, we can expose that to the maintainers. What company did that pull come from? Was it on a laptop or on CI? What cloud provider was it on? What container runtime was it using? What version of the software did they pull down? And all of these things that are actually pretty trivial to answer from this traffic — and the registries could have been doing this whole time but unfortunately have not done so.”

To fund its efforts, Scarf recently raised a $2 million seed funding round led by Wave Capital, with participation from 468 Capital and a number of angel investors.

#computing, #developer, #docker, #energy, #free-software, #github, #go, #npm, #open-source-software, #programming-languages, #recent-funding, #scarf, #software, #startups, #wave-capital

Microsoft launches Power Fx, a new open source low-code language

Microsoft today announced Power Fx, a new low-code language that takes its cues from Excel formulas. Power Fx will become the standard for writing logic customization across Microsoft’s own low-code Power Platform, but since the company is open-sourcing the language, Microsoft also hopes that others will implement it as well and that it will become the de facto standard for these kinds of use cases.

Since Power Platform itself targets business users more so than professional developers, it feels like a smart move to leverage their existing knowledge of Excel and their familiarity with Excel formulas to get started.

“We have this long history of programming languages and something really interesting happened over the last 15 years, which is programming languages became free, they became open source and they became community-driven,” Charles Lamanna, the CVP of Power Platform engineering at Microsoft, told me. He noted that even internal languages like C#, TypeScript or Google’s Go are good examples for this.

“That’s been an ongoing trend. And what’s interesting is: that’s all for pro devs and coders. If we go back and look at the low-code/no-code space, there actually are programming languages, like the Excel programming language, or in every low-code/no-code platform has its own programming language. But those aren’t open, those aren’t portable, and those are community-driven,” Lamanna explained.

Microsoft says the language was developed by a team led by Vijay Mital, Robin Abraham, Shon Katzenberger and Darryl Rubin. Beyond Excel, the team also took inspiration from tools and languages like Pascal, Mathematica and Miranda, a functional programming language developed in the 1980s.

Microsoft plans to bring Power Fx to all of its low-code platforms, but given the focus on community, it’ll start making appearances in Power Automate, Power Virtual Agents and elsewhere soon.

But the team clearly hopes that others will adopt it as well. Low-code developers will see it pop up in the formula bars of products like Power Apps Studio, but more sophisticated users will also be able to use it to go to Visual Studio Code and build more complex applications with it.

As the team noted, it focused on not just making the language Excel-like but also having it behave like Excel — or like a REPL, for you high-code programmers out there. That means formulas are declarative and instantly recalculate as developers update their code.

Most low-code/no-code tools these days offer an escape hatch to allow users to either extend their apps with more sophisticated code or have their tool export the entire code base. Because at the end of the day, you can only take these tools so far. By default, they are built to support a wide range of scenarios, but since every company has its own way of doing things, they can’t cover every use case.

“We imagine that probably the majority of developers — and I say ‘developers’ as business users to coders that use Power Platform — will ultimately drop into writing these formulas in some form. The idea is that on that first day that you get started with Power Platform, we’re not going to write any formulas, right? […] It’s a macro recorder, it’s templates. Same thing for Power Apps: it’s pure visual, drag and drop, you don’t write a single formula. But what’s great about Power Platform, in week number two, when you’re using this thing, you learn a little bit more sophistication. You start to use a little bit more of the advanced capabilities. And before you know it, you actually have professionals who are Power Platform or low-code developers because they’re able to go down that spectrum of capability.”

#computing, #developer, #enterprise, #fx, #github, #microsoft, #microsoft-excel, #microsoft-ignite-2021, #microsoft-windows, #office-suites, #software, #tc

Project management service ZenHub raises $4.7M

ZenHub, the GitHub-centric project management service for development teams, today announced that it has raised a $4.7 million seed funding round from Canada’s BDC Capital and Ripple Ventures. This marks the first fundraise for the Vancouver, Canada-based startup after the team bootstrapped the service, which first launched back in 2014. Additional angel investors in this round include Adam Gross (former CEO of Heroku), Jiaona Zhang (VP Product at Webflow) and Oji Udezue (VP Product at Calendly).

In addition to announcing this funding round, the team also today launched its newest automation feature, which makes it easier for teams to plan the development sprints, something that is core to the Agile development process but often takes a lot of time and energy — something teams are better off spending on the actual development process.

“This is a really exciting kind of pivot point for us as a business and gives us a lot of ammunition, I think, to really go after our vision and mission a little bit more aggressively than we have even in the past,” ZenHub co-founder and CEO Aaron Upright told me. The team, he explained, used the beginning of the pandemic to spend a lot of time with customers to better understand how they were reacting to what was happening. In the process, customers repeatedly noted that development resources were getting increasingly expensive and that teams were being stretched even farther and under a lot of pressure.

ZenHub’s answer to this was to look into how it could automate more of the processes that constitute the most complex parts of Agile. Earlier this year, the company launched its first efforts in this area, with new tools for improving developer handoffs in GitHub and now, with the help of this new funding, it is putting the next pieces in place by helping teams automate their sprint planning.

Image Credits: ZenHub

“We thought about automation as an answer to [the problems development teams were facing] and that we could take an approach to automation and to help guide teams through some of the most complex and time-consuming parts of the Agile process,” Upright said. “We raised money so that we can really accelerate toward that vision. As a self-funded company, we could have gone down that path, albeit a little bit slower. But the opportunity that we saw in the market — really brought about by the pandemic, and teams working more remotely and this pressure to produce — we wanted to provide a solution much, much faster.”

The spring planning feature itself is actually pretty straightforward and allows project managers to allocate a certain number of story points (a core Agile metric to estimate the complexity of a given action item) to each sprint. ZenHub’s tool can then use that to automatically generate a list of the most highly prioritized items for the next sprint. Optionally, teams can also decide to roll over items that they didn’t finish during a given sprint into the next one.

Image Credits: ZenHub

With that, ZenHub Sprints can automate a lot of the standard sprint meetings and lets teams focus on thinking about the overall process. Of course, teams can always overrule the automated systems.

“There’s nothing more that developers hate than sitting around the table for eight hours, planning sprints, when really they all just want to be working on stuff,” Upright said.

With this new feature, sprints become a core feature of the ZenHub experience. Typically, project managers worked around this by assigning milestones in GitHub, but having a dedicated tool and these new automation features will make this quite a bit easier.

Coming soon, ZenHub will also build a new feature that will automate some parts of the software estimation process, too, by launching a new tool that will help teams more easily allocate story points to routing action items so that their discussions can focus on the more contentious ones.

#agile-software-development, #canada, #ceo, #cloud-infrastructure, #cloud-storage, #computing, #energy, #github, #heroku, #salesforce-com, #serverless-computing, #tc, #technology, #vancouver, #webflow