All posts in “computing”

Apollo raises $22M for its GraphQL platform

Apollo, a San Francisco-based startup that provides a number of developer and operator tools and services around the GraphQL query language, today announced that it has raised a $22 million growth funding round co-led by Andreessen Horowitz and Matrix Partners. Existing investors Trinity Ventures and Webb Investment Network also participated in this round.

Today, Apollo is probably the biggest player in the GraphQL ecosystem. At its core, the company’s services allow businesses to use the Facebook -incubated GraphQL technology to shield their developers from the patchwork of legacy APIs and databases as they look to modernize their technology stacks. The team argues that while REST APIs that talked directly to other services and databases still made sense a few years ago, it doesn’t anymore now that the number of API endpoints keeps increasing rapidly.

Apollo replaces this with what it calls the Data Graph. “There is basically a missing piece where we think about how people build apps today, which is the piece that connects the billions of devices out there,” Apollo co-founder and CEO Geoff Schmidt told me. “You probably don’t just have one app anymore, you probably have three, for the web, iOS and Android . Or maybe six. And if you’re a two-sided marketplace you’ve got one for buyers, one for sellers and another for your ops team.”

Managing the interfaces between all of these apps quickly becomes complicated and means you have to write a lot of custom code for every new feature. The promise of the Data Graph is that developers can use GraphQL to query the data in the graph and move on, all without having to write the boilerplate code that typically slows them down. At the same time, the ops teams can use the Graph to enforce access policies and implement other security features.

“If you think about it, there’s a lot of analogies to what happened with relational databases in the ’80s,” Schmidt said. “There is a need for a new layer in the stack. Previously, your query planner was a human being, not a piece of software, and a relational database is a piece of software that would just give you a database. And you needed a way to query that database, and that syntax was called SQL.”

Geoff Schmidt, Apollo CEO, and Matt DeBergalis, CTO

GraphQL itself, of course, is open source. Apollo is now building a lot of the proprietary tools around this idea of the Data Graph that make it useful for businesses. There’s a cloud-hosted graph manager, for example, that lets you track your schema, as well as a dashboard to track performance, as well as integrations with continuous integration services. “It’s basically a set of services that keep track of the metadata about your graph and help you manage the configuration of your graph and all the workflows and processes around it,” Schmidt said.

The development of Apollo didn’t come out of nowhere. The founders previously launched Meteor, a framework and set of hosted services that allowed developers to write their apps in JavaScript, both on the front-end and back-end. Meteor was tightly coupled to MongoDB, though, which worked well for some use cases but also held the platform back in the long run. With Apollo, the team decided to go in the opposite direction and instead build a platform that makes being database agnostic the core of its value proposition.

The company also recently launched Apollo Federation, which makes it easier for businesses to work with a distributed graph. Sometimes, after all, your data lives in lots of different places. Federation allows for a distributed architecture that combines all of the different data sources into a single schema that developers can then query.

Schmidt tells me the company started to get some serious traction last year and by December, it was getting calls from VCs that heard from their portfolio companies that they were using Apollo.

The company plans to use the new funding to build out its technology to scale its field team to support the enterprises that bet on its technology, including the open-source technologies that power both the services.

“I see the Data Graph as a core new layer of the stack, just like we as an industry invested in the relational database for decades, making it better and better,” Schmidt said. “We’re still finding new uses for SQL and that relational database model. I think the Data Graph is going to be the same way.”

Why identity startup Auth0’s founder still codes: It makes him a better boss

If you ask Eugenio Pace to describe himself, “engineer” would be fairly high on the list.

“Being a CEO is pretty busy,” he told TechCrunch in a call last week. “But I’m an engineer in my heart — I am a problem solver,” he said.

Pace, an Argentinan immigrant to the U.S., founded identity management company Auth0 in 2013 after more than a decade at Microsoft. Auth0, pronounced “auth-zero,” has been described as like Stripe for payments or Twilio for messaging. App developers can add a few lines of code and it immediately gives their users access to the company’s identity management service.

That means the user can securely log in to the app without building a homebrew username and password system that’s invariably going to break. Any enterprise paying for Auth0 can also use its service to securely logon to the company’s internal network.

“Nobody cares about authentication, but everybody needs it,” he said.

Pace said Auth0 works to answer two simple questions. “Who are you, and what can you do?” he said.

“Those two questions are the same regardless of the device, the app, or whether if I’m an employee of somebody or if I am an individual using an app, or if I am using a device where there’s no human attached to it,” he said.

Whoever the users are, the app needs to know if the person using the app or service is allowed to, and what level of access or functionality they can get. “Can you transfer these funds?,” he said. “Can you approve these expense reports? Can you open the door of my house?” he explained.

Pace left Microsoft in 2012 and founded Auth0 during the emergence of Azure, which transformed Microsoft from a software giant into a cloud company. It was at Microsoft where he found identity management was one of the biggest headaches for developers moving their apps to the cloud. He wrote book after book, and edition after edition. “I felt like I could keep writing books about the problem — or I can just solve the problem,” he said.

So he did.

Instead of teaching developers how to become experts in identity management, he wanted to give them the tools to employ a sign-on solution without ever having to read a book.

The Slack origin story

Let’s rewind a decade.

It’s 2009. Vancouver, Canada.

Stewart Butterfield, known already for his part in building Flickr, a photo-sharing service acquired by Yahoo in 2005, decided to try his hand — again — at building a game. Flickr had been a failed attempt at a game called Game Neverending followed by a big pivot. This time, Butterfield would make it work.

To make his dreams a reality, he joined forces with Flickr’s original chief software architect Cal Henderson, as well as former Flickr employees Eric Costello and Serguei Mourachov, who like himself, had served some time at Yahoo after the acquisition. Together, they would build Tiny Speck, the company behind an artful, non-combat massively multiplayer online game.

Years later, Butterfield would pull off a pivot more massive than his last. Slack, born from the ashes of his fantastical game, would lead a shift toward online productivity tools that fundamentally change the way people work.

Glitch is born

In mid-2009, former TechCrunch reporter-turned-venture-capitalist M.G. Siegler wrote one of the first stories on Butterfield’s mysterious startup plans.

“So what is Tiny Speck all about?” Siegler wrote. “That is still not entirely clear. The word on the street has been that it’s some kind of new social gaming endeavor, but all they’ll say on the site is ‘we are working on something huge and fun and we need help.’”

Siegler would go on to invest in Slack as a general partner at GV, the venture capital arm of Alphabet .

“Clearly this is a creative project,” Siegler added. “It almost sounds like they’re making an animated movie. As awesome as that would be, with people like Henderson on board, you can bet there’s impressive engineering going on to turn this all into a game of some sort (if that is in fact what this is all about).”

After months of speculation, Tiny Speck unveiled its project: Glitch, an online game set inside the brains of 11 giants. It would be free with in-game purchases available and eventually, a paid subscription for power users.

Facebook releases community standards enforcement report

Facebook has just released its latest community standards enforcement report and the verdict is in: people are awful, and happy to share how awful they are with the world.

The latest effort at transparency from Facebook on how it enforces its community standards contains several interesting nuggets. While the company’s algorithms and internal moderators have become exceedingly good at tracking myriad violations before they’re reported to the company, hate speech, online bullying, harassment and the nuances of interpersonal awfulness still have the company flummoxed.

In most instances, Facebook is able to enforce its own standards and catches between 90% and over 99% of community standards violations itself. But those numbers are far lower for bullying, where Facebook only caught 14% of the 2.6 million instances of harassment reported; and hate speech, where the company internally flagged 65.4% of the 4.0 million moments of hate speech users reported.

By far the most common violation of community standards — and the one that’s potentially most worrying heading into the 2020 election — is the creation of fake accounts. In the first quarter of the year, Facebook found and removed 2.19 billion fake accounts. That’s a spike of 1 billion fake accounts created in the first quarter of the year.

Spammers also keep trying to leverage Facebook’s social network — and the company took down nearly 1.76 billion instances of spammy content in the first quarter.

For a real window into the true awfulness that people can achieve, there are the company’s self-reported statistics around removing child pornography and graphic violence. The company said it had to remove 5.4 million pieces of content depicting child nudity or sexual exploitation and that there were 33.6 million takedowns of violent or graphic content.

Interestingly, the areas where Facebook is the weakest on internal moderation are also the places where the company is least likely to reverse a decision on content removal. Although posts containing hate speech are among the most appealed types of content, they’re the least likely to be restored. Facebook reversed itself 152,000 times out of the 1.1 million appeals it heard related to hate speech. Other areas where the company seemed immune to argument was with posts related to the sale of regulated goods like guns and drugs.

In a further attempt to bolster its credibility and transparency, the company also released a summary of findings from an independent panel designed to give feedback on Facebook’s reporting and community guidelines themselves.

Facebook summarized the findings from the 44-page report by saying the commission validated Facebook’s approach to content moderation was appropriate and its audits well-designed “if executed as described.”

The group also recommended that Facebook develop more transparent processes and greater input for users into community guidelines policy development.

Recommendations also called for Facebook to incorporate more of the reporting metrics used by law enforcement when tracking crime.

“Law enforcement looks at how many people were the victims of crime — but they also look at how many criminal events law enforcement became aware of, how many crimes may have been committed without law enforcement knowing and how many people committed crimes,” according to a blog post from Facebook’s Radha Iyengar Plumb, head of Product Policy Research. “The group recommends that we provide additional metrics like these, while still noting that our current measurements and methodology are sound.”

Finally the report recommended a number of steps for Facebook to improve, which the company summarized below:

  • Additional metrics we could provide that show our efforts to enforce our polices such as the accuracy of our enforcement and how often people disagree with our decisions
  • Further break-downs of the metrics we already provide, such as the prevalence of certain types of violations in particular areas of the world, or how much content we removed versus apply a warning screen to when we include it in our content actioned metric
  • Ways to make it easier for people who use Facebook to stay updated on changes we make to our policies and to have a greater voice in what content violates our policies and what doesn’t

Meanwhile, examples of what regulation might look like to ensure that Facebook is taking the right steps in a way that is accountable to the countries in which it operates are beginning to proliferate.

It’s hard to moderate a social network that’s larger than the world’s most populous countries, but accountability and transparency are critical to preventing the problems that exist on those networks from putting down permanent, physical roots in the countries where Facebook operates.

A cryptocurrency stealing app found on Google Play was downloaded over a thousand times

Researchers have found two apps masquerading as cryptocurrency apps on Android’s app store, Google Play.

One of them was largely a dud. The second was designed to steal cryptocurrency, the researchers said.

Security firm ESET said one of the two fake Android apps impersonated Trezor, a hardware cryptocurrency wallet. The good news is that app couldn’t be used to steal cryptocurrency stored by Trezor. But the researchers found the app was connected to a second Android app which could have been used to scam funds out of unsuspecting victims.

Lukas Stefanko, a security researcher at ESET — who has a long history of finding dodgy Android apps — said the fake Trezor app “appeared trustworthy at first glance” but was using a fake developer name to impersonate the company.

The fake app was designed to trick users into turning over a victim’s login credentials. Uploaded to Google Play on May 1, the app quickly ranked as the second-most popular search result when searching for “Trezor” behind the legitimate app, said Stefanko. Users on Reddit also found the fake app and reported it as recently as two weeks ago.

According to Stefanko, the server where user credentials were sent was linked to a website linked to another fake wallet, purportedly to store cryptocurrency, and also listed on Google Play since February 25.

“The app claims it lets its users create wallets for various cryptocurrencies,” said Stefanko. “However, its actual purpose is to trick users into transferring cryptocurrency into the attackers’ wallets – a classic case of what we’ve named wallet address scams in our previous research into cryptocurrency-targeting malware.”

Both apps were collectively downloaded more than a thousand times. After ESET contacted Google, the apps were pulled offline the next day.

Read more: