Tech News

Google CEO, Sundar Pichai, is going to testify before the House Judiciary Committee today. He has submitted a written testimony to the House Committee ahead of the hearing. Pichai points out in the testimony that there is no “political bias” within the company. “I lead this company without political bias and work to ensure that our products continue to operate that way. To do otherwise would go against our core principles and our business interests”. He also talks about data security emphasizing that protecting the privacy and security of their users has always been an “essential mission” for the organization. Pichai adds how Google has been consistently putting in an enormous amount of work over the past years to bring “choice, transparency, and control” to its users. Pichai also highlighted how users look up to Google for accurate and trusted information, and how they work very hard at Google to maintain the “integrity” of their products, in order to live up to their standards. The testimony further talks about Google’s contribution to the US economy and military, pointing out that despite Google’s expansion and growth into new markets, it will always have “American roots”. Now, although the hearing titled “Transparency & Accountability: Examining Google and its Data Collection, Use, and Filtering Practices” will be focussed around discussions regarding the potential bias and need for transparency within Google, its infamous project Dragonfly will also almost certainly be discussed. Google has been facing continued criticism for its censored Chinese search engine which was revealed earlier this year in a bombshell report by the Intercept. Yesterday, more than 60 NGOs as well as individuals including Edward Snowden, signed an open letter protesting against Google’s Project Dragonfly and its other plans for China. “We are disappointed that Google in its letter of 26th October failed to address the serious concerns of human rights groups over Project Dragonfly”, reads the letter addressed to Pichai. It talks about how Google’s response along with other details about Project Dragonfly only intensifies the fear that Google may compromise its commitments to human rights to gain an access to the Chinese search market. The letter also sheds light on new details leaked to the media suggesting if Google launches Project Dragonfly then it would accelerate “repressive state censorship, surveillance, and other violations” affecting almost a billion people in China. The letter also talks about how despite Google stating that it’s “not close” to launching a search product in China and that it’ll consult with key stakeholders before doing so, media reports say otherwise. The media reports based on an internal Google memo suggested that the project was in a ‘pretty advanced state’ and that the company had invested extensive resources for the development of this project. “We welcome that Google has confirmed the company “takes seriously” its responsibility to respect human rights. However, the company has so far failed to explain how it reconciles that responsibility with the company’s decision to design a product purpose-built to undermine the rights to freedom of expression and privacy”, reads the letter. Google bypassed its own security and privacy teams for Project Dragonfly reveals Intercept Google employees join hands with Amnesty International urging Google to drop Project Dragonfly OK Google, why are you ok with mut(at)ing your ethos for Project DragonFly?

On April 25, this year, GitHub announced that it will be shutting down GitHub Services in order to focus on other areas of the API, such as strengthening GitHub Apps and GraphQL, and improving webhooks. According to GitHub, Webhooks are much easier for both users and GitHub staff to debug on the web because of improved logging. GitHub Services has not supported new features since April 25, 2016, and they have also officially deprecated it on October 1st, 2018. The community stated that this functionality will be removed from GitHub.com on January 31st, 2019. The main intention of GitHub Services was to allow third-party developers to submit code for integrating with their services, but this functionality has been superseded by GitHub Apps and webhooks. Since October 1st, 2018, users are denied from adding GitHub services to any repository on GitHub.com, via the UI or API. Users can, however, continue to edit or delete existing GitHub Services. GitHub services vs. webhooks The key differences between GitHub Services and webhooks include: Configuration: GitHub Services have service-specific configuration options, while webhooks are simply configured by specifying a URL and a set of events. Custom logic: GitHub Services can have custom logic to respond with multiple actions as part of processing a single event, while webhooks have no custom logic. Types of requests: GitHub Services can make HTTP and non-HTTP requests, while webhooks can make HTTP requests only. Brownout for GitHub Services During the week of November 5th, 2018, there was a week-long brownout for GitHub Services. Any GitHub Service installed on a repository did not receive any payloads. Normal GitHub Services operations were resumed at the conclusion of the brownout. The main motivation behind the brownout was to allow GitHub users and integrators to see the places that GitHub Services are still being used and begin working towards migrating away from GitHub Services. However, they decided that a week-long brownout would be too disruptive for everyone. Instead, they plan to do a gradual increase in brownouts until the final blackout date of January 31st, 2019. The community announced that on January 31, 2019, they will permanently stop delivering all installed services' events on GitHub.com. As per the updated deprecation timeline: On December 12th, 2018, GitHub Service deliveries will be suspended for a full 24 hours. On January 7th, 2019, GitHub Services will be suspended for a full 7 days. Following that, regular deliveries will resume January 14th, 2019. Users should ensure that their repositories use newer APIs available for handling events. The following changes have taken place since October 1st, 2018: The "Create a hook" endpoint that accepted a required argument called name, which can be set to web for webhooks, or the name of any valid service. Starting October 1st, this endpoint does not require a name to be provided; if it is, it will only accept web as a valid value. Stricter API validation was enforced on November 1st. The name is no longer necessary as a required argument, and requests sending this value are rejected. To learn more about this deprecation, check out Replacing GitHub Services. GitHub introduces Content Attachments API (beta) Microsoft Connect(); 2018 Azure updates: Azure Pipelines extension for Visual Studio Code, GitHub releases and much more! GitHub acquires Spectrum, a community-centric conversational platform

Last week, the team at GitHub released Git v2.20.0, a free and open source distributed version control system that tracks changes in computer files and coordinates work on those files among multiple people. Features Git clone process gets better with Git v2.20.0 The Git clone process will now warn users while they are cloning a project to a case-insensitive file-system, where there are files in the repository that only differ with their cases but have the same pathnames. Git v2.20.0 requires Vista With this new release, Git will now at least require Windows Vista or above versions to operate. Improvements to the Windows port has been observed, such as better support and DLL handling of nanosecond resolution file timestamps. Even the logic for selecting the default username and e-mail on Windows has been improved. Shows a progress bar The git status now shows a progress bar when refreshing the index takes a long time. Git multi-pack-index has been updated The git multi-pack-index has been updated for detecting corruption in the .midx file, and this feature has been integrated into "git fsck". Consolidation When there are too many packfiles in a repository, looking up an object requires consulting multiple pack .idx files. Git v2.20.0 comes with a new mechanism which consolidates all of these .idx files in a single file. Major Improvements The generation of (experimental) commit-graph files now shows progress in the output. On platforms with recent cURL library, http.sslBackend configuration variable can now be used for choosing a different SSL backend at runtime. With Windows port, it is possible to switch between OpenSSL and secure channel while talking over the HTTPS protocol. A pattern with '**' that does not have a slash on either side was considered an invalid one in previous versions. With this update, double-asterisks are treated the same way as two asterisks adjacent to each other are. "git rev-list --stdin </dev/null" initially used to be an error in the previous version but it now shows no output without an error. The developer builds in Git now use Wunused-function compilation option. With this release, it is possible to create an alias that expands to another alias. The test scripts have been updated in Gitv2.20.0 for style and correct handling of exit status of various commands. Major bug fixes The issue with registering same path under multiple worktree entries has been fixed. The "git interpret-trailers" had a buggy code that ignored patch text after committing log message and that triggered various codepaths. This has been fixed now. The bug that leaves the index file corrupt during a partial commit has been fixed now. This release has received some positive response from users.  An interesting fact stated by one of the users on Twitter is, “In Git for Windows, if we build cURL on one machine,it will run on an estimated 3 million different machines. This release has already created some buzz around, it would be interesting to see what GitHub plans next.” Read more about this news on the official mailing list. Upgrade to Git 2.19.1 to avoid a Git submodule vulnerability that causes arbitrary code execution Git 2.19.0 released with better git grep, Python 3 compatibility for git p4 4 myths about Git and GitHub you should know about

Google researchers have build a tool called JAX, a domain-specific tracing JIT compiler, which generates high-performance accelerator code from pure Python and Numpy machine learning programs. It combines Autograd and XLA for high-performance machine learning research. At its core, it is an extensible system for transforming numerical functions. Autograd helps JAX automatically differentiate native Python and Numpy code. It can handle a large subset of Python features such as loops, branches, recursion, and closures. It comes with support for reverse-mode (backpropagation) and forward-mode differentiation, and these two can be composed arbitrarily in any order. XLA or Accelerated Linear Algebra is a linear algebra compiler used for optimizing TensorFlow computations. To run the NumPy programs on GPUs and TPUs, JAX uses XLA. The library calls are compiled and executed just-in-time. JAX also allows compiling your own Python functions just-in-time into XLA-optimized kernels using a one-function API, jit. How JAX works? The basic function of JAX is specializing and translating high-level Python and NumPy functions into a representation that can be transformed and then lifted back into a Python function. It traces Python functions by monitoring all the basic operations applied to its input to produce output and then records these operations and the data-flow between them in a directed acyclic graph (DAG). For tracing the functions, it wraps primitive operations and when they’re called they add themselves to a list of operations performed along with their inputs and outputs. In order to keep track of the data flow between these primitive operations, the values being tracked are wrapped in the Tracer class instances. The team is working towards expanding this project and provide support for cloud TPU, multi-GPU, and multi-TPU. In future, it will come with full NumPy coverage and some SciPy coverage, and more. As this is still a research project, we can expect bugs and is not recommended to be used in production. To read more in detail and contribute to this project, head over to GitHub. Google AdaNet, a TensorFlow-based AutoML framework Graph Nets – DeepMind’s library for graph networks in Tensorflow and Sonnet Dopamine: A Tensorflow-based framework for flexible and reproducible Reinforcement Learning research by Google

Yesterday, the team at GitHub released Content Attachments API (beta) that allows the GitHub app to provide more information for URLs that are linked to registered domains. https://twitter.com/github/status/1072205045469405184 Why Content Attachments API? Users share a lot of links on GitHub and nearly one-third of the comments on pull requests and issues include a link. Each link has some important content attached to it. And while going through each of the links, the user gets navigated away from the current context and loses their focus. This process is time-consuming and at times affects productivity. With Content Attachments API, the content behind each URL can be embedded directly in the conversation on GitHub. New GitHub apps using Content Attachments API RunKit RunKit, is an interactive Node environment that makes it easy for the users to file, reproducible and runnable bug reports for Node.js projects. RunKit notebooks packages the environment within a container that could be shared with a URL for giving access to project maintainers. With the help of Content Attachments API, a RunKit link can now show the contents of the entire notebook and its output. LeanBoard LeanBoard, a whiteboard with sticky notes helps the remote teams to collaborate in real-time. A snapshot of the board can also be pulled into the related GitHub issue. Now, with Content Attachments API, it is possible to drop a link in an issue or pull request to preserve the conversation. The screenshots in content attachments also get updated automatically, every five minutes, as the board changes. CloudApp CloudApp features screen recording, video messaging, screenshot annotation, and GIF creation. With CloudApp and the Content Attachments API, users can paste URL for rendering a GIF or screenshot in an issue. Lucidchart With Lucidchart, users can create and collaborate on architecture diagrams, flowcharts,  mockups, user flows, and other visuals in real time. With Content Attachments API, users can now add these visuals to a GitHub issue and these diagrams automatically update as the system gets updated. https://twitter.com/lucidchart/status/1072187150282575872 It would be interesting to see if GitHub also implements frame previews in the issues or pull requests. Users are still curious about this release and have questions if the Content Attachments API support iframes or just the markdown. https://twitter.com/pomber/status/1072242840938385410 To get started with how to use the Content Attachments API, check out GitHub’s blog. Developers rejoice! Github announces Github Actions, Github connect and much more to improve development workflows GitHub acquires Spectrum, a community-centric conversational platform GitHub Octoverse: The top programming languages of 2018

At the ongoing KubeCon + CloudNativeCon North America 2018, NeuVector has upgraded their line of container network security with the release of containerd and CRI-O run-time support. Attendees of the conference are invited to learn how customers use NeuVector and get 1:1 demos of the platform’s new capabilities. Containerd is a Cloud Native Computing Foundation incubating project. It’s basically a container run-time built to emphasize simplicity, robustness, and portability while managing the complete container lifecycle of its host system. This includes managing the lifecycle of its host system, from image transfer and storage to container execution and supervision to low-level storage to network attachments and more. NeuVector is testing the containerd version on the latest IBM Cloud Kubernetes Service version, which uses the containerd run-time. CRI-O is an implementation of the Kubernetes container run-time interface enabling OCI compatible run-times. It is a lightweight alternative to Docker as a run-time for Kubernetes. CRI-O is made up of several components including: OCI compatible runtime containers/storage containers/image networking (CNI) container monitoring (common) security is provided by several core Linux capabilities With this newly added support, organizations using containerd or CRI-O can deploy NeuVector to secure their container environments. Stripe open sources ‘Skycfg’, a configuration builder for Kubernetes. Kubernetes 1.13 released with new features and fixes to a major security flaw Introducing ‘Pivotal Function Service’ (alpha): an open, Kubernetes based, multi-cloud serverless framework for developer workloads

It has been only two months since Google reported a bug discovery in one of the Google+ People APIs, which affected up to 500,000 Google+ accounts, initiating the shutdown of Google+. Yesterday, Google+ suffered another massive data leak that has impacted approximately 52.5 million users in connection with a Google+ API. This has led Google to expedite the process of shutting down Google+. The access to the Google+ API network will be cut off in the next 90 days and it will shut down completely in April, rather than August next year. In a blog post on Google, David Thacker VP, Product Management, GSuite stated that this bug was added as a part of a software update introduced in November and immediately fixed. However, people are upset that the data leak was disclosed now. The software bug allowed apps that requested permission to view profile information of a Google+ user (name, email address, occupation, age etc), were granted permission even when set to not-public. In addition, Thacker mentions, “apps with access to a user's Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.” However, user financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft, was not given access to. Google discovered the bug as part of its standard testing procedure and says there is “no evidence that the app developers that inadvertently had this access for six days were aware of it or misused.” Google says it’s begun notifying users and enterprise customers who were impacted by the bug. Thacker also says maintaining users' privacy is Google’s top concern. “We have always taken this seriously, and we continue to invest in our privacy programs to refine internal privacy review processes, create powerful data controls, and engage with users, researchers, and policymakers to get their feedback and improve our programs.” People on Hacker news were highly critical of this data leak and expressed concerns on the kind of organization Google is turning out to be. “I've been online since Google was a new up and coming company. There is a world of difference between the civic-mindedness of Google back then and Google now. Google has gone from something genuinely idealistic to something scary and totalitarian. If you aren't of the same "tribe" as the typical Googler, then basically, you're a subject.” “So, how does Google, which we all trust with our precious data end up messing up like this several times in a row? If this is the company with the best security team in the world does that mean we should simply abandon all hope” “They could have done soo much more with Google+ ... The hype was real up until launch. Really wish they had done things a little differently. Oh well... With all these leaks, I'm actually really glad they weren't successful with this.” Google reveals an undisclosed bug that left 500K Google+ accounts vulnerable in early 2018; plans to sunset Google+ consumer version. Google bypassed its own security and privacy teams for Project Dragonfly reveals Intercept Marriott’s Starwood guest database faces a massive data breach affecting 500 million user data

Last week, Anthony Gore, a Vue Community Partner shared what he calls a "knowledge map" capturing the key areas of professional Vue.js development. This map lists key areas you should target if you are planning to develop Vue apps in 2019. The following diagram shows the developer map: Source: Vue.js Developers Basics of JavaScript and web development Vue.js is an open-source JavaScript framework, which is used for building user interfaces. As it is a JavaScript framework, developers need to have a basic understanding of JavaScript and also of web development. Essential concepts New Vue developers should first focus on the following concepts: Core features: To begin with, you will need to know how to install Vue in a web page and understand the lifecycle of a Vue instance. Also, learn key features of the core such as reactive data, directives, and interpolations. Components: Components are reusable and isolated UI elements. Learn how to declare components and communicate between them through props and events. To build robust and scalable applications you need to learn how to compose with components. Single-page applications (SPAs): In the SPA architecture a single web page acts like a traditional multi-page website. After creating the "pages" as components, you can map them to a unique path with Vue Router, a tool for building SPAs. State management: As your app grows, managing global state becomes difficult and components become bloated with props and event listeners. A design pattern called Flux keeps your data in a predictable and stable central store. The Vuex library helps you implement the Flux architecture in your app. Building real-world Vue apps The concepts in the previous part guide you in building apps that are high performing and efficient, but on the local server. To make your apps production ready you need to learn the following concepts: Project scaffolding: As you start building frequently in Vue, you will have to do the similar configurations and setups in many projects. To make this process easier, we have a tool called Vue CLI for quickly scaffolding single page applications. Full-stack/authenticated apps: Often apps in production will have data-driven user interfaces and the data will be sourced from a secure API. These API will be made with Node, Laravel, Rails, Django or some other server framework. So, you should also learn the common design patterns used to integrate Vue into a full-stack configuration. Testing: If you want your apps to be both maintainable and stable, you need to provide tests. For testing, you can utilize a tool called Vue Test Utils that enables you to create and run tests on isolated components. Optimization: Once your app is deployed on a remote server, it will not have the same speed and efficiency that it showed while testing. You need to optimize the app by using a variety of techniques including server-side rendering, async components, and render functions. Commonly used tools Senior developers should be familiar with the key tools that will be part of almost every Vue-based project. Some of these tools are: Modern JavaScript and Babel: To take advantage of new browser capabilities, you can build your apps using the latest JavaScript standard, ES2015, and proposed features from ES2016 and beyond. For supporting older browsers, you can use the tool named Babel. Its function is to transpile (translate and compile) your modern features into standard features. Webpack: If your code is written across different modules, you can use Webpack to build them into a single file that is readable by a browser. It also works as a build pipeline, allowing you to transform code before it is built and can also be used to optimize your app with a series of plugins. TypeScript: As reported in October, Vue 3 will be written entirely in TypeScript. This implies that to contribute and understand inner workings of Vue you will need to understand TypeScript as well. Important frameworks Many frameworks are available to automate common tasks and save time. Some of the most widely used and important ones are: Nuxt.js: This framework provides various cutting-edge features like component-based routing, server-side rendering, and code splitting out-of-the-box. Vuetify: It is a material framework for Vue, which is based on Google’s Material Design Spec. Vuetify provides an easy-to-remember semantic design to quickly build Vue apps with Material Design layout and styling. NativeScript-Vue: If you want to use Vue for native mobile interfaces, you can do so with the NativeScript-Vue framework. NativeScript is a JavaScript framework for building apps using native user interface components on iOS and Android. NativeScript-Vue is built on top of NativeScript, providing use of Vue syntax and components. After learning all these concepts and tools, you can develop plugins, learn about animations, or more advanced concepts like progressive web apps (PWAs). To know more in detail about the Vue knowledge map, check out Mr. Gore’s post. Introducing Vue Native for building native mobile apps with Vue.js React vs. Vue.js: JavaScript framework wars Evan You shares Vue.js 3.0 updates at VueConf Toronto 2018

Last week, Australia’s Assistance and Access (A&A) anti-encryption law was passed through Parliament, which allows Australian police and government the powers to issue technical notices. The Assistance and Access (A&A) law requires tech companies to help law enforcement agencies break into individuals’ encrypted data. Using secret warrants, the government can even compel a company to serve malware remotely to the target’s device. The Labor party, which planned to amend the legislation, later pulled its amendments in the Senate and the bill was passed even though it was found to be flawed by the Labour community. The Australian Human Rights Commission wrote to Parliament, “The definition of ‘acts or things’ in the Bill is so vague as to potentially permit almost limitless forms of assistance”. Several lawmakers look set to reject the bill, criticizing the government’s efforts to rush through the bill before the holiday. The anti-encryption bill has been slammed by many. Protonmail, a Swiss-based end-to-end email encryption company has also condemned the new law in their blog post and said that they will remain committed to protecting their users anywhere in the world, including in Australia. Protonmail against the Assistance and Access (A&A) law Although ProtonMail has data centers only in Switzerland and is not under Australian jurisdiction, any request for assistance from Australian agencies under the A&A law would need to pass the scrutiny of Switzerland’s criminal procedure and data protection laws. According to ProtonMail, “just because this particular law does not affect ProtonMail and ProtonVPN does not mean we are indifferent. A&A is one of the most significant attacks on digital security and privacy since the NSA’s PRISM program. But the Australian measure is more brazen, hastily forced through Parliament over the loud objections of every sector of society, from businesses to lawyers groups.” In a letter to the Parliament, the Australian Computer Society, a trade association for IT professionals, outlined several problems in the law, including: Not every company has the technical know-how to safely implement malware that won’t accidentally backdoor the entire product (particularly with IoT devices), putting the security of people’s homes and organizations at risk. Businesses can’t easily plan or budget for possible covert surveillance work with the government. A companion “explanatory document” outlines some safeguards to protect civil rights and privacy that don’t actually appear in the law itself. Once police have gained access to a suspect’s device, they could easily remove evidence from the device that could prove the person’s innocence. There would be no way to know. These are just a few of the issues, and that’s barely scratching the surface. According to ProtonMail, “the widespread use of encryption can actually further governments’ national security goals. It is critical that we strike the right balance. In our opinion, the A&A law does not do this, and in the long run, will make us all less safe.” To know more about this in detail, visit ProtonMail ‘s official blog post. The tech community also oppose the Australian bill in an open letter The Tech community also wrote an open letter titled, “You bunch of Idiots!” to Bill Shorten and the Australian Labor from the tech community. They mention, “Every tech expert agrees that the so-called "Assistance and Access Bill" will do significant damage to Australia's IT industry.” The letter highlights three key points including: The community members state that the law weakens security for users. “We do not want to deliberately build backdoors or make our products insecure. This means everyone else's data will be vulnerable. People have an expectation that we protect their personal data to the best of our ability. We cannot continue to guarantee this unless we go against the technical capability notices issued by law enforcement - which will become a criminal offence”, according to the letter. They also said, “You have made it harder for international companies to hire Australian talent, or have offices in Australia filled with Australian talent. Companies such as Amazon, Apple, Atlassian, Microsoft, Slack, Zendesk and others now have to view their Australian staff and teams as "potentially compromised". This is because law enforcement can force a person to build a backdoor and they cannot tell their bosses. They might sack them and leave Australia because of the law you just passed.” “You have also just made it almost impossible to export Australian tech services because no-one wants a potentially vulnerable system that might contain a backdoor. Who in their right mind will buy a product like that? Look at the stock price of one of Australia's largest tech companies, Atlassian. It's down because of what you have voted for. In addition, because it violates the EU's General Data Protection Regulations (GDPR), you have just locked Australian companies and startups out of a huge market.” The tech communities strongly opposed the bill calling it a destructive and short-sighted law. They said, “In all good conscience, we can no longer support Labor. We will be advocating for people to choose those who protect digital rights.” The ‘blackout’ move on GitHub to block Australia for everyone’s safety Many Australian users suggested that the world block Australia for everyone’s safety, after the Australian Assistance and Access Bill was passed. Following this, users have created a repository on GitHub to provide easy-to-use solutions to blackout Australia, in solidarity with Australians who oppose the Assistance and Access Bill. Under the GNU/Linux OSes, the goal of the main script shall be to periodically download a blocklist and update rules in a dedicated BLACKOUT chain in iptables. The repo also includes scripts to: setup a dedicated BLACKOUT chain in the iptables filter table, and setup a privileged cron job for updating the iptable rules stop any running cron job, remove the cron job, and tear down the dedicated BLACKOUT chain. Australia’s ACCC publishes a preliminary report recommending Google Facebook be regulated and monitored for discriminatory and anti-competitive behavior Australia’s Facial recognition and identity system can have “chilling effect on freedoms of political discussion, the right to protest and the right to dissent”: The Guardian report Dark Web Phishing Kits: Cheap, plentiful and ready to trick you

Just two days back, Erlang, a functional programming language turned twenty. Erlang has been one of the most popular open source languages with compelling features like concurrent processes, memory management, scheduling, distribution, networking, etc.WhatsApp, the most popular messaging platform’s server is almost completely implemented in Erlang. Twenty years back, on 8th December 1998, Ericsson released its development environment, Erlang/OTP (Open Telecom Platform), as an open source. It was used to make the process of building telecommunications products easier with functionalities like speed, distribution, and concurrency. It also supports a number of processors and operating systems and can be easily integrated with different development languages. Erlang fosters Ericsson’s GPRS, 3, and 4G/LTE and it also powers the internet and mobile data networks. How did Erlang become open source? When Håkan Millroth, head of the Ericsson Software Architecture Lab suggested his team to try ‘open source’, Jane Walerud, an entrepreneur agreed to it and convinced the entire Ericsson management team to release the source code for the Erlang VM. Erlang was released without any publicity, marketing buzz or media coverage. Ericsson just sent an email to Erlang’s mailing list and an announcement was posted on slashdot. During the dot-com bust era, when an extreme growth in the usage and adaptation of the Internet was observed, Erlang/OTP was used in the creation of an XMPP based instant messaging server, ejabberd,developed by Alexey Shchepin. He chose Erlang over all the other languages as it was the most suitable language for implementing a Jabber server. Ejabberd 1.0 was released in December 2005 and it formed a base for many platforms like WhatsApp. Ejabberd showed a 280% increase in throughput when it was compiled to the latest version of Erlang. In May of 2005, a version of the BEAM VM also known as Erlang VM was released that proved the Erlang concurrency and programming models are ideal for multi-core architectures. In May 2006, Erlang was also used to program RabbitMQ, an Advanced Message Queuing Protocol (AMQP). Post that, Erlang has become the language of choice for most of the messaging solutions and is now the backbone of thousands of systems. In 2007, ‘Programming Erlang’ by Joe Armstrong got published by the Pragmatic Programmers. Further in June 2008, the first paper copy of Erlang Programming got publicly available. In 2011, Elixir, a functional and concurrent programming language that runs on Erlang VM was released. In August 2015, Phoenix 1.0, a framework for web applications was released. Phoenix 1.0 uses Erlang VM capabilities to create the same effect as Rails did on Ruby, by bringing making Elixir, popular. Read more about this news on Erlang’s blog post. Elixir 1.7, the programming language for Erlang virtual machine, releases Phoenix 1.4.0 is out with ‘Presence javascript API’, HTTP2 support, and more! Amazon re:Invent Day 3: Lamba Layers, Lambda Runtime API and other exciting announcements!

Last Week, Microsoft President- Brad Smith, published a blog post, requesting governments to regulate the rapid evolution of Facial Recognition technology. Along with all the merits that this technology offers, Brad states that the tech has the potential to be abused. He urges that 2019 be the year that governments focus on regulating the tech, because “Unless we act, we risk waking up five years from now to find that facial recognition services have spread in ways that exacerbate societal issues. By that time, these challenges will be much more difficult to bottle back up.” The post highlights how Microsoft and tech companies will need to start creating safeguards to address facial recognition technology and its potential chances of abuse. Along with the support of governments and the tech sector, Microsoft believes that facial recognition technology can create positive societal benefits. Considering that major tech giants like Amazon and Google have been facing backlash on providing their facial recognition technology to the Government, citizens need assurance that this technology will only have positive societal impacts. Smith lists 3 important problems in this area that need to be addressed with government assistance: Certain uses of facial recognition technology increase the risk of decisions and, more generally, outcomes that are biased and, in some cases, in violation of laws prohibiting discrimination. The widespread use of this technology can lead to new intrusions into people’s privacy. The use of facial recognition technology by a government for mass surveillance can encroach on democratic freedoms. How can legislation help? #1 Issue: address bias and discrimination Microsoft claims that they and other tech companies have been actively working to identify and reduce these errors while improving the accuracy and quality of facial recognition tools and services. Laws are needed in this area as “market forces will work well only if potential customers are well-informed and able to test facial recognition technology for accuracy and risks of unfair bias, including biases that arise in the context of specific applications and environments.” They suggest that: The legislation should mandate tech companies (that offer facial recognition services) to provide easy to understand documentation, explaining the capabilities and limitations of the technology. The providers of commercial facial recognition services should enable third parties engaged in independent testing to conduct and publish reasonable tests of their facial recognition services for accuracy and unfair bias. Entities that deploy facial recognition should undertake a meaningful human review of facial recognition results, prior to making final decisions for what the law deems to be “consequential use cases” that affect consumers. It is also important for the entities that deploy facial recognition services to recognize that they are not absolved of their obligation to comply with laws prohibiting discrimination against individual consumers or groups of consumers. #2 Issue: Intrusion into people’s privacy Microsoft believes people deserve to know when this technology is being used, so they can ask questions and exercise some choice in the matter if they wish. This transparency is important for building public knowledge and confidence in this technology. For implementing the same, they suggest: Legislation should come up with laws that require the entities that use facial recognition to identify consumers, notify them that these services are being used. The law should specify that consumers are consenting to the use of facial recognition services when they enter premises or proceed to use online services that have this type of clear notice. #3 Issue: Use of facial recognition technology by a government can encroach domestic freedom Regarding issue 3, Microsoft elaborates how facial recognition technology could put fundamental freedoms at risk. Governments can use this technology with surveillance cameras and massive computing power and storage in the cloud,  to enable continuous surveillance of specific individuals. It could follow anyone anywhere at any time or even all the time. To prevent an encroachment on democratic freedoms, legislation should: Permit law enforcement agencies to use facial recognition to engage in ongoing surveillance of specified individuals in public spaces only when a court order has been obtained for the same. Where there is an emergency involving imminent danger or risk of death or serious physical injury to a person. Microsoft, itself, has brought four lawsuits against the U.S. government since 2013 to protect people’s privacy rights. Here are some comments from hacker news that caught our attention: Smith mentions that Microsoft intends to let six principles to guide the company's use of facial recognition going forward. They are: fairness, transparency, accountability, nondiscrimination, notice and consent, and lawful surveillance. He further adds that Microsoft will formalize these principles through further documents, with an eye toward implementing them before the end of March 2019. Head over to Smith’s full blog post to see his arguments and reasoning over Facial Recognition technology. DC Airport nabs first imposter using its newly deployed facial recognition security system Australia’s Facial recognition and identity system can have “chilling effect on freedoms of political discussion, the right to protest and the right to dissent”: The Guardian report Google opts out of Pentagon’s $10 billion JEDI cloud computing contract, as it doesn’t align with its ethical use of AI principles

Wasmjit team announced last week that you can now run Nginx 1.15.3, a free and open source high-performance HTTP server and reverse proxy, in user-space on all POSIX system. Wasmjit is a small embeddable WebAssembly runtime that can be easily ported to most environments. It primarily targets a Linux kernel module capable of hosting Emscripten-generated WebAssembly modules. It comes equipped with a host environment for running in user-space on POSIX systems. This allows you to run WebAssembly modules without having to run an entire browser. Getting Nginx to run had been a major goal for the wasmjit team ever since its first release in late July. “While it might be convenient to run the same binary on multiple systems without modification (“write once, run anywhere”), this goal was chosen because IO-bound / system call heavy servers to stand to gain the most by running in kernel space. Running FUSE file systems in kernel space is another motivating use case that Wasmjit will soon support”, mentions the wasmjit team. Other future goals for wasmjit includes introduction of an interpreter, rust-runtime for Rust-generated wasm files, Go-runtime for Go-generated wasm files, optimized x86_64 JIT ,arm64 JIT, and macOS kernel module. Wasmjit running nginx has been tested on Linux, OpenBSD, and macOS so far. The complete compiled version of nginx without any modifications and with multi-process capability has been used. All the complex parts of the POSIX API that are needed for proper implementation of Nginx have been used such as signal handling and forking. That being said, Kernel space support still needs working as Emscripten delegates some large APIs such as getaddrinfo() and strftime() to the host implementation. These need to be re-implemented in the kernel. Moreover, kernel space versions of fork(), execve(), and signal handling also need to be implemented. Also, Wasmjit is currently in alpha-level software in development and might lead to unpredictable substances when used in production. Security issues in nginx HTTP/2 implementation expose nginx servers to DoS attack NGINX Hybrid Application Delivery Controller Platform improves API management, manages microservices and much more! Getting Started with Nginx

Last week, the team at Rocket released Rocket 0.4, a web framework for Rust which focuses on usability, security, and performance. With Rocket, it is possible to write secure web applications quickly and without sacrificing flexibility or type safety. Features of Rocket 0.4 Typed URIs Rocket 0.4 comes with uri! macro that helps in building URIs to route in the application in a robust, type-safe, and URI-safe manner. The type or route parameter that is mismatched are caught at compile-time. With the help of Rocket 0.4, changes to the route URIs get reflected in the generated URIs, automatically. ORM agnostic database support. Rocket 0.4 comes with a built-in, ORM-agnostic support for databases. It provides a procedural macro that helps in connecting Rocket application to databases through connection pools. Rocket 0.4 gets databases configured individually through configuration mechanisms like Rocket.toml file or environment variables. Request-local state Rocket 0.4 features request-local state which is local to a given request and is carried along with the request. It gets dropped once the request is completed. Whenever a request is available, a request-local state can be used. Request-local state is cached which lets the stored data to be reused. Request-local state is used for request guards which get invoked multiple times during routing and processing of a single request. Live template reloading In this version of Rocket, when an application is compiled in debug mode, templates automatically get reloaded on getting modified. To view the template changes, one has to simply refresh and there is no need of rebuilding the application. Major Improvements Rocket 0.4 introduces SpaceHelmet that provides a typed interface for HTTP security headers. This release features mountable static-file serving via StaticFiles. With this version of Rocket, cookies can automatically get tracked and propagated by client. This version also introduces revamped query string handling that allows any number of dynamic query segments. Rocket 0.4 comes with transforming data guards that transform incoming data before processing it via an implementation of the FromData::transform() method. This version comes with Template::custom() which helps in customizing template engines including registering filters and helpers. With this version, applications can be launched without a working directory. In Rocket 0.4, the log messages refer to routes by name. A default catcher for 504: Gateway Timeout has been added. All derives, macros, and attributes are individually documented in rocket_codegen. To retrieve paths relative to the configuration file, Rocket 0.4 has added Config::root_relative() The private cookies are now set to Http and are also given an expiration date of 1 week by default. What can be expected from Rocket 0.5? Support for Rust Rocket 0.5 will run and compile on stable versions of the Rust compiler. Asynchronous Request Handling Rocket 0.5 will feature the latest asynchronous version that will support asynchronous request handling. Multipart Form Support The lack of built-in multipart form support makes handling file uploads and other submissions difficult. With Rocket 0.5 it will be easy to handle multipart forms. Stronger CSRF and XSS Protection Rocket 0.5 will protect against CSRF using effective robust techniques. It will come with added support for automatic, browser-based XSS protection. Users have been giving some good feedback on the Rocket 0.4 release and are highly appreciative of the Rocket team for the efforts they have taken. A user commented on HackerNews, “This release isn't just about new features or rewrites. It's about passion for one's work. It's about grit. It's about uncompromising commitment to excellence.” Sergio Benitez, a computer science PhD student at Stanford, has been appreciated a lot for his efforts towards the development of Rocket 0.4. A HackerNews user commented, “While there will ever be only one Sergio in the world, there are many others in the broader Rust community who are signaling many of the same positive qualities.” This release has also been appreciated for its feel which is similar to Flask and for its capability of using code generation and function's type signatures to automatically check the incoming parameters. The fact that the next release will be asynchronous has created a lot of curiosity in the developer community and users are now looking forward to Rocket 0.5. Read more about Rocket 0.4 in the official release notes. Use Rust for web development [Tutorial] Introducing ‘Pivotal Function Service’ (alpha): an open, Kubernetes based, multi-cloud serverless framework for developer workloads Kotlin based framework, Ktor 1.0, released with features like sessions, metrics, call logging and more

Researchers from Rochester Institute of Technology published a paper which describes a method to maintain speed and accuracy when dealing with high-dimensional data sets. What is the paper about? This paper titled Sparse Covariance Modeling in High Dimensions with Gaussian Processes studies the statistical relationships among components of high-dimensional observations. The researchers propose to model the changing covariances of observation elements as sparse multivariate stochastic processes. Particularly their novel covariance modeling method used reduces dimensionality. It does so by relating the observation vectors to a subspace with lower dimensions. The changing correlations are characterized by jointly modeling the latent factors and factor loadings as collections of basis functions. They vary with the covariates as Gaussian processes. The basis sparsity is encoded by automatic relevance determination (ARD) through the coefficients to account for inherent redundancy. The experiments conducted across various domains using this method show superior performances to the best current methods. What modeling methods are used? In many AI applications, there are complex relationships among different components of high-dimensional data sets. These relationships can change across non-random covariates, say, an experimental condition. Two examples listed in the paper which were also used in the experiments to test the method are as follows: In a computational gene regulatory network (GRN) interface, the topological structures of GRNs are context dependent. The interactions of gene activities will be different in different conditions like temperature, pH etc,. In a data set displaying crime occurrences, correlations are seen in spatially disjoint spaces but the spatial correlations occur over a period of time. In such cases, the modeling methods used typically combine heterogeneous data taken from different experimental conditions or sometimes in a single data set. The researchers have proposed a novel covariance modeling method that allows cov(y|x) = Σ(x) to change flexibly with X. One of the authors, Rui Li, stated: “This research is motivated by the increasing prevalence of high-dimensional data sets and the computational capacity to analyze and model their volatility and co-volatility varying over some covariates. The study proposed a methodology to scale to high dimensional observations by reducing the dimensions while preserving the latent information; it allows sharing information in the latent basis across covariates.” The results were better as compared to other methods in different experiments. It is robust in the choice of hyperparameters and produces a lower root mean square error (RMSE). This paper was presented at NeurIPS 2018, you can read it here. How NeurIPS 2018 is taking on its diversity and inclusion challenges Deepmind’s AlphaZero shows unprecedented growth in AI, masters 3 different games Facebook’s artificial intelligence research team, FAIR, turns five. But what are its biggest accomplishments?

It was just two months back when Facebook announced the release of PyTorch 1.0 RC1. Facebook is now out with the stable release of PyTorch 1.0. The latest release, which was announced last week at the NeurIPS conference, explores new features such as JIT, brand new distributed package, and Torch Hub, breaking changes, bug fixes and other improvements. PyTorch is an open source, deep learning python-based framework. “It accelerates the workflow involved in taking AI from research prototyping to production deployment, and makes it easier and more accessible to get started”, reads the announcement page. Let’s now have a look at what’s new in PyTorch 1.0 New Features JIT JIT is a set of compiler tools that is capable of bridging the gap between research in PyTorch and production. JIT enables the creation of models that have the capacity to run without any dependency on the Python interpreter. PyTorch 1.0 offers two ways using which you can make your existing code compatible with the JIT: using  torch.jit or torch.jit.script. Once the models have been annotated, Torch Script code can be optimized and serialized for later use in the new C++ API, which doesn't depend on Python. Brand New distributed package In PyTorch 1.0, the  new torch.distributed package and torch.nn.parallel.DistributedDataParallel comes backed with a brand new re-designed distributed library. Major highlights of the new library are as follows: The new torch.distributed is performance driven and operates entirely asynchronously for all backends such as Gloo, NCCL, and MPI. There are significant Distributed Data-Parallel performance improvements for hosts with slower networks such as Ethernet-based hosts. It comes with async support for all distributed collective operations in the torch.distributed package. C++ frontend [ API unstable] The C++ frontend is a complete C++ interface to the PyTorch backend. It follows the API and architecture of the established Python frontend and is meant to enable research in high performance, low latency and bare metal C++ applications. It also offers equivalents to torch.nn, torch.optim, torch.data and other components of the Python frontend. PyTorch team has released C++ frontend marked as "API Unstable" as part of PyTorch 1.0. This is because although it is ready to use for research applications, it still needs to get more stabilized over future releases. Torch Hub Torch Hub refers to a pre-trained model repository that has been designed to facilitate research reproducibility. Torch Hub offers support for publishing pre-trained models (model definitions and pre-trained weights) to a github repository with the help of hubconf.py file. Once published, users can then load the pre-trained models with the help of torch.hub.load API. Breaking Changes Indexing a 0-dimensional tensor displays an error instead of warn. torch.legacy has been removed. torch.masked_copy_ is removed and hence, use torch.masked_scatter_ instead. torch.distributed: the TCP backend has been removed. It is recommended to use Gloo and MPI backends for CPU collectives and NCCL backend for GPU collectives. torch.tensor function with a Tensor argument can now return a detached Tensor (i.e. a Tensor where grad_fn is None) in PyTorch 1.0. torch.nn.functional.multilabel_soft_margin_loss now returns Tensors of shape (N,) instead of (N, C). This is to match the behaviour of torch.nn.MultiMarginLoss and it is also more numerically stable. Support for C extensions has been removed in PyTorch 1.0. Torch.utils.trainer has been deprecated. Bug fixes torch.multiprocessing has been fixed and now correctly handles CUDA tensors, requires_grad settings, and hooks. Memory leak during packing in tuples has been fixed. RuntimeError: storages that don't support slicing when loading models are saved with PyTorch 0.3, has been fixed. The issue with calculated output sizes of torch.nn.Conv modules with stride and dilation have been fixed. torch.dist has been fixed for infinity, zero and minus infinity norms. torch.nn.InstanceNorm1d has been fixed and now can correctly accept 2-dimensional inputs. torch.nn.Module.load_state_dict showed an incorrect error message that has been fixed. broadcasting bug in torch.distributions.studentT.StudentT has been fixed. Other Changes “Advanced Indexing" performance has been considerably improved on CPU as well as GPU. torch.nn.PReLU speed has been improved on both CPU and GPU. Printing large tensors has become faster. N-dimensional empty tensors have been added in PyTorch 1.0, which allows tensors with 0 elements to have arbitrary number of dimensions. They also support indexing and other torch operations. For more information, check out the official release notes. Can a production-ready Pytorch 1.0 give TensorFlow a tough time? Pytorch.org revamps for Pytorch 1.0 with design changes and added Static graph support What is PyTorch and how does it work?