Tech News

So, it was that time of the year when Salesforce enthusiasts, thought-leaders, and pioneers gathered around downtown San-Francisco, to attend the annual Dreamforce conference last week. This year marked the 15th anniversary of the Salesforce annual conference with over 100,000 trailblazers flocking towards the bay area. Throughout these years, technological development in the platform has been the focal point of these conferences, but it was different this time around. A lot has happened between the conference that took place in 2017 and now, especially after Facebook’s Cambridge analytica scandal. First Whatsapp’s co-founder Jan Koum parted ways with Facebook, and now the Instagram co-founders have called it quits. Interestingly, Marc Benioff gave an interview to Bloomberg Technology in which he condemned Facebook as the ‘new cigarettes’. To regulate or not to regulate, that is the question Marc Benioff has been a vocal criticizer of the social media platform. Earlier this year, when innovators and tech leaders gathered at the annual World Economic Forum in the Swiss Alps of Davos, Benioff was one of the panelist discussing on the factors of trust in technology where he made certain interesting points. He took the examples of financial industry a decade ago, where bankers were pretty confident that new products like credit default swaps (CDS), and collateralized debt obligation (CDO) would lead to better economic growth but instead it lead to the biggest financial crisis the world had ever seen. Similarly, he argued that Cigarettes were introduced as this great product for pass time, without any background on its adverse effects on health. Well to the cut the story short, the point that Benioff was trying to make is that these industries were able to take advantage of the addictive behavior of humans because of the clear lack of regulation from the governmental bodies. It was only when the regulators became strict towards these sectors and public reforms came into the picture, these products were brought under control. Similarly, Benioff had called for a regulation of companies, on behalf of the recent news linking the Russian interference in the US presidential elections. He urged the CEO’s of companies to take better responsibilities towards their consumers and their products without explicitly mentioning any name. Let’s take a guess, Mark Zuckerberg anyone? While Benioff made a strong case for regulation, the solution seemed to be more politically driven. Rachel Botsman, Visiting Academic and Lecturer at the Saïd Business School, University of Oxford, argued that regulators are not aware of the new decentralized nature of today’s technological platforms. And ultimately who do we want as the arbiters of truth, should it be Facebook, Regulators, or the Users? and where does the hierarchy of accountability lie in this new structure of platforms? The big question remains. The ethical and humane side of technology Fast forward to Dreamforce 2018, with star-studded guest speakers ranging from the former American Vice President Al Gore to Andre Iguodala of the NBA’s Golden State Warriors. Benioff started with his usual opening keynote but this time with a lot of enthusiasm, or as one might say in a full evangelical mode, the message from the Salesforce CEO was very clear, “We are in the fourth industrial revolution”. Salesforce announced plenty of new products and some key strategic business partnerships with the likes of Apple and AWS now joining Salesforce. While these announcements summarized the technological advancements in the platform, his interview with Bloomberg Technology’s Emily Chang was quite opportunistic. The interview started casually with talks of Benioff sharing his job with the new Co-CEO Keith Block. But soon they discussed the news about Instagram founders Kevin Systrom and Mike Krieger leaving the services of parent company Facebook. While Benioff still maintained his position on regulation, he also discussed about the ethics and humane side of technology. The ethics of technology has come under the spotlight in the recent months with the advancements in Artificial intelligence. In order to solve these questions, Benioff said that Salesforce has taken its first step by setting up the “Office of Ethical and Humane Use of Technology” at the Salesforce Tower in San Francisco. At first, this initiative looks like a solid first step towards solving the problem of technology being used for unethical work. But going back to the argument posed by Rachel Botsman, who actually leverages technology to do unethical work? Is it the Company or the consumer? While Salesforce boasts about its stand on the ethics of building a technological system, Marc Benioff is still silent on the question of Salesforce’s ties with the US Customs and Border Protection (CBP) agency, which follows Donald Trump’s strong anti-immigration agenda. Protesters took a stand against this issue during the Salesforce conference and hundreds of employees from Salesforce wrote an open letter to Benioff to cut ties with the CBP. In return, Benioff responded that its contract with CBP does not deal directly with the separation of children at the Mexican borders. One decision at a time Ethics is largely driven by human behavior, while innovators believe that technological advancements should happen regardless of the outcome, it is the responsibility of every stakeholder in the company, be it a developer, an executive, or a customer to take action against unethical work. And with each mistake, companies and CEOs are provided with opportunities to set things right. Take McKinsey & Company for example. The top management consultancy was under fire due to its scandal in the South African government. But when the firm again came under scrutiny with its ties with the CBP of USA, McKinsey’s new managing partner, Kevin Sneader, came out saying that the firm “will not, under any circumstances, engage in any work, anywhere in the world, that advances or assists policies that are at odds with our values.” It’s now time for companies like Facebook and Salesforce to set the benchmark for the future of technology. How far will Facebook go to fix what it broke: Democracy, Trust, Reality SAP creates AI ethics guidelines and forms an advisory panel The Cambridge Analytica scandal and ethics in data science Introducing Deon, a tool for data scientists to add an ethics checklist The ethical dilemmas developers working on Artificial Intelligence products must consider Sex robots, artificial intelligence, and ethics: How desire shapes and is shaped by algorithms

Last week, GitHub announced that their main application is now running on Rails 5.2.1. Along with this upgrade, they have also improved the overall codebase and cleaned up technical debt. How GitHub upgraded to Rails 5.2.1? The upgrade started out as a hobby with no dedicated team assigned. As they made progress and gained traction it became a priority. They added the ability to dual boot the application in multiple versions of Rails, instead of using a long running branch to upgrade Rails. Two Gemfile.lock were created: Gemfile.lock for the current version Gemfile_next.lock for the next version This dual booting enabled the developers to regularly deploy changes for the next version to GitHub without any affect on how production works. This was done by conditionally loading the code: if GitHub.rails_3_2? ## 3.2 code (i.e. production a year and a half ago) elsif GitHub.rails_4_2? # 4.2 code else # all 5.0+ future code, ensuring we never accidentally # fall back into an old version going forward end To roll out the Rails upgrade they followed a careful and iterative process: The developers first deployed to their testing environment and requested volunteers from each team to click test their area of the codebase to find any regressions the test suite missed. These regressions were then fixed and deployment was done in off-hours to a percentage of production servers. During each deploy, data about exceptions and performance of the site was collected. With this information they fixed bugs that came up and repeat those steps until the error rate was low enough to be considered equal to the previous version. Finally, they merged the upgrade once they could deploy to full production for 30 minutes at peak traffic with no visible impact. This process allowed them to deploy 4.2 and 5.2 with minimal customer impact and no down time. Key lessons they learned during this upgradation Regular upgradation Upgrading will be easier if you are closer to a new version of Rails. This also encourages your team to fix bugs in Rails instead of monkey-patching the application. Keeping an upgrade infrastructure Needless to say, there will always be a new version to upgrade to. To keep up with the new versions, add a build to run against the master branch to catch bugs in Rails and in your application early. This make upgrades easier and increase your upstream contributions. Regularly address technical debt Technical debt refers to the additional rework you and your team have to do because of choosing an easy solution now instead of using a better approach that would take longer. Refraining from messing with a working code could cause a bottleneck for upgrades. To avoid this try to prevent coupling your application logic too closely to your framework. The line where your application logic ends and your framework begins should be clear. Be sure to assume that things will breaks Upgrading a large and trafficked application like GitHub is not easy. They did face issues with CI, local development, slow queries, and other problems that didn’t show up in their CI builds or click testing. Read the full announcement on GitHub Engineering blog. GitHub introduces ‘Experiments’, a platform to share live demos of their research projects GitLab raises $100 million, Alphabet backs it to surpass Microsoft’s GitHub Packt’s GitHub portal hits 2,000 repositories

The U.S. Justice Department filed a lawsuit against California yesterday after the California governor Jerry Brown signed the state’s Net Neutrality proposal into law. This was to restore open internet protections known as Net Neutrality, that requires internet service providers like AT&T, Comcast, and Verizon to treat all web traffic equally in the state. California’s Net Neutrality bill is a state-level response to the FCC’s decision to revoke the existing legislation earlier this year. The law that was set when President Obama was in office was scrapped after the Republicans took over leadership of the FCC in 2017.  Considered one of the toughest Net Neutrality bills in the U.S., it prevents ISPs from throttling traffic, and from charging websites for special access to internet users. It also bans “zero rating” on certain apps (where using certain apps would not count against a user’s data usage). The California Net Neutrality bill, namely, Senate No. 822  was approved by the State Assembly and the Senate, in August, despite receiving many protests. However, after the governor decided to enact the Net Neutrality proposal as a law yesterday, senior Justice Department officials sued them on the grounds that only the federal government, not state leaders, have the power to regulate Net Neutrality. Attorney General Jeff Sessions issued the following statement, for filing the complaint: “Once again the California legislature has enacted an extreme and illegal state law attempting to frustrate federal policy. The Justice Department should not have to spend valuable time and resources to file this suit today, but we have a duty to defend the prerogatives of the federal government and protect our Constitutional order. We are confident that we will prevail in this case—because the facts are on our side”. FCC Chairman Ajit Pai also issued a statement stating, “I’m pleased the Department of Justice has filed this suit. Not only is California’s Internet regulation law illegal, but it also hurts consumers.  The law prohibits many free-data plans, which allow consumers to stream video, music, and the like exempt from any data limits. They have proven enormously popular in the marketplace, especially among lower-income Americans. But notwithstanding the consumer benefits, this state law bans them.” Member of the California state and author of the state bill, Scott Wiener, tweeted his response to the lawsuit, saying that it’s just an attempt by the administration to block the state's initiatives. https://twitter.com/Scott_Wiener/status/1046585508472602624 Furthering the Net Neutrality debate, GOP proposes the 21st Century Internet Act California passes the U.S.’ first IoT security bill Like newspapers, Google algorithms are protected by the First amendment making them hard to legally regulate them

Google’s Cloud AutoML now has competition; Microsoft have released an open-source automated machine learning toolkit of their own. Dubbed as Neural Network Intelligence, this toolkit will allow data scientists and machine learning developers to perform tasks such as neural architecture search and hyperparameter tuning with relative ease. Per Microsoft’s official page, this toolkit will allow data scientists, machine learning developers and AI researchers with the necessary tools to customize their AutoML models across various training environments. The toolkit was announced in November 2017 and has been in the research phase for a considerable period of time, before it was released for public use recently. Who can use the Neural Network Intelligence toolkit? Microsoft’s highly anticipated toolkit for automated machine learning is perfect for you if: You want to try out different AutoML algorithms for training your machine learning model You want to run AutoML jobs in different training environments, including remote servers and cloud You want to implement your own AutoML algorithms and compare their performance with other algorithms You want to incorporate your AutoML models in your own custom platform With Neural Network Intelligence toolkit, data scientists and machine learning developers can train and customize their machine learning models more effectively. The tool is expected to go head to head with Auto-Keras, another open source AutoML library for deep learning. Auto-Keras has quickly generated quite a traction with more than 3000 stars on GitHub, suggested the growth in popularity of Automated Machine Learning. You can download and learn more about this AutoML toolkit on their official GitHub page. Read more What is Automated Machine Learning (AutoML)? Top AutoML libraries for building your ML pipelines Anatomy of an automated machine learning algorithm (AutoML)

Facebook released Skip or Skiplang last week, a language it has been developing since 2015. It is a general-purpose programming language that provides caching with features like reactive invalidation, safe parallelism, and efficient garbage collection. Skiplang features Skiplang's primary goal is to explore language and runtime support for correct, efficient memoization-based caching and cache invalidation. It achieves this via a static type system that carefully tracks mutability. The language is typed statically and compiled ahead-of-time using LLVM to produce executables that are highly optimized. Caching with reactive invalidation The main new language feature in Skiplang is its precise tracking of side effects. It includes both mutability of values and distinguishing between non-deterministic data sources. This distinguishing includes data sources that can provide reactive invalidations that tell Skiplang when data has changed. Safe parallelism Skiplang has support for two complementary forms of concurrent programming. Both forms avoid the usual thread safety issues due to the language's tracking of side effects. This language also supports ergonomic asynchronous computation with async/await syntax. Asynchronous computations cannot refer to mutable state and are therefore safe to execute in parallel allowing independent async continuations to continue in parallel. Skiplang also has APIs for direct parallel computation, again using its tracking of side effects it prevents thread safety issues like shared access to mutable state. An efficient and predictable garbage collector Skiplang’s approach to memory management combines aspects of typical garbage collectors with more straightforward linear allocation schemes. The garbage collector only has to scan the memory that is reachable from the root of a computation. This allows developers to write code with predictable garbage collector overhead. A hybrid functional object-oriented language Skiplang is a mix of ideas from functional and object-oriented styles. They are all carefully integrated to form a cohesive language. Like other functional languages, it is expression-oriented and supports features like abstract data types, pattern matching, easy lambdas, higher-order functions, and enforcing pure/referentially-transparent API boundaries (optional). Like OOP languages, it supports classes with inheritance, mutable objects, loops, and early returns. In addition to these, Skiplang also incorporates ideas from “systems” languages supporting low-overhead abstractions, and compact memory layout of objects. Know more about the language from the Skiplang website and their GitHub repository. JDK 12 is all set for public release in March 2019 Python comes third in TIOBE popularity index for the first time Michael Barr releases embedded C coding standards

"Raise your game on merging kernel security fixes, you're leaving users exposed for weeks" -Jann Horn to maintainers of Ubuntu and Debian Jann Horn, the Google Project Zero researcher who discovered the Meltdown and Spectre CPU flaws, is making headlines once again. He has uncovered a cache invalidation bug in the Linux kernel. The kernel bug is a cache invalidation flaw in Linux memory management that has been tagged as CVE-2018-17182. The bug has been already reported to Linux kernel maintainers on September 12. Without any delay, Linux founder, Linus Torvalds fixed this bug in his upstream kernel tree two weeks ago. It was also fixed in the upstream stable kernel releases 4.18.9, 4.14.71, 4.9.128, and 4.4.157 and  3.16.58. Earlier last week, Horn released an "ugly exploit" for Ubuntu 18.04, which "takes about an hour to run before popping a root shell". The Bug discovered by Project Zero The vulnerability is a use-after-free (UAF) attack. It works by exploiting the cache invalidation bug in the Linux memory management system, thus allowing an attacker to obtain root access to the target system. UAF vulnerabilities are a type of ‘memory-based corruption bug’. Once attackers gain access to the system, they can cause system crashes, alter or corrupt data, and gain privileged user access. Whenever a userspace page fault occurs, for instance, when a page has to be paged in on demand, the Linux kernel has to look up the Virtual Memory Area (VMA) that contains the fault address to figure out how to handle the fault. To avoid any performance hit, Linux has a fastpath that can bypass the tree walk if the VMA was recently used. When a VMA is freed, the VMA caches of all threads must be invalidated - otherwise, the next VMA lookup would follow a dangling pointer. However, since a process can have many threads, simply iterating through the VMA caches of all threads would be a performance problem. To solve this, both the struct mm_struct and the per-thread struct vmacache are tagged with sequence numbers. When the VMA lookup fastpath discovers in vmacache_valid() that current->vmacache.seqnum and current->mm->vmacache_seqnum don't match, it wipes the contents of the current thread's VMA cache and updates its sequence number. The sequence numbers of the mm_struct and the VMA cache were only 32 bits wide, meaning that it was possible for them to overflow.  To overcome this, in version 3.16, an optimization was added. However, Horn asserts that this optimization is incorrect because it doesn't take into account what happens if a previously single-threaded process creates a new thread immediately after the mm_struct's sequence number has wrapped around to zero. The bug was fixed by changing the sequence numbers to 64 bits, thereby making an overflow infeasible, and removing the overflow handling logic.   Horn has raised concerns that some Linux distributions are leaving users exposed to potential attacks by not reacting fast enough to frequently updated upstream stable kernel releases. End users of Linux distributions aren't protected until each distribution merges the changes from upstream stable kernels, and then users install that updated release. Between these two points, the issue also gets exposure on public mailing lists, giving both Linux distributions and would-be attackers a chance to take action. As of today, Debian stable and Ubuntu releases 16.04 and 18.04 have not yet fixed the issue, in spite of the latest kernel update occurring around a month earlier. This means there's a gap of several weeks between the flaw being publicly disclosed and fixes reaching end users. Canonical, the UK company that maintains Ubuntu, has responded to Horn's blog, and says fixes "should be released" around Monday, October 1. The window of exposure between the time an upstream fix is published and the time the fix actually becomes available to users is concerning. This gap could be utilized by an attacker to write a kernel exploit in the meantime. It is no secret that Linux distributions don’t publish kernel updates regularly. This vulnerability highlights the importance of having a secure kernel configuration. Looks like the team at Linux needs to check and re-check their security patches before it is made available to the public. You can head over to Google Project Zero’s official blog page for more insights on the vulnerability and how it was exploited by Jann Horn. NetSpectre attack exploits data from CPU memory SpectreRSB targets CPU return stack buffer, found on Intel, AMD, and ARM chipsets Meet ‘Foreshadow’: The L1 Terminal Fault in Intel’s chips

Cloudflare announced a fast distributed native key-value store for Cloudflare Workers on Friday. They are calling this “Cloudflare Workers KV”. Cloudflare Workers is a new kind of computing platform which is built on top of their global network of over 150 data centers. It allows writing serverless code which runs in the fabric of the internet itself. This allows engaging with users faster than other platforms. Cloudflare Workers KV is built on a new architecture which eliminates cold starts and dramatically reduced the memory overhead of keeping the code running. The values can also be written from within a Cloudflare Worker. Cloudflare handles synchronizing keys and values across the network. Cloudflare Workers KV features Developers can augment their existing applications or build a new application on Cloudflare’s network using Cloudflare Workers and Cloudflare Workers KV. Cloudflare Workers KV can scale to support applications serving dozens or even millions of users. Some of its features are as follows. Serverless storage Cloudflare created a serverless execution environment at each of their 153 data centers with Cloudflare Workers, but it still caused customers to manage their own storage. But with Cloudflare Workers KV, global application access to a key-value store is just an API call away. Responsive applications anywhere Serverless applications that run on Cloudflare Workers get low latency access to a globally distributed key-value store. Cloudflare Workers KV achieves a low latency by caching replicas of the keys and values stored in Cloudflare's cloud network. Build without scaling concerns Cloudflare Workers KV allows developers to focus their time on adding new capabilities to their serverless applications. They won’t have to waste time scaling their key-value stores. Key features of Cloudflare Workers KV The key features of Cloudflare workers KV as listed on their website are: Accessible from all 153 Cloudflare locations Supports values up to 64 KB Supports keys up to 2 KB Read and write from Cloudflare Workers An API to write to Workers KV from 3rd party applications Uses Cloudflare’s robust caching infrastructure Set arbitrary TTLs for values Integrates with Workers Preview It is currently in beta. To know more about workers KV, visit the Cloudflare Blog and the Cloudflare website. Bandwidth Alliance: Cloudflare collaborates with Microsoft, IBM and others for saving bandwidth Cloudflare’s decentralized vision of the web: InterPlanetary File System (IPFS) Gateway to create distributed websites Google introduces Cloud HSM beta hardware security module for crypto key security

As promised by the Haiku team earlier this month, Haiku R1 now stands released in its beta version! After the big gap between Haikus’ latest release in November 2012, users can expect a lot more upgrades in the R1/beta1. The Haiku OS is known for its ease of use, responsiveness, and overall coherence. With improvements to its package manager, WebPositive, media subsystem and much more Haiku has made the wait worth its while! Let’s dive into some of the major upgrades of this release. #1  Package management The biggest upgrade in the R1 Beta is the addition of a complete package management system. Finalized and merged during 2013, Haiku packages are a special type of compressed filesystem image. These are ‘mounted’ upon installation and thereafter on each boot by the packagefs. It is worth noting that since packages are merely "activated", not installed, the bootloader has been given some capacity to affect them. Users can boot into a previous package state -in case they took a bad update- or even blacklist individual files. Installations and uninstallations of packages are practically instant. Users can manage the installed package set on a non-running Haiku system by mounting its boot disk and then manipulating the /system/packages directory and associated configuration files. The Haiku team has also introduced pkgman, the command-line interface to the package management system. Unlike most other package managers where packages can be installed only by name, Haiku packages can also be searched for and installed by provides, e.g. pkgman install cmd:rsync or pkgman install devel:libsdl2, which will locate the most relevant package that provides that, and install it. Accompanying the package manager is a massively revamped HaikuPorts, containing a wide array of both native and ported software for Haiku. #2 WebPositive upgrades The team has made the system web browser much more stable than before. Glitches with YouTube now stand fixed. While working on WebKit, the team also managed to fix a large number of bugs in Haiku itself - such as broken stack alignment, various kernel panics in the network stack, bad edge-case handling in app_server’s rendering core GCC upgrades and many more. HaikuWebKit now supports Gopher, which is its own network protocol layer. #3 Completely rewritten network preflet The newly rewritten network preflet, is designed for ease of use and longevity. In addition to the interface configuration screens, the preflet is also now able to manage the network services on the machine, such as OpenSSH and ftpd. It uses a plugin-based API, which helps third-party network services like VPNs, web servers, etc to integrate with it. #4 User interface cleanup & live color updates Mail and Tracker now sport Haiku-style toolbars and font-size awareness, among other applications. This will enable users to add proper DPI scaling and right-to-left layouts. Instead of requesting a specific system color and then manipulating it, most applications now instruct their controls to adopt certain colors based on the system color set directly. #5 Media subsystem improvements The Haiku team has made cleanups to the Media Kit to improve fault tolerance, latency correction, and performance issues. This will help with the Kit’s overall resilience. HTTP and RTSP streaming support integrated into the I/O layer of the Media Kit. Livestreams can now be played in WebPositive via HTML5 audio/video support, or in the native MediaPlayer. Significant improvements to the FFmpeg decoder plugin were made. Rather than the ancient FFmpeg 0.10, the last version that GCC2 can compile, FFmpeg 4.0 is now used all-around for a better support of both  audio and video formats, as well as significant performance improvements. The driver for HDA saw a good number of cleanups and wider audio support since the previous release. The DVB tuner subsystem saw a substantial amount of rework and the APE reader was also cleaned up and added to the default builds. #6 RemoteDesktop Haiku’s native RemoteDesktop application was improved and added to the builds. The RemoteDesktop forwards drawing commands from the host system to the client system, which for most applications consumes significantly lower bandwith. RemoteDesktop  can connect and run applications on any Haiku system that users have SSH access to, there is no need for a remote server. #7 New thread scheduler Haiku’s kernel thread scheduler is now O(1) (constant time) with respect to threads, and O(log N)(logarithmic time) with respect to processor cores. The new limit is 64 cores, this being an arbitrary constant that can be increased at any time. There are new implementations of the memcpy and memset primitives for x86 which constitute significant increases to their performance. #8 Updated Ethernet & WiFi drivers The ethernet & WiFi drivers, have been upgraded to those from FreeBSD 11.1. This brings in support for Intel’s newer “Dual Band” family, some of Realtek’s PCI chipsets, and newer-model chipsets in all other existing drivers. Additionally, the FreeBSD compatibility layer now interfaces with Haiku’s support for MSI-X interrupts, meaning that WiFi and ethernet drivers will take advantage of it wherever possible, leading to significant improvements in latency and throughput. #9 Updated file system drivers The NFSv4 client, was finally merged into Haiku itself, and is included by default. Additionally, Haiku’s userlandfs, which supports running filesystem drivers in userland, is now shipped along with Haiku itself. It supports running BeOS filesystem drivers, Haiku filesystem drivers, and provides FUSE compatibility. As a result, various FUSE-based filesystem drivers are now available in the ports tree, including FuseSMB, among others. Apart from the above mentioned features, users can look forward to EFI bootloader and GPT support, a build-in debugger, general system stabilization and much more! Reddit also saw comments from users waiting eagerly for this release: Source: Reddit  Source: Reddit After a long span of 17 years  from its day of launch, it would be interesting to see how this upgrade is received by the masses. To know more about Haiku R1, head over to their official site Sugar operating system: A new OS to enhance GPU acceleration security in web apps cstar: Spotify’s Cassandra orchestration tool is now open source! OpenSSL 1.1.1 released with support for TLS 1.3, improved side channel security  

CUDA 10.0 was released mid-September bringing updates to the compiler, tools, and libraries. Support has also been added for the Turing architectures compute_75 and sm_75. Compiler changes in CUDA 10.0 The paths of some compilers have been changed. The CUDA-C and CUDA-C++ compiler—nvcc, is now located in the bin/ directory. nvcc is built on top of the NVVM optimizer, which is built on top of the LLVM compiler infrastructure. If you want to target NVVM directly use the Compiler SDK available in the nvvm/ directory. The following files are compiler-internal and can change without any prior notice. Any files in include/crt and bin/crt Files like include/common_functions.h, include/device_double_functions.h, include/device_functions.h, include/host_config.h, include/host_defines.h, and include/math_functions.h nvvm/bin/cicc bin/cudafe++, bin/bin2c, and bin/fatbinary These compilers are supported as host compilers in nvcc: Clang 6.0 Microsoft Visual Studio 2017 (RTW, Update 8 and later) Xcode 9.4 XLC 16.1.x ICC 18 PGI 18.x (with -std=c++14 mode) Note that, starting with CUDA 10.0, nvcc supports all versions of Visual Studio 2017, previous versions and newer updates. There is a new libNVVM API function called nvvmLazyAddModuleToProgram in CUDA 10.0. This function is to be used for adding the libdevice module along with any other similar modules to a program for making it more efficient. The --extensible-whole-program (or -ewp) option has been added to nvcc. This option can be used to do whole-program optimizations. With this option you can use cuda-device-parallelism features without having to use separate compilation. Warp matrix functions (wmma), first introduced in PTX ISA version 6.0 are now fully supported retroactively from PTX ISA version 6.0 onwards. Tool changes Except for Nsight Visual Studio Edition (VSE) which is installed as a plug-in to Microsoft Visual Studio, the following tools are available in the bin/ directory (). IDEs like nsight (Linux, Mac), Nsight VSE (Windows) Debuggers like cuda-memcheck, cuda-gdb (Linux), Nsight VSE (Windows) Profilers like nvprof, nvvp, Nsight VSE (Windows) Utilities like cuobjdump, nvdisasm, gpu-library-advisor CUDA 10.0 now includes Nsight Compute, a set of developer tools for profiling and debugging. It is supported on Windows, Linux and Mac. nvprof now supports OpenMP tools interface. NVIDIA Tools Extension API (NVTX) V3 us now supported by the profiler. Changes are also made to the libraries nvJPEG, cuFFT, cuBLAS, NVIDIA Performance Primitives (NPP), and cuSOLVER. CUDA 10.0 has optimized libraries for Turing architecture and there is a new library called nvJPEG for GPU accelerated hybrid JPEG decoding. For a complete list of changes, visit the NVIDIA website. Microsoft Azure now supports NVIDIA GPU Cloud (NGC) NVIDIA leads the AI hardware race. But which of its GPUs should you use for deep learning? NVIDIA announces pre-orders for the Jetson Xavier Developer Kit, an AI chip for autonomous machines, at $2,499

Gremlin, the chaos engineering platform have revealed some exciting news today to coincide with the very first chaos engineering conference - Chaos Conf. Not only has the company raised a $18 million in its series B funding round, it has also launched a brand new feature. Application Level Fault Injection - ALFI - brings a whole new dimension to the Gremlin platform as it will allow engineering teams to run resiliency tests - or 'chaos experiments' - at an application level. Up until now, tests could only be run at the infrastructure level, targeting a specific host or container (although containers are only a recent addition). Bringing chaos engineering to serverless applications One of the benefits of ALFI is it will make it possible to run 'attacks' on serverless applications. Citing Cloudability's State of the Cloud 2018 report, the press release highlights that serverless adoption is growing rapidly. This means that Gremlin will now be able to expand its use cases and continue to move forward in its broader mission to help engineering teams improve the resiliency of their software in a manageable and accessible way. Matt Fornaciari, Gremlin CTO and co-founder, said: “With ALFI one of the first problems we wanted to address was improving the reliability and understanding of serverless providers like AWS Lambda and Azure Functions. It’s a tough problem to solve because the host is abstracted and it’s a very new technology -- but now we can run attacks at the application level, and with a level of precision that isn’t possible at the infrastructure level. We are giving them a scalpel to very specifically target particular communications between different systems and services.” One of the great benefits of ALFI is that it should help engineers to tackle different types of threats that might be missed if you simply focus on infrastructure. Yan Cui, Principal Engineer at DAZN, the sports streaming service explained, saying, "AWS Lambda protects you against some infrastructure failures, but you still need to defend against weakness in your own code. Application-level fault injection is a great way to uncover these weaknesses." A new chapter for Gremlin and a big step forward for chaos engineering It would seem that Gremlin is about to embark on a new chapter. But what will be even more interesting is the wider impact chaos engineering has on the industry. Research, such as this year's Packt Skill Up survey, indicates that chaos engineering is a trend that is still in an emergent phase. If Gremlin can develop a product that not only makes chaos engineering relatively accessible but also palatable for those making technical decisions, we might start to see things changing. It's clear that Redpoint Ventures, the VC firm leading Gremlin's Series B funding, sees a lot of potential in what the platform can offer the software landscape. Managing Director  Tomasz Tuguz said "In a world where nearly every business is an online business, Gremlin makes companies more resilient and saves millions of dollars in unnecessary disasters and outages. We’re thrilled to join them on this journey."

Yesterday, Krita 4.1.3 was released with several improvements in the Instant Preview mode, bezier curve tools, and Comics Project manager, along with many bug fixes. Krita is a free and open source raster graphics editor, designed mainly for digital painting and animation purposes. Round corners for the rectangle tool A new feature has been added for round corners for the rectangle tool. Whether you’re working on a pixel or a vector layer, you can set round corners for the resulting shape. In the previous versions, you could, of course, already round vector rectangles by editing the shape, but this tool makes it easier. New welcome screen This version comes with a new welcome screen, which provides some handy links, a list of recently used files, a link to create or open a file, and a hint that you can also drag and drop images in the empty window to open them. Improved Instant Preview mode Instant Preview works by computing a scaled-down version of the image and displaying that. In the previous versions, with some brushes, this mode would cause a little delay at the end of a stroke, or some flickering on the canvas. This is fixed in Krate 4.1.3 to give users a  smoother painting experience. Improved working with selections Krita’s selections can be referred to as vectors or as a pixel mask. If you’re working on a vector selection, using the figure tools such as rectangle or ellipse will now add a vector to the selection, instead of rasterizing the vector selection. Improved bezier curve tools The bezier curve tools now comes with an auto-smoothing option. If you select auto-smoothing, the created curve will be not a polygon, but a smooth curve with the type of all the points set to “smooth”. Comics Project manager The Comics Project manager, a Python plugin has seen a ton of improvements, especially when it comes to generating standard-compliant epub and acbf files. Some these improvements are: Improved navigation to generated epubs. Ensure generated EPUBs pass EPUB check validation. Several issues with the EPUB metadata export is fixed. Make the generated EPUB 3 files pre-paginated. This will allow comics to be rendered as part of a spread which should have a nice result. ComicBookInfo and ComicRack generators are updated Bug fixes This version comes with various bug fixes, some of which are listed here: A shortcut for the threshold filter is added Restore the shortcut for the invert filters. Hardcoded brush size limit for the Quick Brush is removed Fix rotation direction when the transformed piece is mirrored Stamp brush preview now scales correctly Automatically avoid conflicts between color labels and system colors The modified() getter to the Document class is added The resetCache() Python API to FileLayer is added Read the full announcement on Krita’s official website. “As Artists we should be constantly evolving our technical skills and thought processes to push the boundaries on what’s achievable,” Marco Matic Ryan, Augmented Reality Artist How Netflix uses AVA, an Image Discovery tool to find the perfect title image for each of its shows Microsoft acquires AI startup Lobe, a no code visual interface tool to build deep learning models easily Building VR objects in React V2 2.0: Getting started with polygons in Blender

Microsoft has come out with a production system that performs text-to-speech (TTS) synthesis using deep neural networks. This new production system makes it hard for you to distinguish the voice of computers from human voice recordings. The Neural text-to-speech synthesis has significantly reduced the ‘listening fatigue’ when talking about interaction with AI systems. It enables the system with human-like, natural sounding voice, that makes the interaction with chatbots and virtual assistants more engaging. This neural-network powered text-to-speech system was demonstrated by the Microsoft team at the Microsoft Ignite conference in Orlando, Florida, this week. Additionally, Neural text-to-speech converts digital texts such as e-books into audiobooks. It also enhances in-car navigation systems. Deep Neural networks are great at overcoming the limits of traditional text-to-speech systems. Neural networks are very accurate in matching the patterns of stress and intonation in spoken language, called prosody. They’re also quite effective in synthesizing the units of speech into a computer voice. Neural TTS Traditional text-to-speech systems generally break down the prosody into separate linguistic analysis and acoustic prediction steps that get governed by independent models. This usually results in muffled, buzzy voice synthesis. Whereas, neural networks perform prosody prediction and voice synthesis simultaneously. This results in a more fluid and natural-sounding voice. Microsoft makes use of the computational power of Azure to offer real-time streaming. This makes it useful for situations such as interacting with a chatbot or virtual assistant. This TTS capability is served in the Azure Kubernetes Service to ensure high scalability and availability. Only the preview of the text-to-speech service is available currently. The preview comes with two pre-built neural text-to-speech voices in English – Jessa, and Guy.  Microsoft will be making more languages available soon. It will also be offering customization services in 49 languages for customers wanting to build branded voices optimized for their specific needs. For more information, check out the official Microsoft Blog post. Microsoft acquires AI startup Lobe, a no code visual interface tool to build deep learning models easily DoWhy: Microsoft’s new python library for causal inference Say hello to FASTER: a new key-value store for large state management by Microsoft

Yesterday, IBM Watson announced the launch a set of new pre-trained AI tools for offering Connected Manufacturing. This offering includes a method and approach to help clients accelerate their IoT transformation, from strategy, implementation and security to managed services and ongoing operations. This new approach will help IBM’s client to connect all their manufacturing equipment, sensors, and systems for business improvement across OEE, quality, lead times and productivity. What is this new AI Watson enabled IoT approach all about? This new IoT offering by IBM focuses on industries that are heavily IoT dependent–industrial equipment, automotive (smart vehicles) and buildings (smart spaces). The IBM’s AI Watson solution, when combined with its Industrial IoT platform empowers,  provides ‘things’ with the data they need to understand the physical world as everything becomes connected. This helps customers to take advantage of the vast amounts of data generated by IoT. Kareem Yusuf, GM, IBM Watson IoT says, "We decided to release this largest-ever AI toolset pre-trained for industries and professions to help businesses re-imagine how they work. A key business advantage lies in tapping into organizational insights, historical customer data, internal reporting, past transactions, and client interactions. These elements are too often underutilized." Rob Enderle, Principal Analyst at tech analyst firm The Enderle Group said, "Training is where AI deployments get hung up. Much of the initial work with developed AI is to create this training, which then, through machine learning, can be passed on to new systems, significantly lowering the deployment cost and time to value. This is a critical phase to maturing the platform and getting it closer to its operational and sales potential." With the heavy lifting completed during the training period, Watson is ready to start producing targeted, industry-specific insights right away. Enderle further added, "Getting the system to this phase is anything but trivial. Once there, machine learning can allow the replication of an unlimited number of systems,". Areas where IBM is pre-training Watson for industries and functions Agriculture AI-powered visual recognition capabilities let growers decide where to spray pesticides, determine the severity of damage from pests and diseases, and forecast water usage. Farmers also gain insights from temperature and moisture levels, as well as crop distress. Human Resources IBM Watson Talent lets recruiters analyze the backgrounds of top-performing employees to find candidates for new positions. In fact, AI could help reduce bias in hiring decisions, according to IBM. Psychologists helped IBM produce an AI scoring system, which lets recruiters quickly sort through candidates. Marketing IBM Watson Assistant for Marketing is a component of Watson Campaign Automation SaaS. The assistant allows companies to evaluate their marketing campaigns, engage in more direct conversations with customers, and create a personalized customer experience. Manufacturing The Watson toolset for the manufacturing industry will provide visual and acoustic inspection capabilities. AI technology will also allow manufacturers to predict when equipment failures might occur, as well as energy waste and product quality issues. AI will let manufacturers gain insights and deal with workforce attrition, skills gaps, and rising raw material costs. The pre-training is also taking place in the advertising, commercial and transportation space To know more about this in detail, visit IBM’s official website. How IBM Watson is paving the road for Healthcare 3.0 Watson-CoreML : IBM and Apple’s new machine learning collaboration project Stack skills, not degrees: Industry-leading companies, Google, IBM, Apple no longer require degrees

After announcing TypeScript 3.1 RC version last week, Microsoft released TypeScript 3.1 as a stable version, yesterday. This release comes with support for mapped array and tuple types, easier properties on function declarations, typesVersions for version redirects, and more. Support for mapped array and tuple types TypeScript has a concept called ‘mapped object type’ which can generate new types out of existing ones. Instead of introducing a new concept for mapping over a tuple, mapped object types now just “do the right thing” when iterating over tuples and arrays. This means that if you are using the existing mapped types like Partial or Required from lib.d.ts, they will now also automatically work on tuples and arrays. This change will eliminate the need to write a ton of overrides. Properties on function declarations For any function or const declaration that’s initialized with a function, the type-checker will analyze the containing scope to track any added properties. This enables users to write canonical JavaScript code without resorting to namespace hacks. Additionally, this approach for property declarations allows users to express common patterns like defaultProps and propTypes on React stateless function components (SFCs). Introducing typesVersions for version redirects Users are always excited to use new type system features in their programs or definition files. However, for the library maintainers, this creates a difficult situation where they are forced to choose between supporting new TypeScript features and not breaking its older versions. To solve this, TypeScript 3.1 introduces a new feature called typesVersions. When TypeScript opens a package.json file to figure out which files it needs to read, it will first look for the typesVersions field. The field will tell TypeScript to check which version of TypeScript is running. If the version in use is 3.1 or later, it figures out the path you've imported relative to the package and reads from the package's ts3.1 folder. Refactor from .then() to await With this new refactoring, you can now easily convert functions that return promises constructed with chains of .then() and .catch() calls to async functions that uses await. Breaking changes Vendor-specific declarations removed: TypeScript's built-in .d.ts library and other built-in declaration file libraries are partially generated using Web IDL files provided from the WHATWG DOM specification. While this makes keeping lib.d.ts easier, many vendor-specific types have been removed. Differences in narrowing functions: Using the typeof foo === "function" type guard may provide different results when intersecting with relatively questionable union types composed of {}, Object, or unconstrained generics. How to install this latest version? You can get the latest version through NuGet or via npm by running: npm install -g typescript According to their roadmap, TypeScript 3.2 is scheduled to be released in November with strictly-typed call/bind/apply on function types. To read the full list of updates, check their official announcement on MSDN. TypeScript 3.1 RC released TypeScript 3.0 is finally released with ‘improved errors’, editor productivity and more How to work with classes in Typescript

ESET researchers stated that they have found evidence that 'Fancy Bear' (Russia-backed hackers group) is using ‘LoJax’ malware to target certain government organizations in Europe. This research was presented on Thursday at the 2018 Microsoft BlueHat conference. This is the first case of a UEFI rootkit recorded as ‘active’ and still in use. The researchers have not explicitly named the governments that have been targeted. They have only stated that the hackers were active in targeting the Balkans and some central and eastern European countries. This attempt to target european governments is another one of Fancy Bears tactics after hacking into the Democratic National Committee. The hackers had previously targeted senators, social media sites, the French presidential elections, and leaked Olympic athletes’ confidential medical files, which demonstrates their hacking abilities. The LoJax UEFI rootkit LoJax is known for its brutal persistence in making it challenging to remove from a system. It embeds itself in the computer’s firmware and launches when the OS boots up. Sitting in a computer’s flash memory,  LoJax consumes time, effort and extreme care to reflash the memory with a new firmware. In May 2018, Arbor Networks suggested that this Russian hacker group was utilizing Absolute Software's 'LoJack'- a legitimate laptop recovery solution- for unscrupulous means. Hackers tampered with the samples of the LoJack software and programmed it to communicate with a command-and-control (C2) server controlled by Fancy Bear, rather than the legitimate Absolute Software server. The modified version was named as LoJax to separate it from Absolute Software's legitimate solution. LoJax is implemented as a UEFI/BIOS module, to resist operating system wipes or hard drive replacement. This UEFI rootkit was found bundled together with a toolset that was able to patch a victim's system firmware and install malware at the system’s deepest level. In at least one recorded case, the hackers behind the malware were able to write a malicious UEFI module into a system's SPI flash memory leading to the execution of malicious code on disk during the boot process. ESET further added that the malicious UEFI module is being bundled into exploit kits which are able to access and patch UEFI/BIOS settings. Alongside the malware, three other tools were found in Fancy Bear's refreshed kit. A tool that dumps information related to PC settings into a text file A tool to save an image of the system firmware by reading the contents of the SPI flash memory where the UEFI/BIOS is located A tool that adds the malicious UEFI module to the firmware image to write it back to the SPI flash memory. The researchers affirm that the UEFI rootkit has increased the severity of the hacking group. However, there are preventative measures to safeguard your system against this notorious group of hackers. The Fancy Bear’s rootkit isn’t properly signed and hence a computer’s Secure Boot feature could prevent the attack by properly verifying every component in the boot process. This can be switched on at a computer’s pre-boot settings. For more insights on this news, head over to ZDNet. Microsoft claims it halted Russian spearphishing cyberattacks Russian censorship board threatens to block search giant Yandex due to pirated content UN meetings ended with US & Russia avoiding formal talks to ban AI enabled killer robots