Amazon Web Services (AWS) has taken its machine learning-powered CodeGuru development tool out of preview and rendered it generally available, alongside a host of additional features.

CodeGuru is being launched as a tool to help developers improve their applications and troubleshoot issues with automated code reviews and performance recommendations, available in Reviewer and Profiler modes.

CodeGuru Reviewer uses programme analysis and machine learning to detect potential defects that are tricky to find and recommend fixes in Java code. Code can be stored in GitHub, AWS CodeCommit, or Bitbucket.

Pull requests submitted also provide recommendations for how to improve the code, with each pull request also corresponding to a code review, and each code review including multiple recommendations that appear as comments on the pull request. 

Profiler mode, meanwhile, provides interactive visualisations and recommendations that help fine-tune application performance and troubleshoot operational issues using runtime data from live applications. This mode can also help find the most intensive lines of code, in terms of CPU usage or latency, and suggest ways to improve efficiency and reduce bottlenecks 

“Bringing new applications into production, maintaining their code base as they grow and evolve, and at the same time respond to operational issues, is a challenging task,” said chief evangelist for EMEA at AWS, Danilo Poccia. 

“For this reason, you can find many ideas on how to structure your teams, on which methodologies to apply, and how to safely automate your software delivery pipeline.

“CodeGuru helps you improve your application code and reduce compute and infrastructure costs with an automated code reviewer and application profiler that provide intelligent recommendations. Using visualizations based on runtime data, you can quickly find the most expensive lines of code of your applications.”

CodeGuru was first announced at AWS Re:Invent 2019 towards the end of last year as an AI-powered service designed to help write code. It was launched as an automated tool, trained on several decades of code reviews, adding comments to pull requests if it discovers an issue, also recommending remediation, including example code and links to documentation.

AWS has made a number of improvements to Amazon CodeGuru in the last few months, including a more cost-effective pricing model, support for Bitbucket repositories, and the capacity to start the profiling agent using a command-line switch.

In addition to existing features, the generally-available version of CodeGuru includes support for GitHub Enterprise in Reviewer mode, as well as new types of recommendations to solve defects and improve code. For Profiler mode, meanwhile, AWS has added anomaly detection, support for AWS Lambda, as well as the total CPU cost of issues in a recommendations report, among a number of others.

CodeGuru has been released days after AWS launched Honeycode, a visual application builder that can be used to create interactive web and mobile apps on a code-free basis. These can range in complexity from a task-tracking application for a small team to a project management system that controls complex workflows, with Honeycode aimed at those in need of innovative online capabilities but without the means to hire experienced engineers.

Microsoft has rolled out its Safe Documents feature for all Microsoft 365 customers in a bid to boost enterprise security by verifying untrusted files when they’re opened by a user.

When enabled by an administrator, the feature will automatically scan documents for any threats after opening the file in Protected View. This is an additional step which involves uploading and scanning by Microsoft Defender ATP.

Safe Documents essentially brings the power of the firm’s enterprise security platform Intelligent Security Graph to the desktop, with access to a live dataset of billions of data points, combing to form massive security-centric datasets.

The feature has been rolled out to rectify the limitations of Protected View, which is currently in play for all Microsoft 365 users. When opening documents received from external sources, the company suggested, people often exit the Protected View sandbox without considering whether the document is safe.

It was initially previewed in February 2020, when it was touted as a means to automate a crucial phase in the security of opening documents, which may often be overlooked if this decision is in the hands of the individual user.

«While a scan is in progress, Safe Documents will prevent users from exiting the Protected View container,» Microsoft’s security employee Kenny Shi said. «Users are still able to access and read the document during this process but will be unable to make any edits until the scan has completed.

«Once the file has been successfully scanned, users will be able to leave the Protected View container with confidence that their file is safe.»

If the file being scanned is identified as being malicious, users will be prevented from leaving Protected View entirely, with administrators able to decide whether users can bypass and ‘enable editing’ for malicious files using the Admin portal.

In addition to the added security features, IT admins will be given access to an Advanced Hunting feature to get additional analytical information on users.

Safe Documents is turned off by default, with security administrators able to activate the feature by navigating to the Security and Compliance centre within Microsoft 365. Organisations will need a Microsoft 365 E5 Security license in order to use the feature.

Microsoft has snapped up enterprise data modelling company ADRM Software with a view to combining the firm’s “information blueprints” with Azure storage and compute to create sophisticated data lakes.

ADRM, which providers large-scale sector-specific industrial data models to large enterprises, has built and refined its services over decades for business-critical analytics. These models allow organisations to more completely capture and define their business processes and build interoperability across IT infrastructures.

Microsoft is hoping to combine these comprehensive industrial models with the limitless storage and computing power of Azure to create intelligent data lakes where data from several lines of businesses can be combined more efficiently.

​Cisco has patched a dangerous flaw that allows a hacker to access victims’ accounts from another machine in order to see all meetings, individuals invited, meeting passwords and past meeting records.

The shared memory information leakage vulnerability, found in the Cisco WebEx Meetings desktop app for Windows, allows an authenticated attacker to gain access to sensitive information either locally, or by running a malicious programme.

Assigned CVE-2020-3347, the exploitation is based on the unsafe usage of shared memory used by the video conferencing platform’s desktop client, according to Trustwave researchers, who discovered the flaw.

Once the WebEx Meetings application is installed, it adds an application to the tray that starts up automatically once the user logs on. If the user has configured the client to log on automatically too, which by default it does, several memory-mapping files open, with some unprotected from opening for reading and writing.

An attacker with permissions to view system memory could exploit this vulnerability by running an application that’s designed to read shared memory. The hacker can loop over sessions and try to open, read and save content for future examination.

Successful exploitation could give the hacker the power to retrieve sensitive information through this mechanism, including usernames, meeting information, as well as authentication tokens that can be used in future attacks.

“Due to the global pandemic of COVID-19, there’s been an explosion of video conferencing and messaging software usage to help people transition their work-life to a work from home environment,” said Trustwave security research manager Martin Rakhmanov.

“Vulnerabilities in this type of software now present an even greater risk to its users. Cisco WebEx is one of the most popular video conferencing solutions available, so I decided to turn my research skills to see how secure the platform is.

“In an attack scenario, any malicious local user or malicious process running on a computer where WebEx Client for Windows is installed can monitor the memory-mapped file for a login token. Once found the token, like any leaked credentials, can be transmitted somewhere so that it can be used to login to the WebEx account in question, download Recordings, view/edit Meetings, etc.”

Cisco has released a software update addressing this vulnerability, urging users to update their Cisco Webex Meetings software to version 40.6.0 and higher. The “relatively severe” flaw affected versions of the platform released earlier than this, with Rakhmanov testing the exploitation on version 40.4.12.8.

Cisco has unveiled a ‘business resiliency’ portfolio that offers enterprises the tools to cope with the realities of a post-COVID business landscape, including remote working technologies and workplace systems.

The portfolio combines industry-specific as well as general-purposes services to give customers the means to cope with the new reality of social distancing in the workplace and difficulties in engaging remote workers. 

Cisco is rolling out the portfolio as the effects of COVID-19 continue to take their toll, and challenges such as mass remote working and fragmented IT continue to loom. This is in addition to further updates to WebEx, Cisco’s video conferencing platform, and integration with collaboration platform WebEx Teams and Box.

Industry-specific tools released as part of the business resilience package including a remote learning system, as well as an IT infrastructure kit to allow governments to establish a temporary hospital, in the mould of the NHS Nightingale sites. The temporary connected field hospital, as it’s dubbed, includes wireless networking and the associated technology to establish a temporary facility within five days.  

«Over the past several months we’ve seen major disruption to many industries and organizations at a pace like never before. Businesses that once mapped digital strategy in one to three-year periods have been required to scale their initiatives essentially overnight,» said Cisco CEO Chuck Robbins. 

«Cisco’s new business resiliency portfolio will help customers reevaluate their business strategies and implement solutions more quickly and easily than ever before.»

The remote workforce systems include a remote contact centre system, enabling contact centre agents to work from home using cloud-based systems or the capabilities to securely access their on-premise tech remotely. 

Flexible remote access gives employees the expertise and tools to access the network, endpoints and applications remotely, while the final prong, secure remote worker, offers businesses tools to analyse the effectiveness and security of their VPNs.

Among the workplace technologies being rolled out is remote office connectivity that extends a corporate network to adjacent and remote locations so workers can benefit from increased bandwidth and faster connectivity. 

Finally, social density monitoring and insights gives workplaces a view on how busy their workplace environments might be at any one time. This is in order for facilities teams to plan return-to-work strategies with social distancing in mind.

The WebEx integration with Box, meanwhile, allows workers to use the content management platform’s secure file-sharing capabilities to share documents with colleagues. With regards to WebEx, Cisco has tripled the video conferencing platform’s capacity in light of the surge in users as a result of the pandemic. 

WebEx will also introduce a fully-fledge voice-activated virtual assistant, building on Cisco’s intentions to use voice tools to explore the ‘next frontier’ of data insights, outlined in January this year.   

More than a million staff members across the NHS will have access to the Microsoft 365 suite of apps and services as part of a landmark agreement struck between NHS Digital, NHSX and Microsoft.

The productivity and collaboration suite, which includes Microsoft Teams, will be deployed to 1.2 million NHS staff in Trusts, Clinical Commissioning Groups, and health Informatics Services in an effort to create a more joined-up NHS.

GPs, consultants, nurses, therapists, paramedics, and support staff will have access to services within Microsoft 365 as part of the agreement, allowing them to take advantage of the cloud-based services. 

“Adopting the most up to date digital tools and operating systems are crucial for a modern day NHS – allowing staff to work as efficiently as possible which will deliver even better care for patients,” said the health secretary Matt Hancock.

“We have seen incredible, innovative uses of technology throughout the NHS during the Covid-19 pandemic and this new deal with Microsoft will pave the way for that to continue by ensuring we get the basics right.”

Platforms such as Microsoft Teams will allow for quicker and more efficient communication, while the interoperability across the health service with Office 365 apps and Outlook will allow for a much sharing of critical files and documents. 

“This deal with Microsoft represents a saving of hundreds of millions of pounds. This is a direct result of negotiations led jointly by NHSX and NHS Digital,” added NHSX CEO Matthew Gould. “It means staff will have access to the best possible collaboration and productivity tools, and that our cyber defences are as strong as possible.” 

The cost of the agreement hasn’t been disclosed, although the NHS insists the deal will be cost-saving for both individual organisations and the NHS as a whole, as well as improving productivity and boosting collaboration. This isn’t to mention the cyber security benefits, given the rising nature of the threat that the health service faces.

The latest agreement builds on the deal struck in April 2018 that allowed NHS organisations to upgrade to Windows 10 free of charge. Legacy operating systems, such as Windows XP and Windows 7, were widely in-use at the time of the agreement.

The rollout of Microsoft 365 to NHS organisations will also ensure IT systems that haven’t yet been upgraded to Windows 10 will be, in addition to being afforded Microsoft’s Enterprise Mobility and Security platform.

“This agreement ensures NHS organisations across England have access to modern productivity tools and solutions necessary to delivering better patient outcomes now and in the future,” said Microsoft UK CEO Cindy Rose.

“The timing of the agreement coincides with the licence renewal period of a number of NHS organisations in England. It also ensures that those NHS organisations that have already made their own arrangements with Microsoft benefit from the deal and the significant cost savings on offer.”

It feels like a lifetime ago since Mobile World Congress (MWC), one of the biggest events on the tech calendar, was cancelled just as the coronavirus crisis was beginning to escalate. Winding forward to the present day, the prospect of any large events of its stature taking place is unthinkable, with companies either postponing or cancelling their own.

Many have instead pivoted to hosting their events digitally, trialling ways to engage partners and customers online. This also applies to our sister title, IT Pro, with the launch of IT Pro Live, a five-day programme of keynote addresses, panel discussions and Q&As held between 22 and 26 June. Of course, hosting a virtual event is very different from hosting a physical one and even the most experienced of event managers face pitfalls. In this spirit, we’ve compiled guidance for businesses hoping to launch their own virtual events over the coming weeks, months or even years.

Not a like-for-like replacement

Hosting a digital event is an arena ripe for experimentation. Microsoft, for example, launched more than 50 products at its first virtual Build conference, which, like IT Pro Live, took place over the course of a week. Google Cloud Next 2020, on the other hand, will be hosted one day per week for nine weeks, starting 14 July. As such, it’s clear that virtual events can’t be treated as a like-for-like replacement for in-person conferences.

“The challenge is that such conferences are multi-faceted events that are hard to deliver through a virtual window,” nCipher vice president, Peter Carlisle, tells Cloud Pro. In Carlisle’s experience, certain elements of a physical conference can’t be replicated, which may prove challenging. These vary from sharing stories in casual settings like over a meal, to soaking in the buzz generated by thousands of attendees darting around a conference floor. The cyber security firm adopted a different format for its recent virtual Sales Kick-Off, delivering content daily across nine consecutive business days. Sessions ran 60 to 90 minutes, with three of four topics delivered in pieces averaging 20 minutes each. 

There are, however, benefits to hosting virtual events, according to Imperial College Business School’s conference manager, Megan Taylor-Silva. The university recently hosted its fifth annual Imperial Business Conference online, focussing on sustainability, and inviting speakers from Sainsbury’s, Microsoft, Google and BlackRock.

“Gone are the days where bad catering or a gate crasher can ruin your event,” explains Taylor-Silva. “Instead of spending time on choosing the right gluten-free muffin, you’ll have more time to spend on perfecting your event content, building relationships with your speakers, and converting registrants.”

Putting the building blocks in place

Planning is perhaps the most crucial element. One of the biggest mistakes companies can make, explains Virtual Event Company founder and CEO, John Saunders, is not appreciating the difference between planning for a virtual and physical event – with different timescales, disciplines and technologies involved. 

“More often than not, companies have committed to a software they don’t know the full capabilities of, therefore, allowing enough time to plan for your event is critical. During this planning period, it’s critical that the technology and the Wi-Fi strength are tested to avoid poor sound or other issues on the day,” he says. “Speakers should be coached on how to engage with people online and address their audience through a camera. It’s a different skill to physical stage events and practising online before the big event is important to ensure engagement is achieved.”

It’s important to test the systems, run experiments and trial different scenarios. Lining up backup options should things go wrong would also ensure seamless continuity should a worst-case scenario come to fruition. Before the systems are even in place, it’s also key to ensure your organisation uses the right technology. It may, therefore, be useful to look at what your competitors are using, and what your attendees are familiar with, Imperial College Business School’s Taylor-Silva adds. This is in addition to making sure these systems work with the company’s existing platforms.

“Don’t assume that everyone is comfortable with technology,” she elaborates. “Briefing speakers ahead of time and ensuring they know how to use your event platform is incredibly important. Make sure that speakers have a stable internet connection and a good microphone, this could make or break your event.”

Systems and software

From video conferencing to streaming services organisations can adopt a variety of platforms. John Saunders’ Virtual Event Company, for example, recently launched its digital hub for businesses to plan and host digital events, even fitted with Second Life-esque 3D rendering. While buying into flashy platforms might appeal to many, in Saunders’ experience, not fully understanding the technologies being used is a common pitfall.

“As companies navigate this new world by way of new tech solutions, they may choose a platform that doesn’t resonate with their brand or audience, or choose one that doesn’t look professional in the interests of cost,” he tells Cloud Pro. “Taking time to research the best digital solution for your event is key.” 

Database performance platform Percona, for instance, used a variety of simple platforms for its 24-hour virtual event last month, after plans to host Percona Live Austin 2020 fell through. Zoom was used as the main hosting platform to allow organisers to stream directly to attendees, while the event was also live-streamed to YouTube, Twitch and Facebook Live. Workplace collaboration platform Slack was repurposed to serve as a central point of contact for conference-goers.

For Percona’s global events manager, Bronwyn Campbell, the key to success was to keep it simple. “By not over complicating things with fancy broadcasting solutions or too many streaming options,” she explains in a blog post, “it allowed us to make it easier to manage, yet very effective and with a broad reach”.

Catering for the occasion

The experience will differ vastly from that of attending an in-person event, not just in the way that content is consumed, but when. Hosting an event online means you can much more easily cater for audiences from across the world, but this means ensuring your event is as accessible as possible. IT Pro Live, for example, will be broadcast between 1:30pm and 6:30pm BST, which also coincides with the working day in Europe, the Middle East, and most of the Americas. The incorporation of on-demand sessions also means people can access the content as and when it suits them.

Database company Redis Labs hosted its annual RedisConf conference virtually this year, with the company boasting four times the average number of attendees. The company’s CMO, Howard Ting, explains that the experience has given Redis a flavour for what kinds of events work better online, and what might not necessarily translate well to a virtual format. 

“Your event is now more accessible as it’s available to attendees across the globe without the burden of travel,” Ting tells Cloud Pro. “Along with that, your speaker pool just expanded. We also found that virtual events were cheaper overall to run, since you aren’t managing a venue and hotels.”

“We found that attendees appreciated live interview formats that were a little unstructured, like fireside chats. The organic conversations that happened in these interviews drove engagement because they felt more authentic and personal,” he elaborates. “Another tool to maintain interest is to stagger content drops throughout the day or make various elements available at different times – for example, we made training sessions available only on the second day, but dropped them at the previous evening so attendees in India could access them during their morning.”

One of the key challenges, having got your event off the ground, is to sustain interest among conference-goers throughout the programme. After all, it’s much easier to disconnect and switch off than if you’ve booked flights, hotel rooms, and have to physically walk between conference sessions. 

Organisers can boost engagement in several ways, from regular polls to Q&As. One of the key methods Imperial’s Taylor-Silva pitched was to ensure that speakers address the audience throughout the event, and acknowledge their presence. Organisers may also consider appointing a visible event host who guides attendees throughout the day, offering them an element of consistency, while also giving producers a single point of contact to liaise with for time-keeping purposes.

Redis Labs’ Howard Ting, meanwhile, devised an alternative approach, with the company building a gamification system that rewarded engagement. “Those who attended more sessions, asked more questions, and visited more areas in the environment were rewarded. We had small Easter Eggs throughout the conference that added to the depth of the event; for instance, we tied the environment to the attendee’s local time, so if attendees were visiting during their evening the environment transformed to dark mode.”

Minor pitfalls might be unavoidable

Hosting a successful virtual event won’t be easy for any company to pull off, particularly given the variance in structuring, content styles, and even the technologies powering them. It’s also important to bear in mind that the concept will be new to audiences too, so getting things wrong will be forgivable to an extent. 

This is a period of trial-and-error for many, and there will inevitably be things you wish you could’ve done differently after the fact. Percona’s Bronwyn Campbell, for example, says she wishes her event featured shorter talks in some instances, and kept to a single track of events as opposed to a complex multitrack programme, as it runs the risk of audience dropoff, while making things more difficult to manage. Nevertheless, the key for any organisation will lie in rigorous planning, sufficient testing of underlying technologies, and devising ways to keep audiences engaged throughout the duration of the agenda. 

IT Pro Live will take place across five days from 22 to 26 June, featuring an array of panel sessions, Q&As, and roundtables. You can check out the agenda and register for your free ticket now.

​IBM has decided to «sunset» its general-purpose facial recognition and analysis software suite over ethical concerns following a fortnight of Black Lives Matter protests.

Despite putting a lot of efforts into developing its AI-powered tools, the cloud giant will no longer distribute these systems for fear that it could be used for purposes that go against the company’s principles of trust and transparency. 

Specifically, there are concerns the technology could be used for mass surveillance, racial profiling and the violations of basic human rights and freedoms. This is in addition to the company now deploring the use of facial recognition in principle, and by rival vendors, for such purposes.

«We believe now is the time to begin a national dialogue on whether and how facial recognition technology should be employed by domestic law enforcement agencies,” CEO Arvind Krishna outlined in a letter to the US Congress.

«Artificial intelligence is a powerful tool that can help law enforcement keep citizens safe. But vendors and users of Al systems have a shared responsibility to ensure that Al is tested for bias, particularity when used in law enforcement, and that such bias testing is audited and reported.»

The announcement represents a major shift, given the company has previously ploughed considerable money and effort into building out its capabilities, and has occasionally courted controversy in the process.

In March 2019, for example, IBM was called out for using almost a million photos from photo-sharing site Flickr to train its facial recognition algorithms without the consent of the subjects. Those in the pictures weren’t advised the firm was going to use their images to help determine gender, race and other identifiable features, such as hair colour.

Several months before that, the company was found to have been secretly using video footage collected by the New York Police Department (NYPD) to develop software that can identify individuals based on distinguishable characteristics.

IBM had created a system that allowed officers to search for potential criminals based upon tags, including facial features, clothing colour, facial hair, skin colour, age, gender and more. Overall, it could identify more than 16,000 data points, rendering it extremely accurate in recognising faces.

While the general use of facial recognition in law enforcement is not entirely uncommon, it has run into legal blockades, with jurisdictions, such as San Francisco, banning its use altogether, for example.

Police forces in the UK, meanwhile, have been trialling such systems, but the Information Commissioner’s Office (ICO) has effectively neutered these plans after urging branches to assess data protection risks and ensure there’s no bias in the software being used.

In addition to permanently withdrawing its facial recognition technology, IBM has called for a national policy that encourages the use of technology to bring greater transparency and accountability to policing. These may include body cameras and data analytics techniques.

Much in step with IBM until now, a number of other major companies have engaged in developing their own AI-powered facial recognition capabilities which have often also courted controversy. 

AWS has come under fire for building its highly sophisticated Rekognition technology with alleged racial and gender bias. The company’s shareholders overturned an internal revolt over the sale of Rekognition to the police by an overwhelming majority of 97% in May 2019, for example.

The claims were based on MIT research that found it mistakenly identified some pictures of woman as men 31% of the time, which was more prevalent when it was shown pictures of darker-skinned women. This was against an error rate of 1.5% with Microsoft’s software.

​Zoom has defied fears that an explosion in activity and new users would not translate to rising revenues, boasting 169% year-on-year growth in the first quarter of 2020.

The video conferencing platform recorded revenues of $328.2 million for the quarter ending 30 April 2020, driven mainly by acquiring new customers and expanding across existing customers. Zoom previously reported in April that it gained 100 million new users within a three-week period.

The surge in demand for Zoom’s services been almost exclusively fuelled by the coronavirus pandemic, with millions of people around the world desperate to keep in touch with colleagues and loved ones while under lockdown.

Figures from Zoom’s financial results suggest the company has managed to capitalise on this growth in users, with a net income of $27 million, despite offering a solid and reliable service for non-subscribers.

«The COVID-19 crisis has driven higher demand for distributed, face-to-face interactions and collaboration using Zoom,” said founder and CEO Eric Yuan. “Use cases have grown rapidly as people integrated Zoom into their work, learning, and personal lives. 

“I am proud of our Zoom employees who dedicated themselves to support customers and the global community during this crisis. With their tremendous efforts, we were able to provide high-quality video services to new and existing customers.”

The company has also revealed a more detailed breakdown of its customer base, recording 354% year-on-year growth in the number of customers with more than ten employees to 265,400. Meanwhile, 769 customers contributed more than $100,000 in revenue, which is approximately 90% higher than in the same quarter last year.

Zoom has projected that its revenue will be between $495 million and $500 million in the next quarter, with a full fiscal year revenue of between $1.775 billion and $1.8 billion. 

The firm has announced its financial success days after pledging to improve encryption standards for paid users. End-to-end encryption will arrive for subscribers, but not free users, because of Zoom’s intentions to co-operate with law enforcement agencies. 

“Free users for sure we don’t want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose,” Yuan said, according to Bloomberg tech reporter Nico Grant.

Alex Stamos, recently hired by the company as a security consultant, elaborated that while all members will continue to benefit from 256-bit encryption after its recent implementation, end-to-end encryption will be rolled out on an opt-in basis for now. 

“We have to design the system to securely allow hosts to opt-into an E2E meeting and to carefully communicate the current security guarantees to hosts and attendees. We are looking at ways to upgrade to E2E once a meeting has started, but there will be no downgrades,” he explained on Twitter.

“So this creates a difficult balancing act for Zoom, which is trying to both improve the privacy guarantees it can provide while reducing the human impact of the abuse of its product.

«Lots of companies are facing this balancing act, but as a paid enterprise product that has to offer E2EE as an option due to legitimate product needs, Zoom has a slightly different calculus. The current decision by Zoom’s management is to offer E2EE to the business and enterprise tiers and not to the limited, self-service free tier.”