Connect with us


Microsoft releases .NET 6 LTS and Visual Studio 2022 • The Register

Voice Of EU



Microsoft has released .NET 6.0 with long-term support, and Visual Studio 2022, its all-purpose Windows IDE.

The roll-out is a big one for Microsoft’s development platform as .NET 6.0 is the first LTS release since .NET Core 3.1 in December 2019. LTS releases are scheduled to come every two years, with short-term releases in between. The current .NET 5.0 will go out of support in mid-2022.

Developing with .NET 6 is not supported in Visual Studio 2019. Visual Studio developers wishing to use .NET 6 must upgrade immediately to Visual Studio 2022. Users of the cross-platform Visual Studio Code have an easier time – it is just a matter of downloading the .NET 6.0 SDK.

The relationship between .NET and these two varieties of Visual Studio (there is also a Mac version) has been contentious recently since Microsoft planned to remove a key feature, Hot Reload, from the open-source SDK to make Visual Studio more compelling. The decision was reversed after an outcry, but with damage to Microsoft’s open-source credentials, especially after the .NET Foundation was revealed to be legally bound to Microsoft and not truly independent, despite its claims.

In a post marking today’s release, Microsoft bragged of “massive gains in performance” such that they have already reduced “the cost of hosting cloud services at Microsoft.” We looked at some of those gains here.

There is a lot more fresh stuff, as you would expect, especially for those who skipped .NET 5.0. The C# language is now at version 10 with a global using directive, value type structs, interpolated strings, and more new features, while F# is at version 6.0 and includes task support and more.

The aforementioned Hot Reload allows editing of source code while an app is running, with the result showing without full rebuild. Blazor WebAssembly now has ahead-of-time compilation: this technology enables C# to be used to code browser applications running on the client as well as on the server. HTTP/3 support has been added to ASP.NET Core. Apple Silicon is supported. Single file applications, described as “a single-file binary that has exactly one file on disk and does not need to extract any of the core runtime assemblies to temporary directories,” are now supported on Windows and macOS as well as Linux.

Visual Studio 2022 is the first 64-bit release of the IDE itself – though it has been able to compile 64-bit applications for years – and includes “AI-assisted code completion” called IntelliCode, though there is no news yet about GitHub’s more advanced Copilot in Visual Studio, it is likely to appear at a future date. Copilot for Visual Studio Code is still in invitation-only preview. Find in Files is claimed to be “as much as 3x faster.” The team said that the IDE is “more lightweight” than before, perhaps learning from its VS Code cousin.

Other new features in Visual Studio 2022 range from support for solutions that include projects in multiple Git repositories, to a revamped user interface with a new font for code called Cascadia, and refreshed icons.

Visual Studio comes in three editions. Community is free and supported for individuals, or for up to five users in “non-enterprise organisations,” defined as organisations with fewer than 250 PCs or under one millions US dollars in revenue. Enterprises are not licensed to use the community edition for developing and testing applications except in limited circumstances, such as for open-source software. Professional is paid-for and unrestricted. The Enterprise edition adds features such as IntelliTrace debugging (record and trace code execution history), Code Coverage, and other test and performance tools.

While that all sounds good, there are some disappointments for .NET developers. One is that Microsoft confirmed recently that .NET 6 is not coming to UWP (Universal Windows Platform) apps. Windows desktop developers are being directed towards WinUI 3 and the Windows App SDK, or may continue developing with the old Windows Forms and Windows Presentation Foundation, though if the latter path is chosen, they will not get the full Windows 11 look and feel using what Microsoft calls Fluent Design. Another issue is that the cross-platform MAUI (Multi-Platform App UI), based on Xamarin technology, is not ready yet and is still in preview, set for release next year. MAUI enables mobile and desktop apps to be built for iOS, Android, macOS and Windows, from one code base.

Perhaps the biggest concern is that Microsoft’s internal debate about the future of .NET and the balance between Microsoft’s commercial interests and those of the open-source community does not yet seem resolved, despite the backtrack over Hot Reload.

One might have thought that Microsoft’s commercial interests are well aligned with open-source users since the company benefits when .NET applications are hosted on Azure, and the success of VS Code along with the continuing popularity of GitHub has great potential to attract developers to the platform.

It is now apparent that some within the company do see Visual Studio as in competition with VS Code, and worry about giving too much away with open-source .NET, and this may continue to be corrosive for the framework.

The .NET Foundation held a discussion on YouTube with its community last week, which .NET developer George Stocker described as inconclusive, along with GitHub-hosted discussions. “There’s been no followup from the Board to the questions asked, or even a timeline for when the questions will be answered… the discussions seem to be an outlet valve for the community’s frustration rather than a means to get the .NET Foundation and its community back on the same page,” he said.

Still, .NET 6.0 and Visual Studio 2022 are replete with new features, performance is improved, and developers will be glad to be able now to code for an LTS runtime while also moving on from .NET Core 3.1. ®

Source link


Nvidia’s Arm deal faces another blow, this time from the US FTC

Voice Of EU



The US Federal Trade Commission wants to block Nvidia’s Arm takeover as it believes the combined company will stifle competition.

Nvidia’s contentious acquisition of UK chip designer Arm continues to face roadblocks as the US Federal Trade Commission’s (FTC) is suing Nvidia to block the deal.

The acquisition, which is now valued at $54bn, has been fighting an uphill battle since it was first announced more than a year ago, first from the UK’s competition watchdog in January 2021 and then from the EU.

Now, the FTC wants to block the acquisition. In a statement, the FTC said Arm’s technology is a critical input that enables competition between Nvidia and its competitors in several markets.

Therefore, it believes the proposed merger would give Nvidia the ability and incentive to use its control of this technology to undermine its competitors, reducing competition and ultimately resulting in reduced product quality, reduced innovation, higher prices and less choice.

The FTC’s bureau of competition director, Holly Vedova, said the proposed deal would allow the combined company to stifle the innovation pipeline for next-generation technologies.

“Tomorrow’s technologies depend on preserving today’s competitive, cutting-edge chip markets. This proposed deal would distort Arm’s incentives in chip markets and allow the combined firm to unfairly undermine Nvidia’s rivals,” she said.

“The FTC’s lawsuit should send a strong signal that we will act aggressively to protect our critical infrastructure markets from illegal vertical mergers that have far-reaching and damaging effects on future innovations.”

Opposition from all sides

The Competition and Markets Authority (CMA) in the UK raised similar concerns in August when it said the deal would require an in-depth investigation.

“We’re concerned that Nvidia controlling Arm could create real problems for Nvidia’s rivals by limiting their access to key technologies, and ultimately stifling innovation across a number of important and growing markets,” said Andrea Coscelli, chief executive of the CMA.

In October, Nvidia’s planned purchase hit another roadblock from the European Commission launching an in-depth antitrust investigation into the deal at the end of October, with a decision expected by 15 March 2022.

“While Arm and Nvidia do not directly compete, Arm’s IP is an important input in products competing with those of Nvidia, for example in data centres, automotive and internet of things,” said executive vice-president Margrethe Vestager, who is responsible for competition policy.

“Our analysis shows that the acquisition of Arm by Nvidia could lead to restricted or degraded access to Arm’s IP, with distortive effects in many markets where semiconductors are used.”

Despite opposition from several watchdogs, Nvidia has been confident the deal will go through.

“Although some Arm licensees have expressed concerns or objected to the transaction, and discussions with regulators are taking longer than initially thought, we are confident in the deal and that regulators should recognise the benefits of the acquisition to Arm, its licensees and the industry,” Nvidia CFO Colette Kress said earlier this year.

And in a letter to the Financial Times a month after the deal was first announced, Nvidia founder and CEO Jensen Huang said the company will maintain Arm’s open licensing model. “We have no intention to ‘throttle’ or ‘deny’ Arm’s supply to any customer.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading


UK government’s risk planning is weak and secretive, says Lords report | Politics

Voice Of EU



Assessment and planning by the government relating to risks facing the UK are deficient and “veiled in secrecy”, a report has found.

The 129-page report, entitled Preparing for Extreme Risks: Building a Resilient Society, was produced by the House of Lords select committee on risk assessment and risk planning – a group appointed in October 2020.

James Arbuthnot, chair of the committee, said that while the UK’s risk assessment processes had been praised across the world before the pandemic, the impact of Covid suggested there may be problems.

“It had been advised that if there were to be a coronavirus pandemic, as a country we would suffer up to 100 deaths,” he said. “Over 140,000 deaths later, we realised that we could perhaps have been doing rather better in our assessment and our planning.”

The report – which draws on sources including oral evidence from 85 witnesses, including from the chief scientific adviser, Sir Patrick Vallance, during 29 sessions – looked at the country’s approach to assessing and preparing for a wide range of risks, from chemical warfare to the climate crisis and severe space weather.

“If you ask, what keeps me awake at nights, it is the growing possibility of major disruption due to more and more frequent cyber-attacks,” said Lord Rees, a committee member. “And even more, I worry on a timescale of tens of years about bioterrorism, bioengineered viruses and all that, which are going to be feasible.”

The report’s conclusions point to a number of shortcomings. Among them the committee highlighted a tendency for the government to focus on immediate problems rather than preparing for the long term.

“The likelihood of major risks actually occurring during the term of the government is low,” said committee member Lord Mair, noting as a result there is no incentive to prepare for them.

The committee also flagged concerns over the National Risk Register and the National Security Risk Assessment (NSRA), and called for better processes to categorise risks, including looking at how vulnerable the country would be to certain threats, and better modelling of how risks can cascade – with Arbuthnot noting as an example the impact of Covid on school exams.

Among other issues the report criticised a lack of transparency by the government. “The current risk management system is veiled in an unacceptable and unnecessary level of secrecy,” the report noted, adding that in turn has hampered the country’s preparedness, with frontline responders including local government and volunteer groups struggling to access the information they need.

It is not the first time the government has been accused of secrecy over risk assessment and planning: a report on Exercise Cygnus, the 2016 government simulation of how the country would handle a fictitious “swan flu”pandemic was only made public after a copy was leaked to the Guardian.

Among other actions, the latest report recommends:

  • The establishment of an Office for Preparedness and Resilience by the government, headed by a newly created post of government chief risk officer.

  • A presumption of publication by the government, and the publication of the content of the Official-Sensitive National Security Risk Assessment except where there is a direct national security risk.

  • The publication, every two years, by the government of a brochure on risk preparedness to inform the public on topics including what to do in an emergency.

“[It’s] much better to face some of these issues, having prepared for, and practised for, and exercised for them in advance rather than doing them first in the heat of battle,” said Arbuthnot

Arbuthnot added the Covid pandemic had offered the chance to “address a public that is ready to be addressed. And people have proved that they’re up to it.”

Prof David Spiegelhalter, chair of the Winton Centre for Risk and Evidence Communication at Cambridge University, and who contributed evidence to the report, welcomed its publication.

“It’s extraordinary that the National Risk Register does not get any public promotion or media coverage, and I welcome the committee’s recommendation to radically improve the communication with the public about the risks they face,” he said. “These vital issues deserve to be widely known and discussed.”

Source link

Continue Reading


Ubiquiti dev charged with data-breaching own employer • The Register

Voice Of EU



A Ubiquiti developer has been charged with stealing data from the company and extortion attempts totalling $2m in what prosecutors claim was a vicious campaign to harm the firm’s share price – including allegedly planting fake press stories about the breaches.

US federal prosecutors claimed that 36-year-old Nickolas Sharp had used his “access as a trusted insider” to steal data from his employer’s AWS and GitHub instances before “posing as an anonymous hacker” to send a ransom demand of 50 Bitcoins.

The DoJ statement does not mention Sharp’s employer by name, but a Linkedin account in Sharp’s name says he worked for Ubiquiti as a cloud lead between August 2018 and March 2021, having previously worked for Amazon as a software development engineer.

In an eyebrow-raising indictment [PDF, 19 pages, non-searchable] prosecutors claim Sharp not only pwned his employer’s business from the inside but joined internal damage control efforts, and allegedly posed as a concerned whistleblower to make false claims about the company wrongly downplaying the attack’s severity, wiping $4bn off its market capitalisation.

Criminal charges were filed overnight in an American federal court against Sharp, of Portland, Oregon. The indictment valued the 50 Bitcoins at $1.9m “based on the prevailing exchange rate at the time.”

US attorney Damian Williams said in a US Justice Department statement: “As further alleged, after the FBI searched his home in connection with the theft, Sharp, now posing as an anonymous company whistle-blower, planted damaging news stories falsely claiming the theft had been by a hacker enabled by a vulnerability in the company’s computer systems.”

Sharp is alleged to have downloaded an admin key which gave him “access to other credentials within Company-1’s infrastructure” from Ubiquiti’s AWS servers at 03:16 local time on 10 December 2020, using his home internet connection. Two minutes later, that same key was used to make the AWS API call GetCallerIdentity from an IP address linked to VPN provider Surfshark – to which Sharp was a subscriber, prosecutors claimed.

Later that month, according to the prosecution, he is alleged to have set AWS logs to a one-day retention policy, effectively masking his presence.

Eleven days after the AWS naughtiness, the indictment claims, he used his own connection to log into Ubiquiti’s GitHub infrastructure. “Approximately one minute later,” alleged the indictment, Sharp used Surfshark to ssh into GitHub and clone around 155 Ubiquiti repos to his home computer.

“In one fleeting instance during the exfiltration of data,” said the indictment, “the Sharp IP address was logged making an SSH connection to use GitHub Account-1 to clone a repository.”

For the rest of that night, prosecutors said, logs showed Sharp’s personal IP alternating with a Surfshark exit node while making clone calls. Although it was not spelled out in the court filing, prosecutors appeared to be suggesting that Surfshark VPN was dropping out and revealing “the attacker’s” true IP.

Ubiquiti discovered what was happening on 28 December. Prosecutors claimed Sharp then joined the company’s internal response to the breaches.

In January 2021 Ubiquiti received a ransom note sent from a Surfshark VPN IP address demanding 25 Bitcoins. If it paid an extra 25 Bitcoins on top of that, said the note, its anonymous author would reveal a backdoor in the company’s infrastructure. This appears to be what prompted Ubiquiti to write to its customers that month alerting them to a data breach. Ubiquiti did not pay the ransom, said the indictment.

Shortly after Federal Bureau of Investigation workers raided Sharp’s home, prosecutors claim he “caused false or misleading news stories to be published about the Incident and Company-1’s disclosures and response to the Incident. Sharp identified himself as an anonymous source within Company-1 who had worked on remediating the Incident. In particular, Sharp pretended that Company-1 had been hacked by an unidentified perpetrator who maliciously acquired root administrator access [to] Company-1’s AWS accounts.”

This appears to be referencing an article by infosec blogger Brian Krebs that was published that day, on 30 March 2021. He spoke “on condition of anonymity for fear of retribution by Ubiquiti”, and El Reg (among many other outlets) followed up Krebs’ reporting in good faith. In that article, the “whistleblower” said he had reported Ubiquiti in to the EU Data Protection Supervisor, the political bloc’s in-house data protection body.

We have asked Krebs for comment.

Sharp is innocent unless proven guilty. He is formally charged with breaches of the Computer Fraud and Abuse Act, transmitting interstate threats, wire fraud and making false statements to the FBI. If found guilty on all counts and handed maximum, consecutive sentences on each, he faces 37 years in prison. ®

Source link

Continue Reading


Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!