VCs are betting big on Kubernetes: Here are 5 reasons why

I worked at Google for six years. Internally, you have no choice — you must use Kubernetes if you are deploying microservices and containers (it’s actually not called Kubernetes inside of Google; it’s called Borg). But what was once solely an internal project at Google has since been open-sourced and has become one of the most talked about technologies in software development and operations.

For good reason. One person with a laptop can now accomplish what used to take a large team of engineers. At times, Kubernetes can feel like a superpower, but with all of the benefits of scalability and agility comes immense complexity. The truth is, very few software developers truly understand how Kubernetes works under the hood.

I like to use the analogy of a watch. From the user’s perspective, it’s very straightforward until it breaks. To actually fix a broken watch requires expertise most people simply do not have — and I promise you, Kubernetes is much more complex than your watch.

How are most teams solving this problem? The truth is, many of them aren’t. They often adopt Kubernetes as part of their digital transformation only to find out it’s much more complex than they expected. Then they have to hire more engineers and experts to manage it, which in a way defeats its purpose.

Where you see containers, you see Kubernetes to help with orchestration. According to Datadog’s most recent report about container adoption, nearly 90% of all containers are orchestrated.

All of this means there is a great opportunity for DevOps startups to come in and address the different pain points within the Kubernetes ecosystem. This technology isn’t going anywhere, so any platform or tooling that helps make it more secure, simple to use and easy to troubleshoot will be well appreciated by the software development community.

In that sense, there’s never been a better time for VCs to invest in this ecosystem. It’s my belief that Kubernetes is becoming the new Linux: 96.4% of the top million web servers’ operating systems are Linux. Similarly, Kubernetes is trending to become the de facto operating system for modern, cloud-native applications. It is already the most popular open-source project within the Cloud Native Computing Foundation (CNCF), with 91% of respondents using it — a steady increase from 78% in 2019 and 58% in 2018.

While the technology is proven and adoption is skyrocketing, there are still some fundamental challenges that will undoubtedly be solved by third-party solutions. Let’s go deeper and look at five reasons why we’ll see a surge of startups in this space.

 

Containers are the go-to method for building modern apps

Docker revolutionized how developers build and ship applications. Container technology has made it easier to move applications and workloads between clouds. It also provides as much resource isolation as a traditional hypervisor, but with considerable opportunities to improve agility, efficiency and speed.

#cloud, #cloud-computing, #cloud-infrastructure, #cloud-native-computing-foundation, #cloud-native-computing, #column, #databricks, #ec-cloud-and-enterprise-infrastructure, #ec-column, #ec-enterprise-applications, #enterprise, #google, #kubernetes, #linux, #microservices, #new-relic, #openshift, #rapid7, #red-hat, #startups, #ubuntu, #web-services

4 key areas SaaS startups must address to scale infrastructure for the enterprise

Startups and SMBs are usually the first to adopt many SaaS products. But as these customers grow in size and complexity — and as you rope in larger organizations — scaling your infrastructure for the enterprise becomes critical for success.

Below are four tips on how to advance your company’s infrastructure to support and grow with your largest customers.

Address your customers’ security and reliability needs

If you’re building SaaS, odds are you’re holding very important customer data. Regardless of what you build, that makes you a threat vector for attacks on your customers. While security is important for all customers, the stakes certainly get higher the larger they grow.

Given the stakes, it’s paramount to build infrastructure, products and processes that address your customers’ growing security and reliability needs. That includes the ethical and moral obligation you have to make sure your systems and practices meet and exceed any claim you make about security and reliability to your customers.

Here are security and reliability requirements large customers typically ask for:

Formal SLAs around uptime: If you’re building SaaS, customers expect it to be available all the time. Large customers using your software for mission-critical applications will expect to see formal SLAs in contracts committing to 99.9% uptime or higher. As you build infrastructure and product layers, you need to be confident in your uptime and be able to measure uptime on a per customer basis so you know if you’re meeting your contractual obligations.

While it’s hard to prioritize asks from your largest customers, you’ll find that their collective feedback will pull your product roadmap in a specific direction.

Real-time status of your platform: Most larger customers will expect to see your platform’s historical uptime and have real-time visibility into events and incidents as they happen. As you mature and specialize, creating this visibility for customers also drives more collaboration between your customer operations and infrastructure teams. This collaboration is valuable to invest in, as it provides insights into how customers are experiencing a particular degradation in your service and allows for you to communicate back what you found so far and what your ETA is.

Backups: As your customers grow, be prepared for expectations around backups — not just in terms of how long it takes to recover the whole application, but also around backup periodicity, location of your backups and data retention (e.g., are you holding on to the data too long?). If you’re building your backup strategy, thinking about future flexibility around backup management will help you stay ahead of these asks.

#amazon-web-services, #api, #cloud, #cloud-infrastructure, #cloud-storage, #column, #data-center, #dlp, #ec-cloud-and-enterprise-infrastructure, #ec-column, #ec-enterprise-applications, #ec-how-to, #enterprise, #enterprise-saas, #multitenancy, #saas, #software-as-a-service, #sso, #startups, #web-services

Google Cloud Run gets committed use discounts and new security features

Cloud Run, Google Cloud’s serverless platform for containerized applications, is getting committed use discounts. Users who commit to spending a given amount on using Cloud Run for a year will get a 17% discount on the money they commit. The company offers a similar pre-commitment discount scheme for VM-based Compute Engine instances, as well as automatic ‘sustained use‘ discounts for machines that run for more than 25% of a month.

In addition, Google Cloud is also introducing a number of new security features for Cloud Run, including the ability to mount secrets from the Google Cloud Secret Manager and binary authorization to help define and enforce policies about how containers are deployed on the service. Cloud Run users can now also now use and manage their own encryption keys (by default, Cloud Run uses Google-managed keys) and a new Recommendation Hub inside of Cloud Run will now offer users recommendations for how to better protect their Cloud Run services.

Aparna Sinha, who recently became the director of product management for Google Cloud’s serverless platform, noted that these updates are part of Google Cloud’s push to build what she calls the “next generation of serverless.’

“We’re really excited to introduce our new vision for serverless, which I think is going to help redefine this space,” she told me. “In the past, serverless has meant a certain narrower type of compute, which is focused on functions or a very specific kind of applications, web services, etc. — and what we are talking about with redefining serverless is focusing on the power of serverless, which is the developer experience and the ease of use, but broadening it into a much more versatile platform, where many different types of applications can be run, and building in the Google way of doing DevOps and security and a lot of integrations so that you have access to everything that’s the best of cloud.”

She noted that Cloud Run saw “tremendous adoption” during the pandemic, something she attributes to the fact that businesses were looking to speed up time-to-value from their applications. IKEA, for example, which famously had a hard time moving from in-store to online sales, bet on Google Cloud’s serverless platform to bring down the refresh time of its online store and inventory management system from three hours to less than three minutes after switching to this model.

“That’s kind of the power of serverless, I think, especially looking forward, the ability to build real-time applications that have data about the context, about the inventory, about the customer and can therefore be much more reactive and responsive,” Sinha said. “This is an expectation that customers will have going forward and serverless is an excellent way to deliver that as well as be responsive to demand patterns, especially when they’re changing so much in today’s uncertain environment.”

Since the container model gives businesses a lot of flexibility in what they want to run in these containers — and how they want to develop these applications since Cloud Run is language-agnostic — Google is now seeing a lot of other enterprises move to this platform as well, both for deploying completely new applications but also to modernize some of their existing services.

For the companies that have predictable usage patterns, the committed use discounts should be an attractive option and it’s likely the more sophisticated organizations that are asking for the kinds of new security features that Google Cloud is introducing today.

“The next generation of serverless combines the best of serverless with containers to run a broad spectrum of apps, with no language, networking or regional restrictions,” Sinha writes in today’s announcement. “The next generation of serverless will help developers build the modern applications of tomorrow—applications that adapt easily to change, scale as needed, respond to the needs of their customers faster and more efficiently, all while giving developers the best developer experience.”

#aparna-sinha, #cloud, #cloud-computing, #cloud-infrastructure, #computing, #developer, #encryption, #google, #google-cloud, #google-compute-engine, #ikea, #online-sales, #product-management, #serverless-computing, #web-services

DigitalOcean says customer billing data ‘exposed’ by a security flaw

DigitalOcean has emailed customers warning of a data breach involving customers’ billing data, TechCrunch has learned.

The cloud infrastructure giant told customers in an email on Wednesday, obtained by TechCrunch, that it has “confirmed an unauthorized exposure of details associated with the billing profile on your DigitalOcean account.” The company said the person “gained access to some of your billing account details through a flaw that has been fixed” over a two-week window between April 9 and April 22.

The email said customer billing names and addresses were accessed, as well as the last four digits of the payment card, its expiry date, and the name of the card-issuing bank. The company said that customers’ DigitalOcean accounts were “not accessed,” and passwords and account tokens were “not involved” in this breach.

“To be extra careful, we have implemented additional security monitoring on your account. We are expanding our security measures to reduce the likelihood of this kind of flaw occuring [sic] in the future,” the email said.

DigitalOcean said it fixed the flaw and notified data protection authorities, but it’s not clear what the apparent flaw was that put customer billing information at risk.

In a statement, DigitalOcean’s security chief Tyler Healy said 1% of billing profiles were affected by the breach, but declined to address our specific questions, including how the vulnerability was discovered and which authorities have been informed.

Companies with customers in Europe are subject to GDPR, and can face fines of up to 4% of their global annual revenue.

Last year, the cloud company raised $100 million in new debt, followed by another $50 million round, months after laying off dozens of staff amid concerns about the company’s financial health. In March, the company went public, raising about $775 million in its initial public offering. 

#cloud, #cloud-computing, #cloud-infrastructure, #cloud-storage, #computing, #data-breach, #digitalocean, #enterprise, #security, #spokesperson, #web-hosting, #web-services, #world-wide-web

A bug in a popular iPhone app exposed thousands of call recordings

A security vulnerability in a popular iPhone call recording app exposed thousands of users’ recorded conversations.

The flaw was discovered by Anand Prakash, a security researcher and founder of PingSafe AI, who found that the aptly named Call Recorder app allowed anyone to access the call recordings from other users — by knowing their phone number.

But using a readily available proxy tool like Burp Suite, Prakash could view and modify the network traffic going in and out of the app. That meant he could replace his phone number registered with the app with the phone number of another app user, and access their recordings on his phone.

TechCrunch verified Prakash’s findings using a spare phone with a dedicated account.

The app stores its user’s call recordings on a cloud storage bucket hosted on Amazon Web Services. Although the public was open and lists the files inside, the files could not be accessed or downloaded. The bucket was closed by press time.

At the time of writing, the cloud storage bucket had more than 130,000 audio recordings, amounting to some 300 gigabytes. The app says it has more than 1 million downloads to date.

TechCrunch contacted the app developer and held this story until the flaw was fixed. A new version of the app was submitted to Apple’s app store on Saturday. The release notes said the app update was to “patch a security report.”

Despite a brief response to our initial email acknowledging the security issue, the app developer Arun Nair has not returned several requests for comment.


Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using SecureDrop.

#amazon-web-services, #app-developer, #app-store, #files, #ios, #iphone, #itunes, #mobile-app, #operating-systems, #security, #software, #web-services

Jamaica’s JamCOVID pulled offline after third security lapse exposed travelers’ data

Jamaica’s JamCOVID app and website were taken offline late on Thursday following a third security lapse, which exposed quarantine orders on more than half a million travelers to the island.

JamCOVID was set up last year to help the government process travelers arriving on the island. Quarantine orders are issued by the Jamaican Ministry of Health and instruct travelers to stay in their accommodation for two weeks to prevent the spread of COVID-19.

These orders contain the traveler’s name and the address of where they are ordered to stay.

But a security researcher told TechCrunch that the quarantine orders were publicly accessible from the JamCOVID website but were not protected with a password. Although the files were accessible from anyone’s web browser, the researcher asked not to be named for fear of legal repercussions from the Jamaican government.

More than 500,000 quarantine orders were exposed, some dating back to March 2020.

TechCrunch shared these details with the Jamaica Gleaner, which was first to report on the security lapse after the news outlet verified the data spillage with local cybersecurity experts.

Amber Group, which was contracted to build and maintain the JamCOVID coronavirus dashboard and immigration service, pulled the service offline a short time after TechCrunch and the Jamaica Gleaner contacted the company on Thursday evening. JamCOVID’s website was replaced with a holding page that said the site was “under maintenance.” At the time of publication, the site had returned.

Amber Group’s chief executive Dushyant Savadia did not return a request for comment.

Matthew Samuda, a minister in Jamaica’s Ministry of National Security, also did not respond to a request for comment or our questions — including if the Jamaican government plans to continue its contract or relationship with Amber Group.

This is the third security lapse involving JamCOVID in the past two weeks.

Last week, Amber Group secured an exposed cloud storage server hosted on Amazon Web Services that was left open and public, despite containing more than 70,000 negative COVID-19 lab results and over 425,000 immigration documents authorizing travel to the island. Savadia said in response that there were “no further vulnerabilities” with the app. Days later, the company fixed a second security lapse after leaving a file containing private keys and passwords for the service on the JamCOVID server.

The Jamaican government has repeatedly defended Amber Group, which says it provided the JamCOVID technology to the government “for free.” Amber Group’s Savadia has previously been quoted as saying that the company built the service in “three days.”

In a statement on Thursday, Jamaica’s prime minister Andrew Holness said JamCOVID “continues to be a critical element” of the country’s immigration process and that the government was “accelerating” to migrate the JamCOVID database — though specifics were not given.

An earlier version of this report misspelled the Jamaican Gleaner newspaper. We regret the error.

#amazon-web-services, #countries, #cybersecurity, #data-leaks, #government, #law-enforcement, #privacy, #quarantine, #security, #web-browser, #web-services

Jamaica’s immigration website exposed thousands of travelers’ data

A security lapse by a Jamaican government contractor has exposed immigration records and COVID-19 test results for hundreds of thousands of travelers who visited the island over the past year.

The Jamaican government contracted Amber Group to build the JamCOVID19 website and app, which the government uses to publish daily coronavirus figures and allows residents to self-report their symptoms. The contractor also built the website to pre-approve travel applications to visit the island during the pandemic, a process that requires travelers to upload a negative COVID-19 test result before they board their flight if they come from high-risk countries, including the United States.

But a cloud storage server storing those uploaded documents was left unprotected and without a password, and was publicly spilling out files onto the open web.

Many of the victims whose information was found on the exposed server are Americans.

The data is now secure after TechCrunch contacted Amber Group’s chief executive Dushyant Savadia, who did not comment when reached prior to publication.

The storage server, hosted on Amazon Web Services, was set to public. It’s not known for how long the data was unprotected, but contained more than 70,000 negative COVID-19 lab results, over 425,000 immigration documents authorizing travel to the island — which included the traveler’s name, date of birth and passport numbers — and over 250,000 quarantine orders dating back to June 2020, when Jamaica reopened its borders to visitors after the pandemic’s first wave. The server also contained more than 440,000 images of travelers’ signatures.

Two U.S. travelers whose lab results were among the exposed data told TechCrunch that they uploaded their COVID-19 results through the Visit Jamaica website before their travel. Once lab results are processed, travelers receive a travel authorization that they must present before boarding their flight.

Both of these documents, as well as quarantine orders that require visitors to shelter in place and several passports, were on the exposed storage server.

Travelers who are staying outside Jamaica’s so-called “resilient corridor,” a zone that covers a large portion of the island’s population, are told to install the app built by Amber Group that tracks their location and is tracked by the Ministry of Health to ensure visitors stay within the corridor. The app also requires that travelers record short “check-in” videos with a daily code sent by the government, along with their name and any symptoms.

The server exposed more than 1.1 million of those daily updating check-in videos.

An airport information flyer given to travelers arriving in Jamaica. Travelers may be required to install the JamCOVID19 app to allow the government to monitor their location and to require video check-ins. (Image: Jamaican government)

The server also contained dozens of daily timestamped spreadsheets named “PICA,” likely for the Jamaican passport, immigration and citizenship agency, but these were restricted by access permissions. But the permissions on the storage server were set so that anyone had full control of the files inside, such as allowing them to be downloaded or deleted altogether. (TechCrunch did neither, as doing so would be unlawful.)

Stephen Davidson, a spokesperson for the Jamaican Ministry of Health, did not comment when reached, or say if the government planned to inform travelers of the security lapse.

Savadia founded Amber Group in 2015 and soon launched its vehicle-tracking system, Amber Connect.

According to one report, Amber’s Savadia said the company developed JamCOVID19 “within three days” and made it available to the Jamaican government in large part for free. The contractor is billing other countries, including Grenada and the British Virgin Islands, for similar implementations, and is said to be looking for other government customers outside the Caribbean.

Savadia would not say what measures his company put in place to protect the data of paying governments.

Jamaica has recorded at least 19,300 coronavirus cases on the island to date, and more than 370 deaths.


Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop. Learn more.

#amazon-web-services, #caribbean, #government, #health, #mobile-applications, #operating-systems, #prevention, #privacy, #quarantine, #second-life, #securedrop, #security, #united-states, #web-services, #whatsapp

This Week in Apps: TikTok viral hit breaks Spotify records, inauguration boosts news app installs, judge rules against Parler

Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy.

The app industry is as hot as ever, with a record 218 billion downloads and $143 billion in global consumer spend in 2020.

Consumers last year also spent 3.5 trillion minutes using apps on Android devices alone. And in the U.S., app usage surged ahead of the time spent watching live TV. Currently, the average American watches 3.7 hours of live TV per day, but now spends four hours per day on their mobile devices.

Apps aren’t just a way to pass idle hours — they’re also a big business. In 2019, mobile-first companies had a combined $544 billion valuation, 6.5x higher than those without a mobile focus. In 2020, investors poured $73 billion in capital into mobile companies — a figure that’s up 27% year-over-year.

This week, we’re looking into how President Biden’s inauguration impacted news apps, the latest in the Parler lawsuit, and how TikTok’s app continues to shape culture, among other things.

Top Stories

Judge says Amazon doesn’t have to host Parler on AWS

logos for AWS (Amazon Web Services) and Parler

Logos for AWS (Amazon Web Services) and Parler. Image Credits: TechCrunch

U.S. District Judge Barbara Rothstein in Seattle this week ruled that Amazon won’t be required to restore access to web services to Parler. As you may recall, Parler sued Amazon for booting it from AWS’ infrastructure, effectively forcing it offline. Like Apple and Google before it, Amazon had decided that the calls for violence that were being spread on Parler violated its terms of service. It also said that Parler showed an “unwillingness and inability” to remove dangerous posts that called for the rape, torture and assassination of politicians, tech executives and many others, the AP reported.

Amazon’s decision shouldn’t have been a surprise for Parler. Amazon had reported 98 examples of Parler posts that incited violence over the past several weeks before its decision. It told Parler these were clear violations of the terms of service.

Parler’s lawsuit against Amazon, however, went on to claim breach of contract and even made antitrust allegations.

The judge shot down Parler’s claims that Amazon and Twitter were colluding over the decision to kick the app off AWS. Parler’s claims over breach of contract were denied, too, as the contract had never said Amazon had to give Parler 30 days to fix things. (Not to mention the fact that Parler breached the contract on its side, too.) It also said Parler had fallen short in demonstrating the need for an injunction to restore access to Amazon’s web services.

The ruling only blocks Parler from forcing Amazon to again host it as the lawsuit proceeds, but is not the final ruling in the overall case, which is continuing.

TikTok drives another pop song to No. 1 on Billboard charts, breaks Spotify’s record

@livbedumb♬ drivers license – Olivia Rodrigo

We already knew TikTok was playing a large role in influencing music charts and listening behavior. For example, Billboard last year noted how TikTok drove hits from Sony artists like Doja Cat (“Say So”) and 24kGoldn (“Mood”), and helped Sony discover new talent. Columbia also signed viral TikTok artists like Lil Nas X, Powfu, StaySolidRocky, Jawsh 685, Arizona Zervas and 24kGoldn. Meanwhile, Nielsen has said that no other app had helped break more songs in 2020 than TikTok.

This month, we’ve witnessed yet another example of this phenomenon. Olivia Rodrigo, the 17-year-old star of Disney+’s “High School Musical: The Musical: the Series” released her latest song, “Drivers License” on January 8. The pop ballad and breakup anthem is believed to be referencing the actress’ relationship with co-star Joshua Bassett, which gave the song even more appeal to fans.

Upon its release the song was heavily streamed by TikTok users, which helped make it an overnight sensation of sorts. According to a report by The WSJ, Billboard counted 76.1 million streams and 38,000 downloads in the U.S. during the week of its release. It also made a historic debut at No. 1 on the Hot 100, becoming the first smash hit of 2021.

On January 11, “Drivers License” broke Spotify’s record for most streams per day (for a non-holiday song) with 15.17 million global streams. On TikTok, meanwhile, the number of videos featuring the song and the views they received doubled every day, The WSJ said.

Charli D’Amelio’s dance to it on the app has now generated 5 million “Likes” across nearly 33 million views, as of the time of writing.

@charlidamelio♬ drivers license – Olivia Rodrigo

Of course, other TikTok hits have broken out in the past, too — even reaching No. 1 like “Blinding Lights” (The Weeknd) and “Mood” (24kGoldn). But the success of “Drivers License” may be in part due to the way it focuses on a subject that’s more relevant to TikTok’s young, teenage user base. It talks about first loves and being dumped for the other girl. And its title and opening refer to a time many adults have forgotten: the momentous day when you get your driver’s license. It’s highly relatable to the TikTok crowd who fully embraced it and made it a hit.

Weekly News

Platforms: Apple

  • Apple stops signing iOS 12.5, making iOS 12.5.1 the only versions of iOS available to older devices.
  • A report claims Apple’s iOS 15 update will cut support for devices with an A9 chip, like the iPhone 6, iPhone 6s Plus and the original iPhone SE.
  • New analysis estimates Apple’s upcoming iOS privacy changes will cause a roughly 7% revenue hit for Facebook in Q2. The revenue hit will continue in following quarters and will be “material.”

Platforms: Google

  • Google adds “trending” icons to the Play Store. New arrow icons appeared in the Top Charts tab, which indicate whether an app’s downloads are trending up or down, in terms of popularity. This could provide an early signal about those that may still be rising in the charts or beginning to fall out of favor, despite their current high position.
  • Google appears to be working on a Restricted Networking mode for Android 12. The mode, discovered by XDA Developers digging in the Android Open Source Project, would disable network access for all third-party apps.

Gaming

  • Goama (or Go Games) introduced a way for developers to integrate social games into their apps, which was showcased at CES. The company focuses on Asia and Latin America and has more than 15 partners, including GCash and Rappi, for digital payments and communications.
  • Fortnite maker Epic Games is getting into movies. The animated feature film Gilgamesh will use Epic’s Unreal Engine technology to tell the story of the king-turned-deity. The movie is not an in-house project, but rather is financed through Epic’s $100M MegaGrants fund.

Augmented Reality

  • Patents around Apple’s AR and VR efforts describe how a system could be identified in a way that’s similar to FaceID, then either permitted or denied the ability to change their appearance in the game.
  • Pinterest launches AR try-on for eyeshadow in its mobile app using Lens technology and ModiFace data. The app already offered AR try-on for lipsticks.

Entertainment

  • The CW app became the No. 1 app on the App Store this week, topping TikTok, Instagram and YouTube, thanks to CW’s season premieres of Batwoman, All American, Riverdale and Nancy Drew.
  • Users of podcasting app Anchor, owned by Spotify, say the app isn’t bringing them any sponsorship opportunities, as promised, beyond those from Spotify and Anchor itself.
  • YouTube launches hashtag landing pages on the web and in its mobile app. The pages are accessible when you click hashtags on YouTube, not via search, and weirdly rank the “best” videos through some inscrutable algorithm.
  • Apple’s Podcasts app adds a new editorial feature, Apple Podcasts Spotlight, meant to increase podcast listening by showcasing the best podcasts as selected by Apple editors.

E-commerce

  • WeChat facilitated 1.6 trillion yuan (close to $250 billion) in annual transactions through its “mini programs” in 2020. The figure is more than double that of 2019.

Fintech

  • Douyin, the Chinese version of TikTok, launched an e-wallet, Douyin Pay. The wallet will supplement the existing payment options, Alipay and WeChat Pay, and will help to support the Douyin app’s growing e-commerce business.
  • Neobank Monzo founder Tom Blomfield left the startup, saying he struggled during the pandemic. “I think [for] a lot of people in the world…going through a pandemic, going through lockdown and the isolation involved in that has an impact on people’s mental health,” he told TechCrunch.
  • New estimates indicate about 50% of the iPhone user base (or 507 million users) now use Apple Pay. 
  • Samsung’s newest phones drop support for MST, which emulates a mag stripe at terminals that don’t support NFC.

Social

  • Indian messaging app, StickerChat, owned by Hike, is shutting down. Founder Kavin Bharti Mittal said India will never have a homegrown messenger unless it bars Western companies from its market. Hike pivoted this month to virtual social apps, Vibe and Rush, which it believes have more potential.
  • Instagram head Adam Mosseri, in a Verge podcast, said he’s not happy with Reels so far, and how he feels most people probably don’t understand the difference between Instagram video and IGTV. He says the social network needs to simplify and consolidate ideas.
  • Facebook and Instagram improve their accessibility features. The apps’ AI-generated image captions now offer far more details about who or what is in the photos, thanks to improvements in image recognition systems.
  • TikTok launches a Q&A feature that lets creators respond to fan questions using text or videos. The feature, rolled out to select creators with more than 10,000 followers, makes it easier to see all the questions in one place.

Health & Fitness

  • Health and fitness app spending jumped 70% last year in Europe to record $544 million, a Sensor Tower report says. The year-over-year increase is far larger than 2019, when growth was just 37.2%. COVID-19 played a large role in this shift as people turned to fitness apps instead of gyms to stay in shape.

Government & Policy

  • Biden’s inauguration boosted installs of U.S. news apps up to 170%, Sensor Tower reported. CNN was the biggest mover, climbing 530 positions to reach No. 41 on the App Store, and up 170% in terms of downloads. News Break was the second highest, climbing 13 positions to No. 65. Right-wing outlet Newsmax climbed 43 spots to reach No. 108. In 2020, the top news apps were: News Break (23.7 million installs); SmartNews (9 million); CNN (5 million); and Fox News (4 million). This month, however, News Break saw 1.2 million installs, followed by Newsmax with about 863,000 installs, the report said.
  • Ireland’s Data Protection Commission (DPC) sent a draft decision to fellow EU Data Protection Authorities over the WhatsApp-Facebook data sharing policy. This means a decision on the matter is coming closer to a resolution in terms of what standards of transparency is required by WhatsApp.
  • German app developer Florian Mueller of FOSS Patents filed a complaint with the EU, U.S. DOJ and other antitrust watchdogs around the world over Apple and Google’s rejection of his COVID-related mobile game. Both stores had policies to only approve official COVID-19 apps from health authorities. Mueller renamed the game Viral Days and removed references to the novel coronavirus to get the app approved. However, he still feels the stores’ rules are holding back innovation.

Productivity

  • Basecamp’s Hey, which famously fought back against Apple’s App Store rules over IAP last year, has launched a business-focused platform, Hey for Work, expected to be public in Q1. The app has more App Store ratings than rival Superhuman, a report found. Currently, Hey has a 4.7-star rating across 3.3K reviews; Superhuman has 3.9 rating across only 274 reviews.

Trends

  • Baby boomers are increasingly using apps. Baby boomers/Gen Xers in the U.S. spent 30% more time year-over-year in their most used apps, App Annie reports. That’s a larger increase than either Millennials or Gen Z, at 18% and 16%, respectively.

Funding and M&A

  • Curtsy, a clothing resale app for Gen Z women, raised an $11 million Series A led by Index Ventures. The app tackles some of the problems with online resale by sending shipping supplies and labels to sellers, and by making the marketplace accessible to new and casual sellers.
  • Storytelling platform Wattpad acquired by South Korea’s Naver for $600 million. The reading apps whose stories have turned into book and Netflix hits will be incorporated into Naver’s publishing platform Webtoon.
  • On-demand delivery app Glovo partnered with Swiss-based real estate firm, Stoneweg, which is investing €100 million in building and refurbishing real estate in key markets to build out Glovo’s network of “dark stores.”
  • Pocket Casts app is up for sale. The podcast app was acquired nearly three years ago by a public radio consortium of top podcast producers (NPR, WNYC Studios, WBEZ Chicago and This American Life). The owners have now agreed to sell the app, which posted a net loss in 2020. (NPR’s share of the loss was over $800,000.)
  • Travel app Maps.me raised $50 million in a round led by Alameda Research. The funding will go toward the launch of a multi-currency wallet. Cryptocurrency lender Genesis Capital and institutional cryptocurrency firm CMS Holdings also participated in the round, Coindesk reported.
  • Bangalore-based hyperlocal delivery app Dunzo raised $40 million in a round that included investment from Google, Lightbox, Evolvence, Hana Financial Investment, LGT Lightstone Aspada and Alteria.
  • London-based food delivery app Deliveroo raised $180 million in new funding from existing investors, led by Durable Capital Partners and Fidelity Management, valuing the business at more than $7 billion.
  • Dating Group acquired Swiss startup Once, a dating app that sends one match per day, for $18 million.

Downloads

Bodyguard

Image Credits: Bodyguard

A French content moderation app called Bodyguard, detailed here by TechCrunch, has brought its service to the English-speaking market. The app allows you to choose the level of content moderation you want to see on top social networks, like Twitter, YouTube, Instagram and Twitch. You can choose to hide toxic content across a range of categories, like insults, body shaming, moral harassment, sexual harassment, racism and homophobia and indicate whether the content is a low or high priority to block.

Beeper

Image Credits: Beeper

Pebble’s founder and current YC Partner Eric Migicovsky has launched a new app, Beeper, that aims to centralize in one interface 15 different chat apps, including iMessage. The app relies on an open-source federated, encrypted messaging protocol called Matrix that uses “bridges” to connect to the various networks to move the messages. However, iMessage support is more wonky, as the company actually ships you an old iPhone to make the connection to the network. But this system allows you to access Beeper on non-Apple devices, the company says. The app is slowly onboarding new users due to initial demand. The app works across MacOS, Windows, Linux‍, iOS and Android and charges $10/mo for the service.

 

#actress, #adam-mosseri, #alipay, #alteria, #amazon, #amazon-web-services, #android, #app-developer, #app-store, #apple, #apps, #arkansas, #asia, #bangalore, #biden, #bodyguard, #columbia, #computing, #data-protection-commission, #dating-group, #disney, #doj, #driver, #durable-capital-partners, #e-commerce, #epic-games, #eric-migicovsky, #europe, #european-union, #fidelity-management, #food, #fox-news, #glovo, #google, #hana-financial-investment, #india, #instagram, #iphone, #ireland, #itunes, #judge, #latin-america, #linux, #london, #macos, #microsoft-windows, #mobile, #mobile-app, #mobile-applications, #mobile-devices, #netflix, #operating-systems, #parler, #pinterest, #play-store, #president, #real-estate, #seattle, #sensor-tower, #social-network, #social-networks, #software, #sony, #south-korea, #spotify, #stoneweg, #superhuman, #this-american-life, #tiktok, #tom-blomfield, #twitch, #twitter, #united-states, #wattpad, #web-services, #wnyc

Madrona promotes Anu Sharma and Daniel Li as Partners

Fresh off the announcement of more than $500 million in new capital across two new funds, Seattle-based Madrona Venture Group has announced that they’re adding Anu Sharma and Daniel Li to the team’s list of Partners.

The firm, which in recent years has paid particularly close attention to enterprise software bets, invests heavily in the early-stage Pacific Northwest startup scene.

Both Li and Sharma are stepping into the Partner role after some time at the firm. Li has been with Madrona for five years while Sharma joined the team in 2020. Prior to joining Madrona, Sharma led product management teams at Amazon Web Services, worked as a software developer at Oracle and had a stint in VC as an associate at SoftBank China & India. Li previously worked at the Boston Consulting Group.

I got the chance to catch up with Li who notes that the promotion won’t necessarily mean a big shift in his day-to-day responsibilities — “At Madrona, you’re not promoted until you’re working in the next role anyway,” he says — but that he appreciates “how much trust the firm places in junior investors.”

Asked about leveling up his venture career during a time when public and private markets seem particularly flush with cash, Li acknowledges some looming challenges.

“On one hand, it’s just been an amazing five years to join venture capital because things have just been up and to the right with lots of things that work; it’s just a super exciting time,” Li says. “On the other hand, from a macro perspective, you know that there’s more capital flowing into VC as an asset class than ever before. And just from that pure macro perspective, you know that that means returns are going to be lower in the next 10 years as valuations are higher.”

Nevertheless, Li is plenty bullish on internet companies claiming larger swaths of the global GDP and hopes to invest specifically in “low code platforms, next-gen productivity, and online communities,” Madrona notes in their announcement, while Sharma plans to continue looking at to “distributed systems, data infrastructure, machine learning, and security.”

TechCrunch recently talked to Li and his Madrona colleague Hope Cochran about some of the top trends in social gaming and how investors were approaching new opportunities across the gaming industry.

#amazon-web-services, #finance, #hope-cochran, #india, #internet, #investment, #machine-learning, #madrona-venture-group, #online-communities, #oracle, #seattle, #softbank, #softbank-group, #tc, #venture-capital, #web-services

E-commerce infrastructure startup Nacelle closes $18M Series A

Consumer online shopping habits have led to a windfall of revenues for these web storefronts, but COVID-era trends have also breathed new life into the market for developer tools that help e-commerce sites operate more smoothly for shoppers.

LA-based Nacelle is one of many e-commerce infrastructure startups to earn attention from investors amid COVID.

The web services company helps streamline the backends of e-commerce websites with a so-called “headless” platform that shifts how the front end of websites interact with content in the back end. The startup claims its tech can boost performance, promote better scalability, cut down on hosting costs and offer developers a more streamlined experience.

Nacelle has closed an $18 million Series A led by Inovia with participation from Accomplice, Index Ventures, High Alpha, Silas Capital and Lerer Hippeau. The company just closed a $4.8 million seed round in mid-2020, the speedy pace of their Series A’s close seems to speak to the investor enthusiasm that has deepened around companies operating in the e-commerce world.

“It’s not secret that commerce has done well during COVID,” CEO Brian Anderson tells TechCrunch. “Not only did we get this subtle structural change with COVID that I believe is long-lasting, but merchants have been focusing more on performance.”

One of the startup’s central points of focus has been ensuring that they can bring customers onboard its platform without causing undue headaches. It can be “very painful to migrate data” with other services, Anderson says. The company’s service is “anti-rip-and-replace,” meaning potential customers can integrate “without having to be rebuild their stores.”

The firm’s customer base is largely made up of small- to medium-sized e-commerce sites. Nacelle works closely with agencies for customer referrals, also tapping on Anderson’s past contacts from his days running a Shopify Plus agency.

This past August, data from IBM’s U.S. Retail Index suggested that pandemic trends had accelerated the consumer shift from primarily visiting to physical stores to shopping on e-commerce storefronts by roughly five years.

#alpha, #ceo, #e-commerce, #ecommerce, #lerer-hippeau, #marketing, #nacelle, #online-shopping, #retailers, #shopify, #shopify-plus, #web-services

Scraped Parler data is a metadata goldmine

Embattled social media platform Parler is offline after Apple, Google and Amazon pulled the plug on the site after the violent riot at the U.S. Capitol last week that left five people dead.

But while the site is gone (for now), millions of posts published to the site since the riot are not.

A lone hacker scraped millions of posts, videos and photos published to the site after the riot but before the site went offline on Monday, preserving a huge trove of potential evidence for law enforcement investigating the attempted insurrection, many of which allegedly used the platform to plan and coordinate the breach of the Capitol.

The hacker and internet archivist, who goes by the online handle @donk_enby, scraped the social network and uploaded copies to the Internet Archive, which hosts old and historical versions of web pages.

In a tweet, @donk_enby said she scraped data from Parler that included deleted and private posts, and the videos contained “all associated metadata.”

Metadata is information about a file — such as when it was made and on what device. This information is usually embedded in the file itself. The scraped videos from Parler appear to also include the precise location data of where the videos were taken. That metadata could be a goldmine of evidence for authorities investigating the Capitol riot, which may tie some rioters to their Parler accounts or help police to unmask rioters based on their location data.

Most web services remove metadata when you upload your photos and videos, but Parler apparently wasn’t.

Parler quickly became the social network of choice after President Trump was deplatformed from Twitter and Facebook for inciting the riot on January 6. But the tech giants said Parler violated their rules by not having a content moderation policy – which is what drew many users to the site.

Many of the posts made calls to “burn down [Washington] D.C.,” while others called for violence and the execution of Vice President Mike Pence.

Already several rioters have been arrested and charged with breaking into the Capitol building. Many of the rioters weren’t wearing masks (the pandemic notwithstanding), making it easier for them to be identified. But thanks to Parler’s own security blunder, many more could soon face an unwelcome knock at the door.

#amazon, #computing, #internet-archive, #law-enforcement, #microblogging, #operating-systems, #parler, #president, #real-time-web, #security, #social-network, #software, #trump, #vice-president, #washington, #web-services

Parler is officially offline after AWS suspension

True to its word, Amazon Web Services (AWS) suspended services to Parler, the right-wing-focused social network that proved a welcoming home for pro-Trump users whose calls for violence at the nation’s Capitol and beyond. The service suspension went into effect overnight after a 24-hour warning from AWS, which means that if you now go to Parler’s web address you’re greeted with a message saying the requested domain can’t be reached.

Parler’s community had been surging after the permanent suspension of Trump’s official accounts from Twitter and Facebook last week, which also saw a number of accounts tweeting similar invective and encouragement of violence aligned with Trump’s sentiments removed from those platforms. Apple and Google then removed Parler from their respective app stores for violations of their own terms of service, and AWS follows suit with its own suspension notice.

The company has suggested that it will rebuild its own infrastructure from scratch in order to contend with the various suspensions, but meanwhile other alternative social media sites that continue to exist, and that have typically catered to a more right-wing audience, like Gab, are seeing the benefits of Parler’s deplatforming. Gab has previously seen its hosting revoked, and been removed from Google Play for issues around hate speech dissemination.

#amazon-web-services, #computing, #gab, #google, #parler, #social, #social-media, #social-network, #tc, #technology, #trump, #web-services, #world-wide-web

Google expands its cloud with new regions in Chile, Germany and Saudi Arabia

It’s been a busy year of expansion for the large cloud providers, with AWS, Azure and Google aggressively expanding their data center presence around the world. To cap off the year, Google Cloud today announced a new set of cloud regions, which will go live in the coming months and years. These new regions, which will all have three availability zones, will be in Chile, Germany and Saudi Arabia. That’s on top of the regions in Indonesia, South Korea, the U.S. (Last Vegas and Salt Lake City) that went live this year — and the upcoming regions in France, Italy, Qatar and Spain the company also announced over the course of the last twelve months.

Image Credits: Google

In total, Google currently operates 24 regions with 73 availability zones, not counting those it has announced but that aren’t live yet. While Microsoft Azure is well ahead of the competition in terms of the total number of regions (though some still lack availability zones), Google is now starting to pull even with AWS, which currently offers 24 regions with a total of 77 availability zones. Indeed, with its 12 announced regions, Google Cloud may actually soon pull ahead of AWS, which is currently working on six new regions.

The battleground may soon shift away from these large data centers, though, with a new focus on edge zones close to urban centers that are smaller than the full-blown data centers the large clouds currently operate but that allow businesses to host their services even closer to their customers.

All of this is a clear sign of how much Google has invested in its cloud strategy in recent years. For the longest time, after all, Google Cloud Platform lagged well behind its competitors. Only three years ago, Google Cloud offered only 13 regions, for example. And that’s on top of the company’s heavy investment in submarine cables and edge locations.

#amazon-web-services, #aws, #chile, #cloud-computing, #cloud-infrastructure, #france, #germany, #google, #google-cloud-platform, #indonesia, #italy, #microsoft, #nuodb, #qatar, #salt-lake-city, #saudi-arabia, #south-korea, #spain, #tc, #united-states, #web-hosting, #web-services

Google grants $3 million to the CNCF to help it run the Kubernetes infrastructure

Back in 2018, Google announced that it would provide $9 million in Google Cloud Platform credits — divided over three years — to the Cloud Native Computing Foundation (CNCF) to help it run the development and distribution infrastructure for the Kubernetes project. Previously, Google owned and managed those resources for the community. Today, the two organizations announced that Google is adding on to this grant with another $3 million annual donation to the CNCF to “help ensure the long-term health, quality and stability of Kubernetes and its ecosystem.”

As Google notes, the funds will go to the testing and infrastructure of the Kubernetes project, which currently sees over 2,300 monthly pull requests that trigger about 400,000 integration test runs, all of which use about 300,000 core hours on GCP.

“I’m really happy that we’re able to continue to make this investment,” Aparna Sinha, a director of product management at Google and the chairperson of the CNCF governing board, told me. “We know that it is extremely important for the long-term health, quality and stability of Kubernetes and its ecosystem and we’re delighted to be partnering with the Cloud Native Computing Foundation on an ongoing basis. At the end of the day, the real goal of this is to make sure that developers can develop freely and that Kubernetes, which is of course so important to everyone, continues to be an excellent, solid, stable standard for doing that.”

Sinha also noted that Google contributes a lot of code to the project, with 128,000 code contributions in the last twelve months alone. But on top of these technical contributions, the team is also making in-kind contributions through community engagement and mentoring, for example, in addition to the kind of financial contributions the company is announcing today.

“The Kubernetes project has been growing so fast — the releases are just one after the other,” said Priyanka Sharma, the General Manager of the CNCF. “And there are big changes, all of this has to run somewhere. […] This specific contribution of the $3 million, that’s where that comes in. So the Kubernetes project can be stress-free, [knowing] they have enough credits to actually run for a full year. And that security is critical because you don’t want Kubernetes to be wondering where will this run next month. This gives the developers and the contributors to the project the confidence to focus on feature sets, to build better, to make Kubernetes ever-evolving.”

It’s worth noting that while both Google and the CNCF are putting their best foot forward here, there have been some questions around Google’s management around the Istio service mesh project, which was incubated by Google and IBM a few years ago. At some point in 2017, there was a proposal to bring it under the CNCF umbrella, but that never happened. This year, Istio became one of the founding projects of Open Usage Commons, though that group is mostly concerned with trademarks, not with project governance. And while all of this may seem like a lot of inside baseball — and it is — but it had some members of the open-source community question Google’s commitment to organizations like the CNCF.

“Google contributes to a lot of open-source projects. […] There’s a lot of them, many are with open-source foundations under the Linux Foundation, many of them are otherwise,” Sinha said when I asked her about this. “There’s nothing new, or anything to report about anything else. In particular, this discussion — and our focus very much with the CNCF here is on Kubernetes, which I think — out of everything that we do — is by far the biggest contribution or biggest amount of time and biggest amount of commitment relative to anything else.”

#aparna-sinha, #cloud, #cloud-computing, #cloud-infrastructure, #cloud-native-computing-foundation, #cloud-native-computing, #cncf, #computing, #developer, #free-software, #google, #google-cloud-platform, #kubernetes, #priyanka-sharma, #product-management, #tc, #web-services

AWS updates its edge computing solutions with new hardware and Local Zones

AWS today closed out its first re:Invent keynote with a focus on edge computing. The company launched two smaller appliances for its Outpost service, which originally brought AWS as a managed service and appliance right into its customers’ existing data centers in the form of a large rack. Now, the company is launching these smaller versions so that its users can also deploy them in their stores or office locations. These appliances are fully managed by AWS and offer 64 cores of compute, 128GB of memory and 4TB of local NVMe storage.

In addition, the company expanded its set of Local Zones, which are basically small extensions of existing AWS regions that are more expensive to use but offer low-latency access in metro areas. This service launched in Los Angeles in 2019 and starting today, it’s also available in preview in Boston, Houston and Miami. Soon, it’ll expand to Atlanta, Chicago, Dallas, Denver, Kansas City, Las Vegas, Minneapolis, New York, Philadelphia, Phoenix, Portland and Seattle. Google, it’s worth noting, is doing something similar with its Mobile Edge Cloud.

The general idea here — and that’s not dissimilar from what Google, Microsoft and others are now doing — is to bring AWS to the edge and to do so in a variety of form factors.

As AWS CEO Andy Jassy rightly noted, AWS always believed that the vast majority of companies, “in the fullness of time” (Jassy’s favorite phrase from this keynote), would move to the cloud. Because of this, AWS focused on cloud services over hybrid capabilities early on. He argues that AWS watched others try and fail in building their hybrid offerings, in large parts because what customers really wanted was to use the same control plane on all edge nodes and in the cloud. None of the existing solutions from other vendors, Jassy argues, got any traction (though AWSs competitors would surely deny this) because of this.

The first result of that was VMware Cloud on AWS, which allowed customers to use the same VMware software and tools on AWS they were already familiar with. But at the end of the day, that was really about moving on-premises services to the cloud.

With Outpost, AWS launched a fully managed edge solution that can run AWS infrastructure in its customers’ data centers. It’s been an interesting journey for AWS, but the fact that the company closed out its keynote with this focus on hybrid — no matter how it wants to define it — shows that it now understands that there is clearly a need for this kind of service. The AWS way is to extend AWS into the edge — and I think most of its competitors will agree with that. Microsoft tried this early on with Azure Stack and really didn’t get a lot of traction, as far as I’m aware, but it has since retooled its efforts around Azure Arc. Google, meanwhile, is betting big on Anthos.

#amazon-web-services, #atlanta, #aws-reinvent-2020, #boston, #chicago, #cloud, #cloud-applications, #cloud-computing, #cloud-infrastructure, #cloud-services, #computing, #dallas, #denver, #developer, #enterprise, #google, #houston, #kansas-city, #las-vegas, #los-angeles, #miami, #microsoft, #minneapolis, #mobile-edge, #new-york, #philadelphia, #phoenix, #portland, #seattle, #tc, #vmware, #web-hosting, #web-services

Amazon Web Services outage takes a portion of the internet down with it

Amazon Web Services is currently having an outage, taking a chunk of the internet down with it.

Several AWS services were experiencing problems as of early Wednesday, according to its status page. That means any app, site or service that relies on AWS might also be down, too. (As I found out the hard way this morning when my Roomba refused to connect.)

Amazon says the issue is largely localized to North America. The company didn’t give a reason for the outage, only that it was experiencing increased error rates and that it was working on a resolution. The irony is that the outage is also affecting the company’s “ability to post updates to the Service Health Dashboard,” so not even Amazon is immune from its own downtime.

So far a number of companies that rely on AWS have tweeted out that they’re experiencing issues as a result, including Adobe and Roku.

We’ll keep you updated as this outage continues. On the bright side TechCrunch is still up, so here are a few things to read.

Extra Crunch:

#amazon-web-services, #cloud, #cloud-infrastructure, #computing, #north-america, #roomba, #web-hosting, #web-services, #world-wide-web

Resilience raises over $800 million to transform pharmaceutical manufacturing in response to COVID-19

Resilience, a new biopharmaceutical company backed by $800 million in financing from investors including ARCH Venture Partners and 8VC, has emerged from stealth to transform the way that drugs and therapies are manufactured in the U.S.

Founded by ARCH Venture Partners investor Robert Nelsen, National Resilience Inc., which does business as Resilience was born out of Nelsen’s frustrations with the inept American response to the COVID-19 pandemic.

According to a statement the company will invest heavily in developing new manufacturing technologies across cell and gene therapies, viral vectors, vaccines and proteins.

Resilience’s founders identified problems in the therapeutic manufacturing process as one of the key problems that the industry faces in bringing new treatments to market — and that hurdle is exactly what the company was founded to overcome.

“COVID-19 has exposed critical vulnerabilities in medical supply chains, and today’s manufacturing can’t keep up with scientific innovation, medical discovery, and the need to rapidly produce and distribute critically important drugs at scale. We are committed to tackling these huge problems with a whole new business model,” said Nelsen in a statement.

The company brings together some of the leading investment firms in healthcare and biosciences including operating partners from Flagship Pioneering like Rahul Singhvi, who will serve as the company’s chief executive’ former Food and Drug Administration commissioner Scott Gottlieb, a partner at New Enterprise Associates and director on the Resilience board; and Patrick Yang, the former executive vice president and global head of technical operations at Roche/Genentech .

“It is critical that we adopt solutions that will protect the manufacturing supply chain, and provide more certainty around drug development and the ability to scale up the manufacturing of safe, effective but also more complex products that science is making possible,” said Dr. Gottlieb, in a statement. “RESILIENCE will enable these solutions by combining cutting edge technology, an unrivaled pool of talent, and the industry’s first shared service business model. Similar to Amazon Web Services, RESILIENCE will empower drug developers with the tools to more fully align discovery, development, and manufacturing; while offering new opportunities to invest in downstream innovations in formulation and manufacturing earlier, while products are still being conceived and developed.”

Other heavy hitters in the world of medicine and biotechnology who are working with the company include Frances Arnold, the Nobel Prize-winning professor from the California Institute of Technology; George Barrett, the former chief executive of Cardinal Health; Susan Desmond-Hellmann, the former president of product development at Genentech; Kaye Foster, the former vice president of human resources at Johnson and Johnson; and Denice Torres, the former President of Johnson & Johnson Pharmaceutical and Consumer Companies.

#amazon-web-services, #arch-venture-partners, #biotechnology, #companies, #contents, #director, #drug-development, #food-and-drug-administration, #genentech, #healthcare, #johnson, #johnson-johnson, #life-sciences, #manufacturing, #new-enterprise-associates, #partner, #president, #resilience, #roche, #scott-gottlieb, #tc, #web-services

Render raises $4.5M for its DevOps platform

Render, the winner of our Disrupt SF 2019 Startup Battlefield, today announced that it has added another $4.5 million onto its existing seed funding round, bringing total investment into the company to $6.75 million.

The round was led by General Catalyst, with participation from previous investors South Park Commons Fund and a group of angels that includes Lee Fixel, Elad Gil and GitHub CTO (and former VP of Engineering at Heroku) Jason Warner.

The company, which describes itself as a ‘Zero DevOps alternative to AWS, Azure and Google Cloud,’ originally raised a $2.25 million seed round in April 2019, but it got a lot of inbound interest after winning the Disrupt Battlefield. In the end, though, the team decided to simply raise more money from its existing investors.

Current Render users include Cypress.io, Mux, Bloomscape, Zelos, 99designs and Stripe.

“We spoke to a bunch of people after Disrupt, including Ashton Kutcher’s firm, because he was one of the judges,” Render co-founder and CEO Anurag Goel explained. “In the end, we decided that we would just raise more money from our existing investors because we like them and it helped us get a better deal from our existing investors. And they were all super interested in continuing to invest.”

What makes Render stand out is that it fulfills many of the promises of Heroku and maybe Google Cloud’s App Engine. You simply tell it what kind of service you are going to deploy and it handles the deployment and manages the infrastructure for you.

“Our customers are all people who are writing code. And they just want to deploy this code really easily without having to worry about servers, or maintenance, or depending on DevOps teams — or, in many cases, hiring DevOps teams,” Goel said. “DevOps engineers are extremely expensive to hire and extremely hard to find, especially good ones. Our goal is to eliminate all of that work that DevOps people do at every company, because it’s very similar at every company.”

Image Credits: Render

One new feature the company is launching today is preview environments. You can think of them as disposable staging or development environments that developers can spin up to test their code — and Render promises that the testing environment will look the same as your production environment (or you can specify changes, too). Developers can then test their updates collaboratively with QA or their product and sales teams in this environment.

Development teams on Render specify their infrastructure environments in a YAML file and turning on these new preview environments is as easy as setting a flag in that file.

Image Credits: Render

“Once they do that, then for every pull request – because we’re integrated with GitHub and GitLab — we automatically spin up a copy of that environment. That can include anything you have in production, or things like a Redis instance, or managed Postgres database, or Elasticsearch instance, or obviously API’s and web services and static sites,” Goel said. Every time you push a change to that branch or pull request, the environment is automatically updated, too. Once the pull request is closed or merged, Render destroys the environment automatically.

The company will use the new funding to grow its team and build out its service. The plan, Goel tells me, is to raise a larger Series A round next year.

#ashton-kutcher, #battlefield, #continuous-integration, #devops, #elad-gil, #elasticsearch, #general-catalyst, #git, #github, #gitlab, #heroku, #lee-fixel, #software, #software-engineering, #tc, #version-control, #web-services

Dr Lal PathLabs, one of India’s largest blood test labs, exposed patient data

Dr Lal PathLabs, one of the largest lab testing companies in India, left a huge cache of patient data on a public server for months, TechCrunch has learned.

The lab testing giant, headquartered in New Delhi, serves some 70,000 patients a day, and quickly became a major player in testing patients for COVID-19 after winning approval from the Indian government.

But the company was storing hundreds of large spreadsheets packed with sensitive patient data in a storage bucket, hosted on Amazon Web Services (AWS), without a password, allowing anyone to access the data inside.

Australia-based security expert Sami Toivonen found the exposed data and reported it to Dr Lal PathLabs in September. The company quickly shut down access to the bucket but the company did not reply, Toivonen told TechCrunch.

It’s not known how long the bucket was exposed.

Toivonen said the exposed data amounted to millions of individual patient bookings.

A redacted section of the spreadsheets containing patient data, including name, address, phone number, and gender, as well as the test the patient is requesting. (Screenshot: TechCrunch)

The spreadsheets appear to contain daily records of patient lab tests. Each spreadsheet contained a patient’s name, address, gender, date of birth, and cell number, as well as details of the test that the patient is taking, which could indicate or infer a medical diagnosis or a health condition.

Some booking records contained additional remarks about the patient, such as if they had tested positive for COVID-19.

Toivonen provided TechCrunch with a sample of the files from the exposed server for verification. We reached out to several patients to confirm their details found in the spreadsheet.

“Once I discovered this I was blown away that another publicly-listed organization had failed to secure their data, but I do believe that security is a team sport and everyone’s responsibility,” Toivonen told TechCrunch. “I’m glad that they secured it within a few hours after I contacted them because this kind of exposure with millions of patient records could be misused in so many ways by the malicious actors.”

“I was also a little surprised that they didn’t respond to my responsible disclosure,” he said.

A spokesperson for Dr Lal PathLabs said it was “investigating” the security lapse but did not answer our questions, including if the company plans to inform its patients of the exposure.

#covid-19, #health, #india, #new-delhi, #privacy, #security, #spokesperson, #spreadsheet, #web-services

Kong launches Kong Konnect, its cloud-native connectivity platform

At its (virtual) Kong Summit 2020, API platform Kong today announced the launch of Kong Konnect, its managed end-to-end cloud-native connectivity platform. The idea here is to give businesses a single service that allows them to manage the connectivity between their APIs and microservices and help developers and operators manage their workflows across Kong’s API Gateway, Kubernetes Ingress and King Service Mesh runtimes.

“It’s a universal control plane delivery cloud that’s consumption-based, where you can manage and orchestrate API gateway runtime, service mesh runtime, and Kubernetes Ingress controller runtime — and even Insomnia for design — all from one platform,” Kong CEO and co-founder Augusto ‘Aghi’ Marietti told me.

The new service is now in private beta and will become generally available in early 2021.

Image Credits: Kong

At the core of the platform is Kong’s new so-called ServiceHub, which provides that single pane of glass for managing a company’s services across the organization (and make them accessible across teams, too).

As Marietti noted, organizations can choose which runtime they want to use and purchase only those capabilities of the service that they currently need. The platform also includes built-in monitoring tools and supports any cloud, Kubernetes provider or on-premises environment, as long as they are Kubernetes-based.

The idea here, too, is to make all these tools accessible to developers and not just architects and operators. “I think that’s a key advantage, too,” Marietti said. “We are lowering the barrier by making a connectivity technology easier to be used by the 50 million developers — not just by the architects that were doing big grand plans at a large company.”

To do this, Konnect will be available as a self-service platform, reducing the friction of adopting the service.

Image Credits: Kong

This is also part of the company’s grander plan to go beyond its core API management services. Those services aren’t going away, but they are now part of the larger Kong platform. With its open-source Kong API Gateway, the company built the pathway to get to this point, but that’s a stable product now and it’s now clearly expanding beyond that with this cloud connectivity play that takes the company’s existing runtimes and combines them to provide a more comprehensive service.

“We have upgraded the vision of really becoming an end-to-end cloud connectivity company,” Marietti said. “Whether that’s API management or Kubernetes Ingress, […] or Kuma Service Mesh. It’s about connectivity problems. And so the company uplifted that solution to the enterprise.”

 

#api, #augusto-marietti, #cloud, #cloud-computing, #cloud-infrastructure, #cloud-native-computing-foundation, #computing, #controller, #developer, #enterprise, #free-software, #kong, #kubernetes, #microservices, #openshift, #web-services

Don’t buy the hype: Free VPNs are bad for your privacy

VPNs are in high demand as Americans scramble to keep access to TikTok and WeChat amid a looming government ban. There are dozens of free VPNs out there that promise to protect your privacy by keeping you anonymous on the internet and hiding your browsing history.

Don’t believe it. Free VPNs are bad for you.

The internet is a hostile place for the privacy-minded. Internet providers can sell your browsing history, governments can spy on you, and tech titans collect huge amounts of data to track you across the web. Many have turned to VPNs, or virtual private networks, thinking that they can protect you from snoopers and spies.

But where VPNs try to solve a problem, they can also expose you to far greater privacy risks.

TechCrunch’s Romain Dillet has an explainer on what a VPN is. In short, VPNs were first designed for employees to virtually connect to their office network from home or while on a business trip. These days,

VPNs are more widely used for hiding your online internet traffic, and tricking streaming services into thinking you’re another country when you’re not. That same technique also helps activists and dissidents bypass censorship systems in their own countries.

VPNs work by funneling all of your internet traffic through an encrypted pipe to the VPN server, making it more difficult for anyone on the internet to see which sites you are visiting or which apps you are using.

But VPNs don’t inherently protect your privacy or give you anonymity. VPNs simply divert all of your internet traffic from going to your internet provider’s systems into the VPN provider’s systems instead.

That begs the question: Why should you trust a VPN that promises to protect your privacy more than your internet provider? The answer is that you can’t, and you shouldn’t.

By far some of the worst offenders are the free VPNs.

As the old adage goes, if it’s free then you are the product. What that means is that they make money off you — specifically, your data. Like any service that costs nothing, VPNs are often supported by ads. That means taking your internet traffic and selling it to the highest bidder to serve you targeted ads while you’re connected to the VPN. Other free VPNs have been accused of injecting ads into the websites that you visit.

While there are paid and premium VPNs that are generally more mindful about your privacy, they aren’t anonymous as they can be linked to your billing address. Paid VPNs also don’t solve the problem of funneling all of your internet traffic to a potentially untrustworthy company.

Some VPN providers also claim to protect your privacy by not storing any logs or track which websites you visit or when. While that may be true in some cases, there’s no way you can be completely sure.

In fact, some VPN providers have claimed they don’t store any logs — but were proven completely false.

Take UFO VPN, which at the time had about 20 million users. It claimed to have a zero-logging policy. But security researchers found the company’s logging database exposed to the internet, no password needed. The database was packed with logs of user activity, including which websites users were visiting.

Former NYPD director of cyber intelligence and investigations Nick Selby, now the chief security officer at fintech startup Paxos, said he only uses VPN providers that he knows do not store any logs. During his time as a police officer he would serve search warrants and know which providers were “the best at giving me nothing,” he told TechCrunch.

It’s not to say that all VPNs are unscrupulous or invading your privacy. Much of the problem with VPNs is that you can’t look under the hood and see what’s going on with your data. Standalone VPNs, like Algo and WireGuard, let you create and control your own VPN server through a cloud service, like Amazon Web Services, Microsoft Azure, Google Cloud, or Digital Ocean. But remember: your encrypted data is stored on another company’s cloud, making it potentially susceptible to being grabbed by the authorities.

VPNs can be useful, but it’s important to know their limitations. Just don’t rely on them to protect your privacy or your anonymity.

#computing, #digital-ocean, #director, #internet, #internet-traffic, #privacy, #security, #streaming-services, #virtual-private-networks, #vpn, #web-services

JupiterOne raises $19M Series A to automate cyber asset management

Asset management might not be the most exciting talking topic, but it’s often an overlooked area of cyber-defenses. By knowing exactly what assets your company has makes it easier to know where the security weak spots are.

That’s the problem JupiterOne is trying to fix.

“We built JupiterOne because we saw a gap in how organizations manage the security and compliance of their cyber assets day to day,” said Erkang Zheng, the company’s founder and chief executive.

The Morrisville, N.C.-based startup, which spun out from healthcare cloud firm LifeOmic in 2018, helps companies see all of their digital and cloud assets by integrating with dozens of services and tools, including Amazon Web Services, Cloudflare, and GitLab, and centralizing the results into a single monitoring tool.

JupiterOne says it makes it easier for companies to spot security issues and maintain compliance, with an aim of helping companies prevent security lapses and data breaches by catching issues early on.

The company already has Reddit, Databricks and Auth0 as customers, and just secured $19 million in its Series A, led by Bain Capital Ventures and with participation from Rain Capital and its parent company LifeOmic.

As part of the deal, Bain partner Enrique Salem will join JupiterOne’s board. “We see a large multibillion dollar market opportunity for this technology across mid-market and enterprise customers,” he said. Asset management is slated to be a $8.5 billion market by 2024.

Zheng told TechCrunch the company plans to use the funds to accelerate its engineering efforts and its go-to-market strategy, with new product features to come.

#bain-capital-ventures, #computer-security, #computing, #enrique-salem, #free-software, #internet-security, #north-carolina, #security, #series-a, #software, #version-control, #web-services

Cloudera pulls sensitive files from its ‘open by design’ cloud servers

Enterprise cloud giant Cloudera has pulled several of its cloud storage servers offline, despite initially claiming the servers were “open by design,” after a security researcher found sensitive internal files inside.

Chris Vickery, director of risk research at security firm UpGuard, found the cloud storage servers — known as buckets — hosted on Amazon Web Services in late July. The data largely contained legacy Hortonworks data from prior to its $5.2 billion all-stock merger with Cloudera in January 2019.

When reached, Cloudera spokesperson Madge Miller told TechCrunch that the buckets were supposed to be open and contained files and code that were open to its customers, users, and the wider community. The company said, however, that it identified three files that contained confidential information and were removed from the buckets.

But soon after, the company reversed its position and pulled the buckets offline altogether.

Vickery, who shared his findings exclusively with TechCrunch, said that although the vast majority of files in the cloud buckets were for public and community consumption, he also found files containing credentials, account access tokens, passwords and other secrets for Cloudera’s internal Jenkins system, which the company uses for building and testing its software projects. The buckets also contained entire SQL databases for its internal build databases, Vickery said.

A “secrets” file containing passwords and credentials for Cloudera’s internal systems. (Image: UpGuard/supplied

Later, Cloudera confirmed the security lapse in a later email to TechCrunch.

“Thanks to the questions from the security researcher, we did a deep dive and found some credentials and SQL dumps in the public buckets which should not have been placed there. The credentials were for our internal Jenkins build process and the SQL dumps were of our build database,” the spokesperson said.

“We have since removed this information from the public buckets and taken further remediation steps by changing credentials and rotating keys. We also concluded we could close access to a few unused publicly accessible buckets.”

The company said that the sensitive data, since removed, did not contain any customer data or any other personally identifiable information.

In all, the security lapse could have been worse — even if the incident could have been avoided altogether.

But Vickery said the incident was important to disclose as it reveals the inherent risk in using overwhelmingly large cloud storage containers. In other words, the buckets were so big and had so many files that it becomes nearly impossible to notice when something sensitive is added to the bucket by mistake.

“When that many directories and files of varying format are all stashed away together, it becomes all too easy for something to be mistakenly put among them and remain unnoticed, as is what appears to have happened here,” wrote Vickery.

#cloud, #cloud-computing, #cloud-infrastructure, #cloudera, #computing, #database, #hortonworks, #information, #information-technology, #jenkins, #security, #spokesperson, #sql, #upguard, #web-services

Amazon says police demands for customer data have gone up

Amazon has said the number of demands for user data made by U.S. federal and local law enforcement have increased during the first half of 2020 than during the same period a year earlier.

The disclosure came in the company’s latest transparency report, published Thursday.

The figures show that Amazon received 23% more subpoenas and search warrants, and a 29% increase in court orders compared to the first half of 2019. That includes data collected from its Amazon.com retail storefront, Amazon Echo devices and its Kindle and Fire tablets.

Breaking those figures down, Amazon said it received:

  • 2,416 subpoenas, turning over all of partial user data in 70% of cases;
  • 543 search warrants, turning over all of partial user data in 79% of cases;
  • 146 court orders, turning over all of partial user data in 74% of cases.

The number of requests to the company’s cloud services, Amazon Web Services, also went up compared to a year earlier.

But it’s not clear what caused the rise in U.S. government demands for user data. A spokesperson for Amazon did respond to a request for comment.

But the company saw the number of overseas requests drop by about one-third compared to the same period a year earlier. Amazon rejected 92% of the 177 overseas requests it received, turning over partial user data in 10 cases and all requested data in four cases.

Amazon also said it received between 0 and 249 national security requests, flat from previous reports. Justice Department rules on disclosing classified requests only allow companies to respond in numerical ranges.

Amazon was one of the last major tech companies to issue a transparency report, despite mounting pressure from privacy advocates. But its report remains far lighter on details compared to its Silicon Valley rivals.

The company’s Ring smart camera division, despite facing criticism for its poor security practices and its close relationships with law enforcement, has yet to release any data related to police requests for user data.

#amazon-alexa, #amazon-echo, #articles, #assistant, #business, #cloud-services, #department-of-justice, #hardware, #kindle, #law-enforcement, #publishing, #security, #transparency-report, #u-s-government, #united-states, #web-services

Google Cloud’s new BigQuery Omni will let developers query data in GCP, AWS and Azure

At its virtual Cloud Next ’20 event, Google today announced a number of updates to its cloud portfolio, but the public alpha launch of BigQuery Omni is probably the highlight of this year’s event. Powered by Google Cloud’s Anthos hybrid-cloud platform, BigQuery Omni allows developers to use the BigQuery engine to analyze data that sits in multiple clouds, including those of Google Cloud competitors like AWS and Microsoft Azure — though for now, the service only supports AWS, with Azure support coming later.

Using a unified interface, developers can analyze this data locally without having to move data sets between platforms.

“Our customers store petabytes of information in BigQuery, with the knowledge that it is safe and that it’s protected,” said Debanjan Saha, the GM and VP of Engineering for Data Analytics at Google Cloud, in a press conference ahead of today’s announcement. “A lot of our customers do many different types of analytics in BigQuery. For example, they use the built-in machine learning capabilities to run real-time analytics and predictive analytics. […] A lot of our customers who are very excited about using BigQuery in GCP are also asking, ‘how can they extend the use of BigQuery to other clouds?’ ”

Image Credits: Google

Google has long said that it believes that multi-cloud is the future — something that most of its competitors would probably agree with, though they all would obviously like you to use their tools, even if the data sits in other clouds or is generated off-platform. It’s the tools and services that help businesses to make use of all of this data, after all, where the different vendors can differentiate themselves from each other. Maybe it’s no surprise then, given Google Cloud’s expertise in data analytics, that BigQuery is now joining the multi-cloud fray.

“With BigQuery Omni customers get what they wanted,” Saha said. “They wanted to analyze their data no matter where the data sits and they get it today with BigQuery Omni.”

Image Credits: Google

He noted that Google Cloud believes that this will help enterprises break down their data silos and gain new insights into their data, all while allowing developers and analysts to use a standard SQL interface.

Today’s announcement is also a good example of how Google’s bet on Anthos is paying off by making it easier for the company to not just allow its customers to manage their multi-cloud deployments but also to extend the reach of its own products across clouds. This also explains why BigQuery Omni isn’t available for Azure yet, given that Anthos for Azure is still in preview, while AWS support became generally available in April.

#alpha, #amazon-web-services, #analytics, #bigquery, #cloud, #cloud-analytics, #cloud-computing, #cloud-infrastructure, #computing, #developer, #enterprise, #google, #machine-learning, #microsoft, #microsoft-azure, #omni, #sql, #web-services