Category: News

python-2

Grumpy: Go running Python!

Google runs millions of lines of Python code. The front-end server that drives youtube.com and YouTube’s APIs is primarily written in Python, and it serves millions of requests per second! YouTube’s front-end runs on CPython 2.7, so we’ve put a ton of work into improving the runtime and adapting our application to work optimally within it. These efforts have borne a lot of fruit over the years, but we always run up against the same issue: it’s very difficult to make concurrent workloads perform well on CPython.

To solve this problem, we investigated a number of other Python runtimes. Each had trade-offs and none solved the concurrency problem without introducing other issues.

So we asked ourselves a crazy question: What if we were to implement an alternative runtime optimized for real-time serving? Once we started going down the rabbit hole, Go seemed like an obvious choice of platform since its operational characteristics align well with our use case (e.g. lightweight threads). We wanted first class language interoperability and Go’s powerful runtime type reflection system made this straightforward. Python in Go felt very natural, and so Grumpy was born.
Grumpy is an experimental Python runtime for Go. It translates Python code into Go programs, and those transpiled programs run seamlessly within the Go runtime. We needed to support a large existing Python codebase, so it was important to have a high degree of compatibility with CPython (quirks and all). The goal is for Grumpy to be a drop-in replacement runtime for any pure-Python project.

Two design choices we made had big consequences. First, we decided to forgo support for C extension modules. This means that Grumpy cannot leverage the wealth of existing Python C extensions but it gave us a lot of flexibility to design an API and object representation that scales for parallel workloads. In particular, Grumpy has no global interpreter lock, and it leverages Go’s garbage collection for object lifetime management instead of counting references. We think Grumpy has the potential to scale more gracefully than CPython for many real world workloads. Results from Grumpy’s synthetic Fibonacci benchmark demonstrate some of this potential:

Second, Grumpy is not an interpreter. Grumpy programs are compiled and linked just like any other Go program. The downside is less development and deployment flexibility, but it offers several advantages. For one, it creates optimization opportunities at compile time via static program analysis. But the biggest advantage is that interoperability with Go code becomes very powerful and straightforward: Grumpy programs can import Go packages just like Python modules! For example, the Python snippet below uses Go’s standard net/http package to start a simple server:

from __go__.net.http import ListenAndServe, RedirectHandler handler = RedirectHandler(‘http://github.com/google/grumpy’, 303) ListenAndServe(‘127.0.0.1:8080’, handler)
We’re excited about the prospects for Grumpy. Although it’s still alpha software, most of the language constructs and many core built-in types work like you’d expect. There are still holes to fill — many built-in types are missing methods and attributes, built-in functions are absent and the standard library is virtually empty. If you find things that you wish were working, file an issue so we know what to prioritize. Or better yet, submit a pull request.

Stay Grumpy!

By Dylan Trotter, YouTube Engineering

 

See full news: https://opensource.googleblog.com/2017/01/grumpy-go-running-python.html

payment-site-header

FireCrypt Ransomware Packs DDoS Code

Ransomware has become a menace for both consumers and enterprises, and malware authors appear determined to take the threat to the next level by adding new capabilities, such as distributed denial of service (DDoS) functionality.

Such is the case with FireCrypt, a recently spotted ransomware family capable not only of encrypting victims’ files, but also of launching a DDoS attack against a URL hardcoded in the source code. The malicious app continuously connects to said URL, but also downloads content from it and saves it to the local machine’s %Temp% folder, ultimately filling it up with junk files.

Discovered by the MalwareHunterTeam, the FireCrypt ransomware is built using a command-line application that also allows the author to create, modify basic settings and save samples in the form of executables. Called BleedGreen, the tool is said to be low end, as it doesn’t enable the modification of settings such as the Bitcoin address for payments, ransom value, contact email address, and more.

However, the builder can disguise the executable under a PDF or DOC icon, and can slightly alter the ransomware’s binary so that the new file would feature a different hash. This technique is usually used to create polymorphic malware that is more difficult to detect by standard anti-virus programs.

The ransomware’s author attempts to trick the potential victim into launching the .exe file, which triggers the infection process. When that happens, FireCrypt immediately kills the Task Manager (taskmgr.exe) process and starts encrypting user’s files using the AES-256 encryption algorithm. The ransomware targets 20 file extensions.

FireCrypt keeps the original file names and extensions, but appends .firecrypt to all encrypted files’ names. As soon as the encryption process has been completed, the malware drops a ransom note on the desktop. The ransom note appears identical to that used by the Deadly for a Good Purpose Ransomware, which was discovered in October 2016, when it was still under development.

According to security researchers, the two ransomware families are closely related, with only a few changes seen in their source code. The Deadly for a Good Purpose Ransomware, for example, wouldn’t encrypt files if the infected computer’s date wasn’t 2017. Both families use the same Bitcoin address, and FireCrypt is believed to be a rebranded version of the original malware.

After dropping the ransom note, FireCrypt proceeds to the DDoS activities, which are currently targeting the official portal of Pakistan’s Telecommunication Authority. The malware connects to http://www.pta.gov(.)pk/index.php and downloads the content to a file in the %Temp% folder. It does that repeatedly, which results in the %Temp% folder filling up fast.

The researchers analyzing the ransomware say that the targeted URL cannot be modified using the ransomware’s builder, and that the so called DDoS attack against the website isn’t efficient. For it to cause real damage, the malware would have to infect thousands of computers at the same time, and would also need for all infected machines to be connected to the Internet simultaneously.

Related: Destructive KillDisk Malware Turns Into Ransomware

Related: Ransomware Campaign Targets HR Departments

Related: Multi-Purpose Ransomware Fuels DDoS Attacks

PFcZQn49ZB95f6vygi3mNS-970-80

Windows 10 for nothing? It’s not too late for a free upgrade

There are still two unofficial routes to get Windows 10 for free

Remember that Windows 7/8.1 users could upgrade for free to Windows 10 for the first year of the new operating system’s existence? That offer officially expired at the end of July last year, but reportedly it’s still perfectly possible to make the leap to Windows 10 without paying a penny.

You may recall that back in August 2016, we reported on two methods which could still be used to achieve a free upgrade from Windows 7/8.1, and the good – and surprising – news is that both of these ways can still be successfully used.

According to Techspot, the Windows 10 free upgrade for customers who use assistive technologies to help them operate their PC is still open to anyone – meaning that Microsoft doesn’t check whether you actually need to use these assistive utilities such as the screen reader.

As we pointed out in the past, this is certainly a morally questionable route for obtaining your free upgrade.

Old key

Although the other method of using an old Windows 7/8.1 product key also still works, which is even more surprising – we’d have definitely thought Microsoft would have closed this loophole by now.

Of course, more users migrating to the newest OS won’t hurt Microsoft’s adoption figures which are still being carefully scrutinized, so perhaps we shouldn’t be so surprised that these unofficial loopholes remain.

However, they certainly won’t remain forever, so if you’ve been regretting not upgrading, it’s probably best to take the plunge sooner rather than later. A new OS for a New Year…