Google Cloud launches a managed Memcached service

Google today announced the beta of Memorystore for Memcached, a new service that provides a fully managed in-memory datastore that is compatible with the open-source Memcached protocol. It will join Redis in the Memorystore family, which first launched in 2018.

As Gopal Ashok, Google’s product manager for Memorystore notes in today’s announcement, Redis remains a popular choice for use cases like session stores, gaming leaderboard, stream analytics, threat detection and API rate limiting, while Memcached is typically used as a caching layer for databases. Developers also regularly use Memcached as a session store and with this new service, developers can scale their clusters up to 5TB of memory per instance.

Since the service is fully compatible with Memcached, developers should be able to take any of their applications that use the protocol and migrate them over to Google Cloud and its Memorystore platform. As a fully managed service, Google will handle all of the routine tasks like monitoring and patching. Figuring out the right size of a cache remains a bit of an art, though, but Google Cloud argues that its detailed metrics will allow developers to easily scale their instances up and down as needed to optimize the service for their specific use cases. Those metrics, the company notes, are exposed in Cloud Monitoring, Google Cloud’s centralized monitoring dashboard, and the Cloud Console.

Currently, Memorystore for Memcached can be used for applications that run on Compute Engine, Google Kubernetes Engine (GKE), App Engine Flex, App Engine Standard and Cloud Functions.

It’s worth noting that Amazon, with ElastiCache for Memcached, and specialized startups like MemCachier. And Redis Labs, too, is offering a fully managed Memcached service that can run on AWS, Azure and Google Cloud.

A bug bounty alone won’t save your startup — here’s why

In this world, there is no such thing as perfect security.

Every app or service you use — even the websites you visit — have security bugs. Companies go through repeated rounds of testing, code reviews and audits — sometimes even bringing in third-parties. Bugs get missed — that’s life, and it happens — but when they are uncovered, companies can get hacked.

That’s where a bug bounty comes into play. A bug bounty is an open-door policy to anyone who finds a bug or a security flaw; they are critical for channeling those vulnerabilities back to your development team so they can be fixed before bad actors can exploit them.

Bug bounties are an extension of your internal testing process and incentivize hackers to report bugs and issues and get paid for their work rather than dropping details of a vulnerability out of the blue (aka a “zero-day”) for anyone else to take advantage of.

Bug bounties are a win-win, but paying hackers for bugs is only one part of the process. As is usually the case where security meets startup culture, getting the right system in place early is best.

Why you need a vulnerability disclosure program

A bug bounty is just a small part of the overall bug-hunting and remediating process.

Zoom freezes feature development to fix security and privacy issues

Zoom has been widely criticized over the past couple of weeks for terrible security, a poorly designed screensharing feature, misleading dark pattern, fake end-to-end-encryption claims and an incomplete privacy policy. Despite that, the video conferencing service has attracted a ton of new users thanks to the coronavirus lockdowns around the world — the company reached 200 million daily active users last month.

Zoom, an enterprise product designed for boring corporate meetings, has become a mainstream product with all the risks that it involves.

That’s why the company’s CEO Eric S. Yuan has written a lengthy blog post to address some of the concerns around Zoom. He starts by sharing some metrics. Zoom has been used by 90,000 schools around 20 countries. Daily meetings participants jumped from 10 million in December to 200 million in March.

But some companies are starting to reconsider using Zoom for video conferences. For instance, SpaceX, Elon Musk’s rocket company, has banned its employees from using the service.

For the next 90 days, Zoom is enacting a feature freeze, which means that the company isn’t going to ship any new feature until it is done fixing the current feature set. Zoom will also work with third-party experts and prepare a transparency report.

“For the past several weeks, supporting this influx of users has been a tremendous undertaking and our sole focus,” Yuan writes. “However, we recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it.”

As expected, Yuan says that mainstream adoption has led to unforeseen issues. “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived,” he writes.

In addition to keeping up with the massive influx of customer support requests, Zoom has already shipped a few updates to solve some issues. The company released a new version of its iOS app to remove Facebook’s SDK as the company’s privacy policy never said that you consent to sharing data with Facebook. The company updated its privacy policy as well.

Zoom removed the attendee attention tracker feature, a controversial feature that lets hosts see if the Zoom window is currently in focus. The company has also shipped security updates after Patrick Wardle uncovered vulnerabilities.

Zoom wrote a dedicated K-12 privacy policy and changed some default settings for schools (waiting rooms are on by default, only teachers can share content, etc.).

The company is far from done. Don’t forget that it claimed that calls are end-to-end encrypted even though they’re not at all. More importantly, the fact that Zoom is fixing issues as quickly as it can isn’t enough. Something is wrong at Zoom — there’s a corporate culture issue that leads to all those missteps. It’ll take much longer than 90 days.

A former chaos engineer offers 5 tips for handling online disasters remotely

I recently had a scheduled video conference call with a Fortune 100 company.

Everything on my end was ready to go; my presentation was prepared and well-practiced. I was set to talk to 30 business leaders who were ready to learn more about how they could become more resilient to major outages.

Unfortunately, their side hadn’t set up the proper permissions in Zoom to add new people to a trusted domain, so I wasn’t able to share my slides. We scrambled to find a workaround at the last minute while the assembled VPs and CTOs sat around waiting. I ended up emailing my presentation to their coordinator, calling in from my mobile and verbally indicating to the coordinator when the next slide needed to be brought up. Needless to say, it wasted a lot of time and wasn’t the most effective way to present.

At the end of the meeting, I said pointedly that if there was one thing they should walk away with, it’s that they had a vital need to run an online fire drill with their engineering team as soon as possible. Because if a team is used to working together in an office — with access to tools and proper permissions in place — it can be quite a shock to find out in the middle of a major outage that they can’t respond quickly and adequately. Issues like these can turn a brief outage into one that lasts for hours.

Quick context about me: I carried a pager for a decade at Amazon and Netflix, and what I can tell you is that when either of these services went down, a lot of people were unhappy. There were many nights where I had to spring out of bed at 2 a.m., rub the sleep from my eyes and work with my team to quickly identify the problem. I can also tell you that working remotely makes the entire process more complicated if teams are not accustomed to it.

There are many articles about best practices aimed at a general audience, but engineering teams have specific challenges as the ones responsible for keeping online services up and running. And while leading tech companies already have sophisticated IT teams and operations in place, what about financial institutions and hospitals and other industries where IT is a tool, but not a primary focus? It’s often the small things that can make all the difference when working remotely; things that seem obvious in the moment, but may have been overlooked.

So here are some tips for managing incidents remotely:

There were many nights where I had to spring out of bed at 2 a.m., rub the sleep from my eyes and work with my team to quickly identify the problem… working remotely makes the entire process more complicated if teams are not accustomed to it.

Scaleway launches managed Kubernetes clusters

Cloud hosting company Scaleway has launched Kubernetes Kapsule, a new service that lets you manage Kubernetes clusters on Scaleway’s infrastructure. The service works with a wide-range of Scaleway instances and lets you create large clusters that scales depending on demand.

Kubernetes is an open-source platform to manage containers and the server infrastructure behind those containers. Building an application using containers lets you divide your application into multiple applications and services that you can deploy and upgrade individually without interacting with the main operating system of the server.

And thanks to Kubernetes, you can spin up more nodes (more servers) and containers to scale your infrastructure. This way, you always have enough resources to handle peaks. It can also scale down your cluster to save money.

Scaleway’s managed Kubernetes service is free of charge, which means you only have to pay for nodes that you use. Scaleway scales your cluster, checks that your nodes are working as expected every 15 minutes and gives you a web dashboard to monitor your cluster.

The company also says that there’s some redundancy for the control plane so that it remains available if your control plane fails (99.95% SLA). It supports 500 nodes at a time.

Kapsule supports Scaleway’s cloud instances, GPU-based instances, block storage and load balancers. The company also provides a container registry to store your container images. You could imagine building a cluster that looks like this:

Kapsule respects the Cloud Native Computing Foundation standards, which means that you can migrate existing CNCF clusters to Scaleway, or you could build a multi-cloud infrastructure.

A managed Kubernetes service could help Scaleway attract more enterprise and large-scale clients. It could be particularly useful for clients looking for another cloud hosting provider to add some redundancy.

Microsoft launches Edge Zones for Azure

Microsoft today announced the launch of Azure Edge Zones, which will allow Azure users to bring their applications to the company’s edge locations. The focus here is on enabling real-time low-latency 5G applications. The company is also launching a version of Edge Zones with carriers (starting with AT&T) in preview, which connects these zones directly to 5G networks in the carrier’s data center. And to round it all out, Azure is also getting Private Edge Zones for those who are deploying private 5G/LTE networks in combination with Azure Stack Edge.

In addition to partnering with carriers like AT&T, as well as Rogers, SK Telecom, Telstra and Vodafone, Microsoft is also launching new standalone Azure Edge Zones in more than 10 cities over the next year, starting with L.A., Miami and New York later this summer.

“For the last few decades, carriers and operators have pioneered how we connect with each other, laying the foundation for telephony and cellular,” the company notes in today’s announcement. “With cloud and 5G, there are new possibilities by combining cloud services, like compute and AI with high bandwidth and ultra-low latency. Microsoft is partnering with them bring 5G to life in immersive applications built by organization and developers.”

This may all sound a bit familiar and that’s because only a few weeks ago, Google launched Anthos for Telecom and its Global Mobile Edge Cloud, which at first glance offers a similar promise of bringing applications close to that cloud’s edge locations for 5G and telco usage. Microsoft argues that its offering is more comprehensive in terms of its partner ecosystem and geographic availability. But it’s clear that 5G is a trend all of the large cloud providers are trying to tap into. Microsoft’s own acquisition of 5G cloud specialist Affirmed Networks is yet another example of how it is looking to position itself in this market.

As far as the details of the various Edge Zone versions go, the focus of Edge Zones is mostly on IoT and AI workloads, while Microsoft notes that Edge Zones with Carriers is more about low-latency online gaming, remote meetings and events, as well as smart infrastructure. Private Edge Zones, which combine private carrier networks with Azure Stack Edge, is something only a small number of large enterprise companies is likely to look into, given the cost and complexity of rolling out a system like this.

 

DataStax launches Kubernetes operator for open source Cassandra database

Today, DataStax, the commercial company behind the open source Apache Cassandra project, announced an open source Kubernetes operator developed by the company to run a cloud native version of the database.

When Sam Ramji, chief strategy officer at DataStax, came over from Google last year, the first thing he did was take the pulse of customers, partners and community members around Kubernetes and Cassandra, and they found there was surprisingly limited support.

While some companies had built Kubernetes support themselves, DataStax lacked one to call its own. Given that Kubernetes was born inside Google, and the company has widely embraced the notion of containerization in general, Ramji wanted there to be an operator specifically designed by the company to give customers a general starting point with Kubernetes.

“What’s special about the Kube operator that we’re offering to the community as an opinion — one of many — is that we have done the work to generalize the operator to Cassandra wherever it might be implemented,” Ramji told TechCrunch.

Ramji says that most companies that have created their own Kubernetes operators tend to specialize for their own particular requirements, which is fine, but as the company built on top of Cassandra, they wanted to come up with a general version that could appeal broader range of use cases.

In Kubernetes, the operator is how the DevOps team packages, manages and deploys an application, giving it the instructions it needs to run correctly. DataStax has created this operator specifically to run Cassandra with a broad set of assumptions.

Cassandra is a powerful database because it stays running when many others fall down. As such it is used by companies as varied as Apple, eBay and Netflix to run their key services. This new Kubernetes implementation will enable anyone who wishes to run Cassandra as a containerized application, helping push it into a modern development realm.

The company also announced a free help service for engineers trying to cope with increased usage on their databases due to COVID-19. They are calling the program, “Keep calm and Cassandra on.” The engineers charged with keeping systems like Cassandra running are called Site Reliability Engineers or SREs.

“The new service is completely free SRE-to-SRE support calls. So our SREs are taking calls from Apache Cassandra users anywhere in the world, no matter what version they’re using if they’re trying to figure out how to keep it up to stand up to the increased demand,” Ramji explained.

DataStax was founded in 2010 and has raised over $190 million, according to PitchBook data.

Cnvrg.io launches a free version of its data science platform

Data science platform cnvrg.io today announced the launch of the free community version of its data science platform. Dubbed ‘CORE,’ this version includes most — but not all — of the standard feature in cnvrg’s main commercial offering. It’s an end-to-end solution for building, managing and automating basic ML models with limitations in the free version that mostly center around the production capabilities of the paid premium version and working with larger teams of data scientists.

As the company’s CEO Yochay Ettun told me, CORE users will be able to use the platform either on-premise or in the cloud, using Nvidia-optimized containers that run on a Kubernetes cluster. Because of this, it natively handles hybrid- and multi-cloud deployments that can automatically scale up and down as needed — and adding new AI frameworks is simply a matter of spinning up new containers, all of which are managed from the platform’s web-based dashboard.

Ettun describes CORE as a ‘lightweight version’ of the original platform but still hews closely to the platform’s original mission. “As was our vision from the very start, cnvrg.io wants to help data scientists do what they do best – build high impact AI,” he said. “With the growing technical complexity of the AI field, the data science community has strayed from the core of what makes data science such a captivating profession — the algorithms. Today’s reality is that data scientists are spending 80 percent of their time on non-data science tasks, and 65 percent of models don’t make it to production. Cnvrg.io CORE is an opportunity to open its end-to-end solution to the community to help data scientists and engineers focus less on technical complexity and DevOps, and more on the core of data science — solving complex problems.”

This has very much been the company’s direction from the outset and as Ettun noted in a blog post from a few days ago, many data scientists today try to build their own stack by using open-source tools. They want to remain agile and able to customize their tools to their needs, after all. But he also argues that data scientists are usually hired to build machine learning models, not to build and manage data science platforms.

While other platforms like H2O.ai, for example, are betting on open source and the flexibility that comes with that, cnvrg.io’s focus is squarely on ease of use. Unlike those tools, Jerusalem-based cnvrg.io, which has raised about $8 million so far, doesn’t have the advantage of the free marketing that comes with open source, so it makes sense for the company to now launch this free self-service version

It’s worth noting that while cnvrg.io features plenty of graphical tools for managing date ingestion flows, models and clusters, it’s very much a code-first platform. With that, Ettun tells me that the ideal user is a data scientist, data engineer or a student passionate about machine learning. “As a code-first platform, users with experience and savvy in the data science field will be able to leverage cnvrg CORE features to produce high impact models,” he said. “As our product is built around getting more models to production, users that are deploying their models to real-world applications will see the most value.”

 

Turbo Systems hires former Looker CMO Jen Grant as CEO

Turbo Systems, a three-year old, no-code mobile app startup, announced today it has brought on industry veteran Jen Grant to be CEO.

Grant, who was previously vice president of marketing at Box and chief marketing officer at Elastic and Looker, brings more than 15 years of tech company experience to the young startup.

She says that when Looker got acquired by Google last June for $2.6 billion, she began looking for her next opportunity. She had done a stint with Google as a product manager earlier in her career and was looking for something new.

She saw Looker as a model for the kind of company she wanted to join, one that had a founder focused on product and engineering, who hired an outside CEO early on to run the business, as Looker had done. She found that in Turbo where founder Hari Subramanian was taking on that type of role. Subramanian was also a successful entrepreneur, having previously founded ServiceMax before selling it to GE in 2016.

“The first thing that really drew me to Turbo was this partnership with Hari,” Grant told TechCrunch. While that relationship was a key component for her, she says even with that, before she decided to join, she spoke to customers and she saw an enthusiasm there that drew her to the company.

“I love products that actually help people. And so Box is helping people collaborate and share files and work together. Looker is about getting data to everyone in the organization so that everyone could be making great decisions, and at Turbo we’re making it easy for anyone to create a mobile app that helps run their business,” she said.

Grant has been on the job for just 30 days, joining the company in the middle of a global pandemic. So it’s even more challenging than the typical early days for any new CEO, but she is looking forward and trying to help her 36 employees navigate this situation.

“You know, I didn’t know that this is what would happen in my first 30 days, but what inspires me, what’s a big part of it is that I can help by growing this company, by being successful and by being able to hire more and more people, and contribute to getting our economy back on track,” Grant said.

She also recognizes that there is a lack of diversity in her new CEO role, and she hopes to be a role model. “I have been fortunate to get to a position where I know I can do this job and do it well. And it’s my responsibility to do this work, my responsibility to show it can be done and shouldn’t be an anomaly.”

Turbo Systems was founded in 2017 and has raised $8 million, according to Crunchbase. It helps companies build mobile apps without coding, connecting to 140 different data sources such as Salesforce, SAP and Oracle.

One.com acquires Hostnet as hosting providers continue consolidation in Europe

The coronavirus pandemic has all but halted a lot of business activity, but today comes news of a deal that underscores how M&A is still happening in some sectors despite (not because of) everything else going on. One.com — the big hosting provider in Europe with around 1.5 million customers, itself acquired just over a year ago by PE firm Cinven — has acquired Hostnet, a smaller Netherlands-based competitor with about 210,000 customers.

Financial terms of the deal are not being disclosed but a spokesperson for One.com said that it includes all of Hostnet’s existing business — which includes management of 810,000 domain names and 85,000 websites; domain registration, web hosting and SaaS applications services; and managed and virtual private services — and its existing employees.

The spokesperson added that the deal has been in the works for several weeks and closed in the last couple of weeks, with the teams “working through the coronavirus pandemic” to finalise it.

“We are pleased to announce the acquisition of Hostnet given its focus on operational excellence and high brand awareness,” said Stephan Wolfram, Group CEO of One.com, in a statement. “As a result of this transaction, we are now a leading operator in the Dutch hosting market that is core to the development of our business strategy. We look forward to working with the team at Hostnet and significantly enhancing our European presence and product range for our customers.”

You might wonder if Hostnet and One.com are being impacted by the pandemic — specifically, whether the fact that both count small businesses, which have been some of the hardest-hit in terms of operations, as a primary customer base, and whether that is impacting their own bottom line or leading to payment delinquency. The spokesperson said that this was not a factor in this deal or in the financial terms.

There is some data to support that: the consolidation of multiple smaller hosting providers has been a theme for a while now, with companies looking for more economies of scale.

“Hostnet is a highly regarded player in the hosting market with capabilities, awareness and products that will contribute to further accelerate the development of one.com’s business,” Harold Douwes, founder and CEO of Hostnet, said in a statement. “Within the consolidating hosting market, it was important for Hostnet to connect with a strong partner. We found it in one.com, an ambitious party with a lot of knowledge and experience. This offers plenty of possibilities and opportunities for the future.”

As we have pointed out before, web hosting and related services represent a significant, if not wildly evolving, part of the tech landscape. So, for as long as businesses and consumers continue to use the web — and, as everyone is staying at home, we have had even more web traffic of late than ever — there will be a need for companies who sell and host domain names and provide various cloud services around that.

But since there  is a lot of competition in this space, that means prices are competitive to customers, and that, in turn, also means that margins, particularly in the resale of SaaS tools, are low. In other words, we’re likely to see more consolidation in this area over time.

Now backed by Cinven, One.com itself has been pursuing that strategy over the last year. Its other acquisitions have included other regional leaders such as SYSE and Digital Garden in the nordics.