How-To Tutorials

At the ongoing PyCon 2019 event, Python Steering Council shed some light on the recent changes in the Python governance structure and what these changes mean for the larger Python community. PyCon 2019 is the biggest gathering of developers and experts who work with the Python programming language. It is scheduled from May 1 to May 9 and is happening at Cleveland, Ohio. Backed by Python Software Foundation (PSF), this event hosts various tutorials, talks, summits, as well as a job fair. The Python Steering Council After a two week nomination period (January 7 to January 20), which was followed by a two week voting period (January 21 to February 4), five members were selected for the Python Steering Council: Guido van Rossum, the brilliant mind behind the Python programming language and the former Python BDFL (Benevolent Dictator for Life). Barry Warsaw, a Senior Staff Software Engineer at LinkedIn, and also the lead maintainer for Jython. Brett Cannon, a Principal Software Engineering Manager at Microsoft and a  Python core developer for over 15 years. Carol Willing, a Research Software Engineer for Project Jupyter, Python core developer, and PSF Fellow Nick Coghlan, a CPython Core developer for Python Software Foundation On why Guido van Rossum stepped down from being BDFL Since the dawn of the Python era, Guido van Rossum served as its Benevolent Dictator for Life (BDFL). It is a designation given to open-source software development leaders who have the final say in any kind of argument within the community. Guido stepped down from this designation last year in July and became a part of the Steering Council. Being a BDFL he was responsible for going through all the Python-ideas that might become controversial. Eventually, it ended up becoming his responsibility to take the final decision for PEPs which has already been discussed among the people with greater domain knowledge and expertise. After playing such a key authoritative role for nearly 30 years, Guido started experiencing, what is really common nowadays in the tech industry, the burnout syndrome. So, he finally took the right step of stepping down from his role as a BDFL and urging the core python core developers to discuss and decide amongst themselves the kind of governance structure they want for the community going forward. After months of intense research and debate, the team arrived at the decision of distributing these responsibilities among the five elected steering council members who have earned the trust of the Python community. He adds, “...that's pretty stressful and so I'm very glad that responsibility is now distributed over five experts who have more trust of the community because they've actually been voted in rather than just becoming the leader by happenstance.” Sharing his feelings about stepping down from the BDFL role, he said, “...when your kid goes off to college some of you may have experience with that I will soon have that experience. You're no longer directly involved in their lives maybe but you never stop worrying and that's how I feel about Python at the moment and that's why I nominated myself for the steering committee.” Changes in the PEP process with the new governance model The purpose behind Python Enhancement Proposals (PEPs) was to take away the burden from Guido of going through each and every email to understand what the proposal was about. He just needed to read one document listing all the pros and cons related to the proposal and then make a decision. This entire decision-making process was documented within the PEPs. With the growing Python community, this process became quite unattainable for Guido as all the decisions funneled through him. So, that is why the idea of BDFL delegate came up: an expert who will take care of the decision-making for a particular feature. However, earlier employing a BDFL delegate was the last resort and it was done for those aspects of the ecosystem that Guido didn't want to get involved in. With the new governance model, this has become the first resort. Barry Warsaw, said, “...we don't want to make those decisions if there are people in the community who are better equipped to do that. That's what we want to do, we want to allow other people to become engaged with shaping where Python is going to go in the next 25 years.” Hiring a Project Manager to help transition from Python 2 to 3 The countdown for Python 2 has started and it will not be maintained past 2019. The steering council has plans for hiring a Project Manager to help them better manage the sunset of Python 2. The PM will also have the responsibility of looking into minor details as well, for instance, in the documentation, there is mention of Python 2 and 3. These instances will need to be updated, as from 2020 we will only have Python and eventually developers will not have to care about the major numbers. For the systems that haven't migrated, there will be commercial vendors offering support beyond 2020. There will also be options for business-critical systems, but it will take time, shared Willing. One of the responsibilities that the PM role will take care of will be looking into the various best practices that other companies have followed for the migration and help others to easily migrate. Willing said, “Back in a couple of years, Instagram did a great keynote about how they were moving things from 2 to 3. I think one of the things that we want a PM to help us in this transition is to really take those best practices that we're learning from large companies who have found the business case to transition to make it easier.” Status of CPython issue tracking migration from Roundup to GitHub All PSF’s projects including CPython have moved to GitHub, but the issue tracking for CPython is still done through Roundup. Marieta Wijaya, a Platform Engineer at Zapier and a core python developer, wrote PEP 581 that proposes using GitHub for its issue tracking. Barry Warsaw has taken the initial steps and split the PEP into PEP 581 and 588. While PEP 581 gives the rationale and background, PEP 588 gives a detailed plan of how the migration will take place. The council has requested the PSF to hire a PM to take the responsibilities of the migration. Brett Cannon adds, “...with even the PSF about potentially trying to have a PM sort of role to help handle the migration because we realize that if we go forward with this the migration of those issues are going to be critical and we don't want any problems.” The features or improvements Python Packaging Workgroup should now focus on The Python Packaging Workgroup supports the efforts taken for improving and maintaining the packaging ecosystem in Python by fundraising and distributing this fund among different efforts. The efforts this workgroup supports include PyPI, pip, packaging.python.org, setuptools, and cross-project efforts. Currently, the workgroup is supporting the Warehouse project, which is a new implementation of PyPI aiming to solve the issues PyPI users face. Last year, the workgroup came out with the Warehouse code base and in March this year they have laid out work for the next set of improvements which will be around security and accessibility. When Coghlan was asked about what are the next steps now, he shared that they are looking into improving the overall publisher experience. He adds, that though there have been improvements in the consumer experience, very fewer efforts have been put on improving the publisher side. Publisher-side releases are becoming complicated, people want to upload source distributions with multiple wheels for different platforms and different Python versions. Currently, the packaging process is not that flexible. “at the moment the packing index is kind of this instant publish thing like you push it up and it's done...we'd really like to be able to offer a staging area where people can put up all the artifacts for release, make sure everything's in order, and then once they're happy with the release, push button and have it go publish.” These were some of the highlights from the discussion about the changes in the Python governance structure. You can watch the full discussion on YouTube: https://www.youtube.com/watch?v=8dDp-UHBJ_A&feature=youtu.be&t=379 Creators of Python, Java, C#, and Perl discuss the evolution and future of programming language design at PuPPy Mozilla introduces Pyodide, a Python data science stack compiled to WebAssembly RStudio 1.2 releases with improved testing and support for Python chunks, R scripts, and much more!

Last week, Git repositories were hit by a suspicious activity where attackers targeted GitHub, GitLab, and Bitbucket users, wiping code and commits from multiple repositories. The surprising fact is that attackers used valid credentials, i.e. a password or personal access token to break into these repositories. Not only did they sweep the entire repository, but they also left a ransom note demanding 0.1 Bitcoin (BTC). On May 3, GitLab’s Director of Security, Kathy Wang, said, “We identified the source based on a support ticket filed by Stefan Gabos yesterday, and immediately began investigating the issue. We have identified affected user accounts and all of those users have been notified. As a result of our investigation, we have strong evidence that the compromised accounts have account passwords being stored in plaintext on deployment of a related repository.” According to GitLab’s official post, “All total, 131 users and 163 repositories were, at a minimum, accessed by the attacker. Affected accounts were temporarily disabled, and the owners were notified.” This incident first took place on May 2, 2019 at around 10 pm GMT when GitLab received the first report of a repository being wiped off with one commit named ‘WARNING’, which contained a single file containing the ransom note asking the targets to transfer 0.1 BTC (approx. $568) to the attacker’s Bitcoin address, if they want to get their data back. If they failed to transfer the amount, the targets were threatened that their code would be hosted as public. Here’s the ransom note that was left behind: “To recover your lost data and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at admin@gitsbackup.com with your Git login and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we dont receive your payment in the next 10 Days, we will make your code public or use them otherwise.” “The targets who had their repos compromised use multiple Git-repository management platforms, with the only other connection between the reports besides Git being that the victims were using the cross-platform SourceTree free Git client”, The Bleeping Computer reports. GitLab, however, commented that they have notified the affected GitLab users and are working to resolve the issue soon. According to BitcoinAbuse.com, a website that tracks Bitcoin addresses used for suspicious activity, there have been 27 abuse reports with the first report filed on May 2. “When searching for it on GitHub we found 392 impacted repositories which got all their commits and code wiped using the 'gitbackup' account which joined the platform seven years ago, on January 25, 2012. Despite that, none of the victims have paid the ransom the hackers have asked for, seeing that the Bitcoin address received only 0.00052525 BTC on May 3 via a single transaction, which is the equivalent of roughly $2.99”, Bleeping Computer mentions. A GitHub spokesperson told the Bleeping Computers, “GitHub has been thoroughly investigating these reports, together with the security teams of other affected companies, and has found no evidence GitHub.com or its authentication systems have been compromised. At this time, it appears that account credentials of some of our users have been compromised as a result of unknown third-party exposures.” Team GitLab has further recommended all GitLab users to enable two-factor authentication and use SSH keys to strengthen their GitLab account. Read Also: Liz Fong-Jones on how to secure SSH with Two Factor Authentication (2FA) One of the StackExchange users said, “I also have 2FA enabled, and never got a text message indicating they had a successful brute login.” One StackExchange user received a response from Atlassian, the company behind Bitbucket and the cross-platform free Git client SourceTree, "Within the past few hours, we detected and blocked an attempt — from a suspicious IP address — to log in with your Atlassian account. We believe that someone used a list of login details stolen from third-party services in an attempt to access multiple accounts." Bitbucket users impacted by this breach, received an email stating, “We are in the process of restoring your repository and expect it to be restored within the next 24 hours. We believe that this was part of a broader attack against several git hosting services, where repository contents were deleted and replaced with a note demanding the payment of ransom. We have not detected any other compromise of Bitbucket. We have proactively reset passwords for those compromised accounts to prevent further malicious activity. We will also work with law enforcement in any investigation that they pursue. We encourage you and your team members to reset all other passwords associated with your Bitbucket account. In addition, we recommend enabling 2FA on your Bitbucket account.” According to Stefen Gabos’ thread on StackExchange Security forum, he mentions that the hacker does not actually delete, but merely alters Git commit headers. So there are chances that code commits can be recovered, in some cases. “All evidence suggests that the hacker has scanned the entire internet for Git config files, extracted credentials, and then used these logins to access and ransom accounts at Git hosting services”, ZDNet reports. https://twitter.com/bad_packets/status/1124429828680085504 To know more about this news and further updates visit GitLab’s official website. DockerHub database breach exposes 190K customer data including tokens for GitHub and Bitbucket repositories Facebook confessed another data breach; says it “unintentionally uploaded” 1.5 million email contacts without consent Understanding the cost of a cybersecurity attack: The losses organizations face

Time series modeling and forecasting are tricky and challenging. The i.i.d (identically distributed independence) assumption does not hold well to time series data. There is an implicit dependence on previous observations and at the same time, a data leakage from response variables to lag variables is more likely to occur in addition to inherent non-stationarity in the data space. By non-stationarity, we mean flickering changes of observed statistics such as mean and variance. It even gets trickier when taking inherent nonlinearity into consideration. Cross-validation is a well-established methodology for choosing the best model by tuning hyper-parameters or performing feature selection. There are a plethora of strategies for implementing optimal cross-validation. K-fold cross-validation is a time-proven example of such techniques. However, it is not robust in handling time series forecasting issues due to the nature of the data as explained above. In this tutorial, we shall explore two more techniques for performing cross-validation; time series split cross-validation and blocked cross-validation, which is carefully adapted to solve issues encountered in time series forecasting. We shall use Python 3.5, SciKit Learn, Matplotlib, Numpy, and Pandas. By the end of this tutorial you will have explored the following topics: Time Series Split Cross-Validation Blocked Cross-Validation Grid Search Cross-Validation Loss Function Elastic Net Regression Cross-Validation Image Source: scikit-learn.org First, the data set is split into a training and testing set. The testing set is preserved for evaluating the best model optimized by cross-validation. In k-fold cross-validation, the training set is further split into k folds aka partitions. During each iteration of the cross-validation, one fold is held as a validation set and the remaining k - 1 folds are used for training. This allows us to make the best use of the data available without annihilation. It also allows us to avoid biasing the model towards patterns that may be overly represented in a given fold. Then the error obtained on all folds is averaged and the standard deviation is calculated. One usually performs cross-validation to find out which settings give the minimum error before training a final model using these elected settings on the complete training set. Flavors of k-fold cross-validations exist, for example, leave-one-out and nested cross-validation. However, these may be the topic of another tutorial. Grid Search Cross-Validation One idea to fine-tune the hyper-parameters is to randomly guess the values for model parameters and apply cross-validation to see if they work. This is infeasible as there may be exponential combinations of such parameters. This approach is also called Random Search in the literature. Grid search works by exhaustively searching the possible combinations of the model’s parameters, but it makes use of the loss function to guide the selection of the values to be tried at each iteration. That is solving a minimization optimization problem. However, in SciKit Learn it explicitly tries all the possible combination which makes it computationally expensive. When cross-validation is used in the inner loop of the grid search, it is called grid search cross-validation. Hence, the optimization objective becomes minimizing the average loss obtained on the k folds. R2 Loss Function Choosing the loss function has a very high impact on model performance and convergence. In this tutorial, I would like to introduce to you a loss function, most commonly used in regression tasks. R2 loss works by calculating correlation coefficients between the ground truth target values and the response output from the model. The formula is, however, slightly modified so that the range of the function is in the open interval [+1, -∞]. Hence, +1 indicates maximum positive correlation and negative values indicate the opposite. Thus, all the errors obtained in this tutorial should be interpreted as desirable if their value is close to +1. It is worth mentioning that we could have chosen a different loss function such as L1-norm or L2-norm. I would encourage you to try the ideas discussed in this tutorial using other loss functions and observe the difference. Elastic Net Regression This also goes in the literature by the name elastic net regularization. Regularization is a very robust technique to avoid overfitting by penalizing large weights or in other words it alters the objective function by emphasizing the errors caused by memorizing the training set. Vanilla linear regression can be tricked into learning the parameters that perform very well on the training set, but yet fail to generalize for unseen new samples. Both L1-regularization and L2-regularization were incorporated to resolve overfitting and are known in the literature as Lasso and Ridge regression respectively. Due to the critique of both Lasso and Ridge regression, Elastic Net regression was introduced to mix the two models. As a result, some variables’ coefficients are set to zero as per L1-norm and some others are penalized or shrank as per the L2-norm. This model combines the best from both worlds and the result is a stable, robust, and a sparse model. As a consequence, there are more parameters to be fine-tuned. That’s why this is a good example to demonstrate the power of cross-validation. Crypto Data Set I have obtained ETHereum/USD exchange prices for the year 2019 from cryptodatadownload.com which you can get for free from the website or by running the following command: $ wget http://www.cryptodatadownload.com/cdd/Gemini_ETHUSD_d.csv Now that you have the CSV file you can import it to Python using Pandas. The daily close price is used as both regressor and response variables. In this setup, I have used a lag of 64 days for regressors and a target of 8 days for responses. That is, given the past 64 days closing prices forecast the next 8 days. Then the resulting nan rows at the tail are dropped as a way to handle missing values. df = pd.read_csv('./Gemini_ETHUSD_d.csv', skiprows=1) for i in range(1, STEPS): col_name = 'd{}'.format(i) df[col_name] = df['d0'].shift(periods=-1 * i) df = df.dropna() Next, we split the data frame into two one for the regressors and the other for the responses. And then split both into two one for training and the other for testing. X = df.iloc[:, :TRAIN_STEPS] y = df.iloc[:, TRAIN_STEPS:] X_train = X.iloc[:SPLIT_IDX, :] y_train = y.iloc[:SPLIT_IDX, :] X_test = X.iloc[SPLIT_IDX:, :] y_test = y.iloc[SPLIT_IDX:, :] Model Design Let’s define a method that creates an elastic net model from sci-kit learn and since we are going to forecast more than one future time step, let’s use a multi-output regressor wrapper that trains a separate model for each target time step. However, this introduces more demand for computation resources. def build_model(_alpha, _l1_ratio): estimator = ElasticNet( alpha=_alpha, l1_ratio=_l1_ratio, fit_intercept=True, normalize=False, precompute=False, max_iter=16, copy_X=True, tol=0.1, warm_start=False, positive=False, random_state=None, selection='random' ) return MultiOutputRegressor(estimator, n_jobs=4) Blocked and Time Series Splits Cross-Validation The best way to grasp the intuition behind blocked and time series splits is by visualizing them. The three split methods are depicted in the above diagram. The horizontal axis is the training set size while the vertical axis represents the cross-validation iterations. The folds used for training are depicted in blue and the folds used for validation are depicted in orange. You can intuitively interpret the horizontal axis as time progression line since we haven’t shuffled the dataset and maintained the chronological order. The idea for time series splits is to divide the training set into two folds at each iteration on condition that the validation set is always ahead of the training split. At the first iteration, one trains the candidate model on the closing prices from January to March and validates on April’s data, and for the next iteration, train on data from January to April, and validate on May’s data, and so on to the end of the training set. This way dependence is respected. However, this may introduce leakage from future data to the model. The model will observe future patterns to forecast and try to memorize them. That’s why blocked cross-validation was introduced.  It works by adding margins at two positions. The first is between the training and validation folds in order to prevent the model from observing lag values which are used twice, once as a regressor and another as a response. The second is between the folds used at each iteration in order to prevent the model from memorizing patterns from an iteration to the next. Implementing k-fold cross-validation using sci-kit learn is pretty straightforward, but in the following lines of code, we pass the k-fold splitter explicitly as we will develop the idea further in order to implement other kinds of cross-validation. model = build_model(_alpha=1.0, _l1_ratio=0.3) kfcv = KFold(n_splits=5) scores = cross_val_score(model, X_train, y_train, cv=kfcv, scoring=r2) print("Loss: {0:.3f} (+/- {1:.3f})".format(scores.mean(), scores.std())) This outputs: Loss: -103.076 (+/- 205.979) The same applies to time series splitter as follows: model = build_model(_alpha=1.0, _l1_ratio=0.3) tscv = TimeSeriesSplit(n_splits=5) scores = cross_val_score(model, X_train, y_train, cv=tscv, scoring=r2) print("Loss: {0:.3f} (+/- {1:.3f})".format(scores.mean(), scores.std())) This outputs: Loss: -9.799 (+/- 19.292) Sci-kit learn gives us the luxury to define any new types of splitters as long as we abide by its splitter API and inherit from the base splitter. class BlockingTimeSeriesSplit(): def __init__(self, n_splits): self.n_splits = n_splits def get_n_splits(self, X, y, groups): return self.n_splits def split(self, X, y=None, groups=None): n_samples = len(X) k_fold_size = n_samples // self.n_splits indices = np.arange(n_samples) margin = 0 for i in range(self.n_splits): start = i * k_fold_size stop = start + k_fold_size mid = int(0.8 * (stop - start)) + start yield indices[start: mid], indices[mid + margin: stop] Then we can use it exactly the same way like before. model = build_model(_alpha=1.0, _l1_ratio=0.3) btscv = BlockingTimeSeriesSplit(n_splits=5) scores = cross_val_score(model, X_train, y_train, cv=btscv, scoring=r2) print("Loss: {0:.3f} (+/- {1:.3f})".format(scores.mean(), scores.std())) This outputs: Loss: -15.527 (+/- 27.488) Please notice how the loss is different among the different types of splitters. In order to interpret the results correctly, let’s put it to test by using grid search cross-validation to find the optimal values for both regularization parameter alpha and -ratio that controls how much -norm contributes to the regularization. It follows that -norm contributes 1 - . params = { 'estimator__alpha':(0.1, 0.3, 0.5, 0.7, 0.9), 'estimator__l1_ratio':(0.1, 0.3, 0.5, 0.7, 0.9) } for i in range(100): model = build_model(_alpha=1.0, _l1_ratio=0.3) finder = GridSearchCV( estimator=model, param_grid=params, scoring=r2, fit_params=None, n_jobs=None, iid=False, refit=False, cv=kfcv, # change this to the splitter subject to test verbose=1, pre_dispatch=8, error_score=-999, return_train_score=True ) finder.fit(X_train, y_train) best_params = finder.best_params_ Experimental Results K-Fold Cross-Validation Optimal Parameters Grid-search cross-validation was run 100 times in order to objectively measure the consistency of the results obtained using each splitter. This way we can evaluate the effectiveness and robustness of the cross-validation method on time series forecasting. As for the k-fold cross-validation, the parameters suggested were almost uniform. That is, it did not really help us in discriminating the optimal parameters since all were equally good or bad. Time Series Split Cross-Validation Optimal Parameters Blocked Cross-Validation Optimal Parameters However, in both the cases of time series split cross-validation and blocked cross-validation, we have obtained a clear indication of the optimal values for both parameters. In case of blocked cross-validation, the results were even more discriminative as the blue bar indicates the dominance of -ratio optimal value of 0.1. Ground Truth vs Forecasting After having obtained the optimal values for our model parameters, we can train the model and evaluate it on the testing set. The results, as depicted in the plot above, indicate smooth capture of the trend and minimum error rate. # optimal model model = build_model(_alpha=0.1, _l1_ratio=0.1) # train model model.fit(X_train, y_train) # test score y_predicted = model.predict(X_test) score = r2_score(y_test, y_predicted, multioutput='uniform_average') print("Test Loss: {0:.3f}".format(score)) The output is: Test Loss: 0.925 Ideas for the Curious In this tutorial, we have demonstrated the power of using the right cross-validation strategy for time-series forecasting. The beauty of machine learning is endless. Here you’re a few ideas to try out and experiment on your own: Try using a different more volatile data set Try using different lag and target length instead of 64 and 8 days each. Try different regression models Try different loss functions Try RNN models using Keras Try increasing or decreasing the blocked splits margins Try a different value for k in cross-validation References Jeff Racine,Consistent cross-validatory model-selection for dependent data: hv-block cross-validation,Journal of Econometrics,Volume 99, Issue 1,2000,Pages 39-61,ISSN 0304-4076. Dabbs, Beau & Junker, Brian. (2016). Comparison of Cross-Validation Methods for Stochastic Block Models. Marcos Lopez de Prado, 2018, Advances in Financial Machine Learning (1st ed.), Wiley Publishing. Doctor, Grado DE et al. “New approaches in time series forecasting: methods, software, and evaluation procedures.” (2013). Learn More Seize the chance to learn more about time series forecasting techniques, machine learning, trading strategies, and algorithmic trading on my step by step online video course: Hands-on Machine Learning for Algorithmic Trading Bots with Python on PacktPub. Author Bio Mustafa Qamar-ud-Din is a machine learning engineer with over 10 years of experience in the software development industry engaged with startups on solving problems in various domains; e-commerce applications, recommender systems, biometric identity control, and event management. Time series modeling: What is it, Why it matters and How it’s used Implementing a simple Time Series Data Analysis in R Training RNNs for Time Series Forecasting

JupyterHub 1.0 was released last week as the first major update since 2015. JupyterHub allows multiple users to use Jupyter notebook. JupyterHub 1.0 comes with UI support for managing named servers, and TLS encryption and authentication support, among others. What’s new in JupyterHub 1.0? UI for named servers JupyterHub 1.0 comes with full UI support for managing named servers. Named servers allow each Jupyterhub user to have access to more than one named server. JupyterHub 1.0 introduces a new UI for managing these servers. Users can now create/start/stop/delete their servers from the hub home page. Source: Jupyter blog TLS encryption and authentication JupyterHub 1.0 supports TLS encryption and authentication of all internal communication. Spawners must implement .move_certs method to make certificates available to the notebook server if it is not local to the Hub. Currently, local spawners and DockerSpawner support internal ssl. Checking and refreshing authentication JupyterHub. 1.0 introduces three new configurations to refresh or expire authentication information. c.Authenticator.auth_refresh_age allows authentication to expire after a number of seconds. c.Authenticator.refresh_pre_spawn forces a refresh of authentication prior to spawning a server, effectively requiring a user to have up-to-date authentication when they start their server. Authenticator.refresh_auth defines what it means to refresh authentication and can be customized by Authenticator implementations. Other changes A new API is added in JupyterHub 1.0 for registering user activity. Activity is now tracked by pushing it to the Hub from user servers instead of polling the proxy API. Dynamic options_form callables may now return an empty string which will result in no options form being rendered. Spawner.user_options is persisted to the database to be re-used so that a server spawned once via the form can be re-spawned via the API with the same options. c.PAMAuthenticator.pam_normalize_username, option is added for round-tripping usernames through PAM to retrieve the normalized form. c.JupyterHub.named_server_limit_per_user configuration is added to limit the number of named servers each user can have. The default is 0, for no limit. API requests to HubAuthenticated services (e.g. single-user servers) may pass a token in the Authorization header, matching authentication with the Hub API itself. Authenticator.is_admin(handler, authentication) method and Authenticator.admin_groups configuration is added for automatically determining that a member of a group should be considered an admin. These are just a select few updates. For the full list of new features and improvements in JupyterHub 1.0, visit the changelog. You can upgrade jupyterhub with conda or pip: conda install -c conda-forge jupyterhub==1.0.* pip install --upgrade jupyterhub==1.0.* Users were quite excited about the release. Here are some comments from a Hacker News thread. “This is really cool and I’m impressed by the jupyter team. My favorite part is that it’s such a good product that beats the commercial products because it’s hard to figure out, I think, commercial models that support this wide range of collaborators (people who view once a month to people who author every day).” “Congratulations! JupyterHub is a great project with high-quality code and docs. Looking forward to trying the named servers feature as I run a JupyterHub instance that spawns servers inside containers based on a single image which inevitably tends to grow as I add libraries. Being able to manage multiple servers should allow me to split the image into smaller specialized images.” Introducing Jupytext: Jupyter notebooks as Markdown documents, Julia, Python or R scripts How everyone at Netflix uses Jupyter notebooks from data scientists, machine learning engineers, to data analysts. 10 reasons why data scientists love Jupyter notebooks

Despite Facebook’s frequent appearance in the news for all the wrong reasons, we cannot deny that its open source contributions to AI have been its one redeeming quality. At its F8 annual developer conference showcasing its exceptional AI prowess, Facebook shared how the production-ready PyTorch 1.0 is being adopted by the community and also the release of PyTorch 1.1. Facebook introduced PyTorch in 2017, and since then it has been well-received by developers. It partnered with the AI community for further development in PyTorch and released the stable version last year in December. Along with optimizing and fixing other parts of PyTorch, the team introduced Just-in-time compilation for production support that allows seamless transitions between eager mode and graph mode. PyTorch 1.0 in leading businesses, communities, and universities Facebook is leveraging end-to-end workflows of PyTorch 1.0 for building and deploying translation and NLP at large scale. These NLP systems are delivering a staggering 6 billion translations for applications such as Messenger. PyTorch has also enabled Facebook to quickly iterate their ML systems. It has helped them accelerate their research-to-production cycle. Other leading organizations and businesses are also now using PyTorch for speeding up the development of AI features. Airbnb’s Smart Reply feature is backed by PyTorch libraries and APIs for conversational AI. ATOM (Accelerating Therapeutics for Opportunities in Medicine) has come up with a variational autoencoder that represents diverse chemical structures and designs new drug candidates. Microsoft has built large-scale distributed language models that are now in production in offerings such as Cognitive Services. PyTorch 1.1 releases with new model understanding and visualization tools Along with showcasing how the production-ready version is being accepted by the community, the PyTorch team further announced the release of PyTorch 1.1. This release focuses on improved performance, brings new model understanding and visualization tools for improved usability, and more. Following are some of the key feature PyTorch 1.1 comes with: Support for TensorBoard: TensorBoard, a suite of visualization tools, is now natively supported in PyTorch. You can use it through the  “from torch.utils.tensorboard import SummaryWriter” command. Improved JIT compiler: Along with some bug fixes, the team has expanded capabilities in TorchScript such as support for dictionaries, user classes, and attributes. Introducing new APIs: New APIs are introduced to support Boolean tensors and custom recurrent neural networks. Distributed training: This release comes with improved performance for common models such as CNNs. Multi-device modules support and the ability to split models across GPUs while still using Distributed Data Parallel is added. Ax, BoTorch, and more: Open source tools for Machine Learning engineers Facebook announced that it is open sourcing two new tools, Ax and BoTorch that are aimed at solving large scale exploration problems both in research and production environment. Built on top of PyTorch, BoTorch leverages its features such as auto-differentiation, massive parallelism, and deep learning to help in researches related Bayesian optimization. Ax is a general purpose ML platform for managing adaptive experiments. Both Ax and BoTorch use probabilistic models that efficiently use data and meaningfully quantify the costs and benefits of exploring new regions of problem space. Facebook has also open sourced PyTorch-BigGraph (PBG), a tool that makes it easier and faster to produce graph embeddings for extremely large graphs with billions of entities and trillions of edges. PBG comes with support for sharding and negative sampling and also offers sample use cases based on Wikidata embedding. As a result of its collaboration with Google, AI Platform Notebooks, a new histed JupyterLab service from Google Cloud Platform, now comes preinstalled with PyTorch. It also comes integrated with other GCP services such as BigQuery, Cloud Dataproc, Cloud Dataflow, and AI Factory. The broader PyTorch community has also come up with some impressive open source tools. BigGAN-Torch is basically a full reimplementation of PyTorch that uses gradient accumulation to provide the benefits of big batches by only using a few GPUs. GeomLoss is an API written in Python that defines PyTorch layers for geometric loss functions between sampled measures, images, and volumes. It provides efficient GPU implementations for Kernel norms, Hausdorff divergences, and unbiased Sinkhorn divergences. PyTorch Geometric is a geometric deep learning extension library for PyTorch consisting of various methods for deep learning on graphs and other irregular structures. Read the official announcement on Facebook’s AI  blog. Facebook open-sources F14 algorithm for faster and memory-efficient hash tables “Is it actually possible to have a free and fair election ever again?,” Pulitzer finalist, Carole Cadwalladr on Facebook’s role in Brexit F8 Developer Conference Highlights: Redesigned FB5 app, Messenger update, new Oculus Quest and Rift S, Instagram shops, and more

In recent years, the software engineering community has been interested in factors related to human habits that can play a role in increasing developers' productivity. The researchers- D. Fucci from HITeC and the University of Hamburg, G. Scanniello and S. Romano from DiMIE - University and N. Juristo from Technical University of Madrid have published a paper “Need for Sleep: the Impact of a Night of Sleep Deprivation on Novice Developers’ Performance” that investigates how sleep deprivation can impact developers' productivity. What was the experiment? The researchers performed a quasi experiment with 45 undergraduate students in Computer Science at the University of Basilicata in Italy. The participants were asked to work on a programming task which required them to use the popular agile practice of test-first development (TFD). The students were divided into two groups - The treatment group where 23 students were asked to skip their sleep the night before the experiment and the control group where the remaining students slept the night before the experiment. The conceptual model and the operationalization of the constructs investigated is as shown below. Image source: Research paper Outcome of the Experiment The result of the experiment indicated that sleep deprivation has a negative effect on the capacity of software developers to produce a software solution that meets given requirements. In particular, novice developers who forewent one night of sleep, wrote code which was approximately 50% more likely not to fulfill the functional requirements with respect to the code produced by developers under normal sleep condition. Another observation was that sleep deprivation decreased developers' productivity with the development task and hindered their ability to apply the test-first development (TFD) practice. The researchers also found that sleep-deprived novice developers had to make more fixes to syntactic mistakes in the source code. As an aftereffect of this result paper, experienced developers are recollecting their earlier sleep deprived programming days. Some are even regretting them. https://twitter.com/zhenghaooo/status/1121937715413434369 Recently the Chinese ‘996’ work routine has come into picture, wherein tech companies are expecting their employees to work from 9 am to 9 pm, 6 days a week, leading to 60+ hours of work per week. This kind of work culture will devoid these developers of any work-life balance. This will also encourage the habit of skipping sleep. Thus decreasing developers productivity. A user on Reddit declares sleep as the key to being a productive coder and not burning out. Another user added, “There's a culture in university computer science around programming for 30+ hours straight (hackathons). I've participated and pulled off some pretty cool things in 48 hours of feverish keyboard whacking and near-constant swearing, but I'd rather stab myself repeatedly with a thumbtack than repeat that experience.” It’s high time that companies focus more on the ‘quality’ of work than insisting developers to work for long hours, which will in turn reduce their productivity. It is clear from the result of this research paper that no sleep in a night, can certainly affect one’s quality of work. To know more about the experiment, head over to the research paper. Microsoft and GitHub employees come together to stand with the 996.ICU repository Jack Ma defends the extreme “996 work culture” in Chinese tech firms Dorsey meets Trump privately to discuss how to make public conversation “healthier and more civil” on Twitter

The challenges and issues within open source are well-documented. Indeed, some, such as Nadia Eghbal have suggested it's a timebomb waiting to explode. However, Tidelift is building what it believes is a better model for open source software. An announcement made at the end of April signalled a new chapter in Tidelift's young life - having secured $25 million Series B funding back in January, it has now extended its coverage of open source projects, with full 'support' for more than 1,000 of them, and new tools for subscribers. How does Tidelift support open source projects? At this point, you're probably wondering how Tidelift actually works: what does 'support' actually mean in the context of open source? Essentially, Tidelift is a bit like Uber or Airbnb for open source projects. The organization sits between the organizations that use open source software and those developers that maintain the software. Tidelift subscribers get open source software that is managed and maintained by the maintainers who, in turn, receive compensation from Tidelift. Co-founder Donald Fischer, who was previously an executive at Red Hat, explains the idea in a little more detail. "We were observing some of the business model developments in other contexts, specifically around this sort of managed market model, or gig economy model... and we started thinking hey that would apply pretty well to what's already happening with open source," he tells me over Skype. The problem, Fischer points out, is that "when you just download some raw open source project, you don't get a lot of the things that big companies expect from their software providers, like somebody being on the hook to keep it patched and secure, and double checking the licensing and so on..." Essentially, Tidelift bridges the gap between organizations that use open source software (which is, after all, basically all of them) and the people that maintain and up date it voluntarily. How does Tidelift actually work? On a practical level, one way of thinking about it is that Tidelift provides an SLA and insurance for engineering teams that use open source software. So, rather than simply downloading and using the "raw technology" in the way most of the engineering world has been over the last decade. So, when an engineering team purchases a Tidelift subscription, the open source software they use - provided it is working in partnership with Tidelift - is 'covered' in terms of standards, security, and licensing. It also provides technical support too, with the open source maintainers testing packages before they end up in a team's software. "We connect to your software development process through our software as a service tool." Fischer explains It sort of connects in a similar way to how a continuous integration testing tool connects to a GitHub or BitBucket... and every time your application code changes we look at what has changed as far as the open source packages [have changed]... and basically make sure all of that stuff meets whatever policy you've established with Tidelift." How does Tidelift differ from enterprise open source companies like Red Hat? Tidelift may look a little bit like a company like Red Hat. Indeed, Fischer's background at the company means some of the DNA of Red Hat has found its way into Tidelift. But despite both organizations making open source software more 'usable' for the enterprise, they are, in fact, very different indeed. The key issue for a company like Red Hat is dealing with the scale of open source tools available. "Red Hat hires full time employees and assigns them to shadow upstream open source products that are... typically being created by other third parties," Fischer explains. "There's a scale challenge there... you have to have expertise in each one of the packages that you're covering... The way we make it scale to this much broader universe of packages is that we go directly to the people that typically wrote the package in the first place." Fischer continues "we invite them to do the work that a Red Hat employee would do in the Linux context - and we give them the opportunity to get paid for that, which is typically pretty novel for them." The key challenges with open source that Tidelift is trying to solve Payment is just one of the issues facing the open source world. As Eghbal explained in a report she produced all the way back in 2016, writing: Nearly all software today relies on free, public code... written and maintained by communities of developers and other talent. Much like roads or bridges, which anyone can walk or drive on, open source code can be used by anyone—from companies to individuals—to build software. This type of code makes up the digital infrastructure of our society today. Just like physical infrastructure, digital infrastructure needs regular upkeep and maintenance. In the United States, over half of government spending on transportation and water infrastructure goes just to maintenance. But financial support for digital infrastructure is much harder to come by.  Tidelift's model, then, ensures that those people who help to maintain the open source software that forms the foundations of our digital lives, are compensated for their work. And it's important to note that this isn't just about charity - the economy's reliance on what is essentially an army of unpaid labor is ultimately unsustainable and makes the broader software ecosystem remarkably fragile. Solving challenges for the organizations that use open source software But it isn't just about open source maintainers. Open source software also poses many challenges for the organizations that actually use it, particularly in terms of reliability and security. At a time when cybersecurity feels like a cat and mouse game between criminals and security experts, and when building resilient distributed systems without downtime is business critical, this becomes incredibly important. Tidelift removes this by incentivising maintainers to work alongside users and ensure that standards are maintained without harming the velocity of innovation that makes open source so attractive. This leads to a level of surprising equilibrium between business and open source maintainers. Going beyond a compromise The tech world has been looking for a compromise when it comes to the challenges of open source. The mission has always been to find a way that pleases business while also ensuring those that maintain it are happy and continue to do it. But if compromise is, as the saying goes, a situation in which all parties are left dissatisfied, Tidelift appears to be going one better by making everyone happy. Tidelift might not be the only solution to some of the problems that open source is facing - we might, for example, see new licensing models begin emerging over time (despite MongoDB's failed attempts to get the SSPL past the OSI) - but it nevertheless looks like a unique and forward-thinking solution to an incredibly important issue. You can learn more about Tidelift by visiting the company's site here.

Update: On July 22, 2019, the Docker team announced that the Docker Enterprise 3.0 will be generally available. He also added that more than 2,000 people have tried the Docker Enterprise 3.0 public beta program On April 24, the team at Docker announced Docker Enterprise 3.0, an end-to-end container platform that enables developers to quickly build and share any type of application (from legacy to cloud-native) and securely run them anywhere, from hybrid cloud to the edge. It is now available in Public Beta Docker Enterprise 3.0 delivers new desktop capabilities, advanced development productivity tools, a simplified and secure Kubernetes stack, and a managed service option to make Docker Enterprise 3.0 the platform for digital transformation. Jay Lyman, the Principal Analyst for 451 Research, “Docker’s new Enterprise 3.0 promises to automate the 'development to production' experience with new tooling that aims to reduce the friction between dev and ops teams.” What can you do with the new Docker Enterprise 3.0? Integrated Docker Desktop Enterprise Docker Desktop Enterprise provides a consistent development-to-production experience with a set of automation tools. This makes it possible to start with the developer desktop, deliver an integrated and secure image registry with access to the Hub ecosystem, and then deploy to an enterprise-ready and Kubernetes-conformant environment. Docker Kubernetes Services (DKS) can simplify the scaling and deployment of applications Compatible with Docker Compose, Kubernetes YAML and Helm charts, DKS provides an automated and repeatable way to install, configure, manage and scale Kubernetes-based applications across hybrid and multi-cloud. DKS includes enhanced security, access controls, and automated lifecycle management bringing a new level of security to Kubernetes that integrates seamlessly with the Docker Enterprise platform. Customers will also have the option to use Docker Swarm Services (DSS) as part of the platform’s orchestration services. Docker Applications for high-velocity innovation Docker Applications are based on the CNAB open standard. It removes the friction between Dev and Ops by enabling teams to collaborate on an application by defining a group of related containers that work together to form an application. It also eliminates the configuration overhead by integrating and automating the creation of the Docker Compose and Kubernetes YAML files, Helm charts, etc. It also includes Application Templates, Application Designer and Version Packs, using which Docker Applications makes it possible for flexible deployment across different environments, delivering on the “code once, deploy anywhere” promise. With the announcement of Docker Enterprise 3.0, Docker also introduced Docker Enterprise-as-a-service - a fully-managed service on-premise or in the cloud. To know more about this news in detail, head over to Docker’s official announcement. DockerHub database breach exposes 190K customer data including tokens for GitHub and Bitbucket repositories Are Debian and Docker slowly losing popularity? Creating a Continuous Integration commit pipeline using Docker [Tutorial]

This week, Facebook hosted F8, its annual developer conference where it made a bunch of announcements about new updates in Facebook family of apps, which includes Messenger, Whatsapp, Instagram, Facebook app, and Oculus. This two-day event started on April 30 and was conducted at San Jose, CA. F8 brings together developers, creators, businesses, partners, and entrepreneurs to network and discuss the future of technology with Facebook and its family of apps. Along with keynotes from Facebook leaders, this event featured sessions, meetups, and demos showcasing the latest in AI, open source, AR/VR, and new tools. Let’s have a look at some of the key announcements Facebook made at this event: Updates in Messenger The Messenger team has overhauled the underlying architecture of Messenger provide users a faster experience. This re-engineered version is planned to come out later this year. Following are some of the features the updated Messenger will come with: A feature is introduced that allows users to share Facebook videos on Messenger and invite family and friends to watch them together in real-time. The Messenger Desktop app is now available for macOS and Windows users, with which users can have group video calls or collaborate on projects. Instagram’s “Close Friends” feature is now coming to the new Messenger for sharing stories and messaging your closest friends and family. The team is adding lead generation templates to Ads Manager to allow businesses to easily reach out to potential customers. Show your business catalog on Whatsapp Source: Facebook Many businesses and customers find WhatsApp a secure and comfortable place to connect and converse. Whatsapp is now making business much easier by introducing a feature for showing business catalog. With this feature, businesses can showcase their products within Whatsapp and also chat with them about the orders. Redesigned Facebook app Source: Facebook The Facebook app is now revamped with a “fresh new design” and is called the “FB5” version. The design is simpler, faster, and puts the main focus on Groups. The app introduces new tools to make it easier for users to find and interact with groups of people who have common interests and passions. This FB5 version comes with few tools that make it easier for users to discover new groups that they might be interested in. It has a redesigned Groups tab that shows a personalized feed of activity across all your groups. A new discovery tool will show improved recommendations that allow you to quickly find groups you might be interested in. The team is also working to show relevant group recommendation in other parts of the app as well like Marketplace. The app will also come with new features for a specific type of group. For instance, Health Support groups will allow its members to post questions and share information anonymously, Job groups will have a new template for employers to post new job openings and more. Matching with your “Secret Crush” Facebook Dating, the opt-in service to find your potential matches is now coming to 14 more countries. These include the Philippines, Vietnam, Singapore, Malaysia, Laos, Brazil, Peru, Chile, Bolivia, Ecuador, Paraguay, Uruguay, Guyana, and Suriname. Facebook Dating will now also support a new feature called Secret Crush with which you can express your interest in someone you like. All you have to do is just select up to nine of your Facebook friends who you want to express interest in. If your crush has opted into Facebook Dating, they will be notified that someone has a crush on them. If your crush also adds you to their Secret Crush list it is a match! Portal and Portal Plus coming to Europe After launching Portal and Portal Plus smart displays in the US and Canada last year, Facebook plans to make them available in Europe starting from this fall. Portal will come with support for Whatsapp to allow users make calls to friends who are also using WhatsApp or Messenger on their Portal or on their phone. These calls will be end-to-end encrypted. Along with supporting video calls, Portal will also come with some AI assistant features. Starting from this summer, to get updates on birthdays, events and more you just have to say “Hey Portal, Good Morning”. You will also be able to send private video messages from Portal to your loved ones. The team has collaborated with Amazon to bring Alexa skills to Portal including Flash Briefings, smart home control and the Amazon Prime Video app later this year. Oculus Quest and Rift S available for pre-orders Facebook’s latest VR headsets, Oculus Quest and Oculus Rift S will ship on May 21, both priced at $399 USD. Oculus Quest allows you to play almost anywhere with just a VR headset and controllers. Rift S is the PC-powered gaming headset, which is a successor of the classic Oculus VR headsets. Shop and raise funds on Instagram Instagram will soon allow users to shop looks shared by their creators without leaving Instagram. You will no longer have to ask for product details in comments or DM, just tap on the picture to see the details and buy it on the spot. Users can also raise money for any social cause they care about directly on Instagram. You can do this through a donation sticker in Stories and send 100% of the raised money directly to the non-profit you are supporting. This feature is currently available only in the US and will soon be supported in other countries as well. Read the official announcement by Facebook for more details. Facebook open-sources F14 algorithm for faster and memory-efficient hash tables “Is it actually possible to have a free and fair election ever again?,” Pulitzer finalist, Carole Cadwalladr on Facebook’s role in Brexit New York AG opens investigation against Facebook as Canada decides to take Facebook to Federal Court for repeated user privacy violations

The news of China's inhumane working hour policies is in the spotlight in the high growth tech world. Last month, a Github user with the name “996icu” created a webpage that he shared on GitHub, to protest against the “996” work culture in Chinese tech companies. The “996” work culture is an unofficial work schedule that requires employees to work from 9 am to 9 pm, 6 days a week, totaling up to 60 hours of work per week. In fact, such is the culture, that Chinese tech recruiters are instructed by their bosses to not hire people over 30 years of age. Close to three-quarters of tech workers in China are below thirty in age and the employers further promote this concept, per a Bloomberg post published by Shelly Banjo, Roving Asia Tech Reporter. 996 amassed more fire when Jack Ma, co-founder and executive chairman of the Alibaba Group, the Chinese rival to Amazon, defended the 12-hour, 6-day week working schedule and chastised people wanting a balanced and typical eight-hour work shift. In his own words, “To be able to work 996 is a huge blessing. If you want to join Alibaba, you need to be prepared to work twelve hours a day, otherwise why even bother joining.” Although the 996 culture violates Labor Law of the People’s Republic of China, and was the point of scrutiny and condemn by a large number of publishing firms, tech activists, and developers, a few are still favoring this inhumane culture. These are the so-called Silicon Valley investors and founders who are so jealous of China's tech space that they are promoting other employers to follow China’s footsteps. Silicon Valley Investors envy the Chinese 996 culture It seems that regardless of the chastising and condemnation, the 996 culture has got the Silicon Valley spooked. Their argument, China’s 996 schedule is the kind of work ethic that will eventually help it become the superpower defeating the US. Something that all US founders and investors should aspire for. “Founders: We're up against JackMa (& China) *enforcing* a 72-hour work-week 996 = 6 days a week, 9 am to 9 pm. The same exact work ethic that built America! You can get on your twitter pedestal & attack Ma or you can make a plan to win.” This is a tweet posted by Jason Calacanis, an Angel investor for Uber, Thumbtack, Wealthfront, and more companies. He further adds, “Not going to tell you how many hours you should work, but I will tell you that you need a plan to fight heads up against Chinese companies -- which will be going head-to-head with every startup every created in the next decade. Ignoring, deriding or dismissing China isn't a plan.” In January, Mike Moritz, a venture capitalist of Sequoia Capital wrote an editorial in the Financial Times titled “Silicon Valley would be wise to follow China’s lead.” He wrote that Silicon Valley has become “unhinged” with discussions about the “inequity of life.” He contrasted Silicon Valley tech culture with the work ethic in Chinese tech companies, where employees work for 14 hours six or seven days a week. He adds, “in many respects, doing business in China is easier than doing business in California.” Other quotes from Moritz’s piece speaks volumes about the inhumane 996 culture and how Chinese employees recuperate with the reality of such extensive work hours. "Top managers show up for work at about 8 am and frequently don't leave until 10 pm. Most of them will do this six days a week — and there are plenty of examples of people who do this for seven. Engineers have slightly different habits: they will appear about 10 am and leave at midnight. Beyond the week-long breaks for Chinese new year and the October national holiday, most will just steal an additional handful of vacation days. Some technology companies also provide a rental subsidy to employees who choose to live close to corporate HQ. In China, by contrast, it is quite usual for the management of 10 and 15-year-old companies to have working dinners followed by two or three meetings. Many of these high-flyers only see their children — who are often raised by a grandmother or nanny — for a few minutes a day.” Moritz’s argument and his support for China’s 996 culture sparked a lively discussion on Quora. It has also invited a tsunami of unsurprisingly negative responses across the Silicon Valley tech community. Andy Manoske, former Associate at GGV Capital penned a blog post condemning Moritz’s condescending statements. Andy says, “Mike’s comments on paternity leave and seemingly slavish dedication run contrary to empirical evidence of the success of maintaining work life balance. Mike himself (an investor who has never actually worked in Silicon Valley as an operator and joined Sequoia after being a journalist) seems out of touch with the brutal realities of Silicon Valley’s already-imbalanced work-life balance, and that his post is clearly just an attempt to “win points” with Chinese tech firms that Sequoia is courting.” He further adds, “I feel this was a haphazard piece that read like a desperate attempt to somewhat patronizingly woo Chinese startups (most of whom will not read the Financial Times) and seemingly establish Western credibility on China.” One of the Quorans, Bowen Li wrote, “I think somebody read their history book in reverse order. Societies progress by giving people more rights and freedoms over time, not less. Creative, information work - the most valuable type of work that happens in Silicon Valley - does not benefit from increased hours. You cannot create twice as much innovation by putting in twice the hours. The human brain simply fatigues past a certain point and you get diminished or negative returns. People aren’t machines; thinking of this type of highly skilled work as “hours in, product out” is simply the wrong way to look at it.” According to job-hunting site Maimai, reports Reuters, the tech sector was the only industry out of thirteen surveyed to see more people leave than join between October 2018 and February 2019. This means 996 can result in an additional cost for tech firms, venture capitalists and analysts instead of increasing productivity. “One of the highest costs in an organization is high employee turnover. A culture that is less focused on hours put in, may also become more effective if the focus is turned to output versus input,” said Rui Ma, a San Francisco-based investor who has funded startups in China and North America. Tech solidarity and grassroots mobilization is necessary to eradicate 996 It is the tech workers solidarity which needs to fleshed out in order to eliminate the inhumane 996 culture. The tech worker groups should unionize and be backed by political campaigns, advocacy groups, and nonprofits to start a political conversation and effect change at an international level. This has already begun with Chinese state media newspaper People’s Daily criticizing the 996 culture, In an editorial they wrote, “Employees who object to 996 cannot be labeled as ‘slackers’ or ‘not fighters’. Their real needs should be considered.” Recently, Microsoft and GitHub employees also drafted a petition in defense of the GitHub repository which could be under threat of Chinese censorship. The project is an initiative towards making the Chinese tech companies obey the labor laws and the international labor convention. The 996.ICU GitHub project description reads, “By following the ‘996’ work schedule, you are risking yourself getting into the ICU (Intensive Care Unit).” This petition was signed by 50 tech employees altogether, including several from Google, urging Microsoft and GitHub not to remove the 996.ICU project from the GitHub site. “We, the workers of Microsoft and GitHub, support the 996.ICU movement and stand in solidarity with tech workers in China. We know this is a problem that crosses national borders. These same issues permeate across full time and contingent jobs at Microsoft and the industry as a whole," the letter said. https://twitter.com/MsWorkers4/status/1120809928577306624 https://twitter.com/techworkersco/status/1120791636282187776 https://twitter.com/chinalaborwatch/status/1114197666530058241 Trade Unions should also come forward to support employees enduring 996 hardships. Discussing #996ICU Shen Jianfeng of the China University of Labor Relations, noted in the Global Times that  "trade unions in China should indeed play an active role in safeguarding the rights and interests of workers" in the tech sector. Other software developers also rose in mutual support of Chinese developers and more should do so. https://twitter.com/rwfholme/status/1121136973916151808 https://twitter.com/SlyFireFox/status/1120825434558619648 The US tech companies need to awaken to the Chinese competition but worrying about China’s 996 culture is not one of them. On the surface, working 996 is about companies working as many hours of the week as possible in order to beat the competition and to capture a market before the competition. However, a lot of other factors such as quality of the working environment, worker’s exposure to stress and the ability to frequently rest well actually determines a company’s progress. Working endlessly can make an individual less effective than if they work for fewer hours in a calmer manner. Not only work, but the 996 schedule also deprives people of their free time and makes families and relationships suffer, for no extra pay and no extra output. To conclude, Silicon Valley can, and should, learn lessons from Chinese tech cultures. But none of these should have to do with oppressive and authoritarian management philosophies like the unhealthy dedication to work or human rights eroding business decisions such as mass surveillance systems that are prevalent in China. ‘Developers’ lives matter’: Chinese developers protest over the “996 work schedule” on GitHub Jack Ma defends the extreme “996 work culture” in Chinese tech firms What the US-China tech and AI arms race means for the world – Frederick Kempe at Davos 2019

Note: This article now includes stories of various other Google employees about the retaliation they faced, which they have shared with Google Walkout for real change. Last week, two Google Walkout organizers accused the company of retaliation against them over last year’s Google Walkout protest. The two Google employees, Claire Stapleton, YouTube Marketing Manager and Meredith Whittaker, head of Google’s Open Research were told their roles would change dramatically including calls to abandon AI ethics work, demotion, and more. In regards to this, both women hosted a Retaliation Town Hall to share their stories and strategize this Friday. The event was also live-streamed to other Google offices. 350+ Google staffers attended the Town Hall, where Stapleton said, that after her public sharing of retaliation earlier this week, Google executives tried to undermine her “in emails this week to thousands of my friends and colleagues”. In those emails, Google executives challenged Stapleton’s claim saying that she was “never demoted”. “What’s true is that there was a demotion, and after my lawyers got involved, it was reversed,” Stapleton wrote, in a statement viewed by Wired. Whittaker also provided further updates on the retaliation she faced. She said that her manager told her in late December she would likely need to leave Google’s Cloud division. The same manager told her in March that the “Cloud division was seeking more revenue and that AI Now and her AI ethics work was no longer a fit. This was a strange request because the Cloud unit has a team working on ethical concerns related to AI.” During the March meeting, Whittaker claims her manager also told her that there are “two kinds of people at Google...those who quit, and those who stay and hate every minute of it and try to destroy it. I was taken aback, since my work has always aimed to ensure that Google lived up to its purported values and treated its workforce, and the rest of the world, with respect.” Recently, Google dissolved it’s AI ethics council after nearly 2,600 employees, including Whittaker,  signed a petition against the appointment of Kay Cole James, president of the Heritage Foundation. Employees were upset by James’ anti-trans and anti-immigrant political statements. Whittaker also signed the petition protesting Google’s infamous Project Dragonfly, the secretive search engine that Google is allegedly developing which will comply with the Chinese rules of censorship. Meredith Whittaker was also a leader in the anti-Maven movement. Google’s Project Maven, was focused on analyzing drone footage and could have been eventually used to improve drone strikes on the battlefield. More than 3,000 Google employees signed a petition against this project that led to Google deciding not to renew its contract with the U.S. Department of Defense in 2019. In her statement on Friday, Whittaker says that on April 1, a few days before the petition was drafted, she got approval from Jeff Dean to transfer from Cloud to Google’s Research and Machine Intelligence group. Two weeks after the petition was sent, Whittaker claims her transfer was killed. Other Google employees also spoke about employee discontent at Google ranging from the ethics of performing work for the US Department of Defense to the handling of sexual harassment claims. Following the statements of Whittaker and Stapleton in the town hall session, several current and former Googlers took to Twitter to register complaints and share their experiences of facing retaliation from the company. They expressed their disagreement with Google’s policies with the hashtag #NotOkGoogle which was trending on Friday. https://twitter.com/mer__edith/status/1121789412776525824 “This does not seem to be an isolated incident”, Vanessa Harris, Google Product Manager https://twitter.com/technologypoet/status/1121953562232098817 “I am grateful that I quit Google”, Liz Fong-Jones, ex-Googler, current SRE Dev Advocate @honeycombio https://twitter.com/lizthegrey/status/1121850362158178304 She also talked about Google's retaliation against her which forced her to quit. https://twitter.com/lizthegrey/status/1120373545274445831 “This is just the tip of the iceberg", Dr. Alex Hanna, a computational social scientist at Google Cloud https://twitter.com/alexhanna/status/1121848713037500416 Mila Hardt from Google Health division https://twitter.com/Mi_Mo/status/1121849275153915904 “I emailed @EileenTNaughton later again in November, just after the town hall meeting and her promises for change. I pledged her again to help stop the planned disposal of me. This time she never responded! My last day was after Thanks Giving! Thanks, Google for the gift!”, Vida Vakilotojar, Xoogler https://twitter.com/VidaVakil/status/1121995359012573184 The town hall group also published an internal document with a new set of “demands”. The document which was seen by The Guardian includes a “transparent, open investigation of HR and its abysmal handling of employee complaints relating to working conditions, discrimination, harassment, and retaliation”. Other demands include a public response from Google co-founder Larry Page, and that Google meets the demands that were issued in the Google walkout. “Google has had six months to meet [those] demands; in that time, they’ve partially met only one of them,” the document states. “Google seems to have lost its mooring and trust between workers and the company is deeply broken. The company has no clear direction and is just progressing from crisis to crisis lately.” Google did not respond to specific questions about the town hall’s meeting. A spokeswoman said in a statement: “We prohibit retaliation in the workplace and publicly share our very clear policy. To make sure that no complaint raised goes unheard at Google, we give employees multiple channels to report concerns, including anonymously, and investigate all allegations of retaliation.” Other activist and worker groups also rose in solidarity. https://twitter.com/TIMESUPNOW/status/1121834802284355584 “The impact @mer__edith has in AI ethics is second to none. What happens to her at Google will be a gauge for the wellbeing of the entire field. Watch closely.”, Moritz Hardt, Assistant Professor of Electrical Engineering and Computer Science, Berkeley University https://twitter.com/mrtz/status/1121110692843507712 Update: Yesterday, Google Walkout for real change published a blog post on medium sharing stories of retaliation from various other Google employees. "When I reported something unethical happening at Google, Employee Relations fudged data to protect Google." "Retaliated against for defending a mother who reports to me. HR dismissed it as “poor behavior" "I reported my tech lead to my manager for sexual harassment, but my manager thought I was 'overreacting' " "My first two years at Google I was not promoted due to bias. While my peer was promoted with the same ratings and same tenure, I was not. When I asked my manager about this I was told that I was being an “emotional woman.” How is this happening at Google? Clearly this pattern should not be allowed to continue. Google announces new policy changes for employees to report misconduct amid complaints of retaliation and harassment. #GoogleWalkout organizers face backlash at work, tech workers show solidarity Google employees ‘Walkout for Real Change’ today. These are their demands.

Separation of concerns is closely related to the Single Responsibility Principle introduced by Robert C. Martin in his principles of Object Oriented Design, which state that: "A class should have one, and only one, reason to change." –Robert C. Martin In this respect, concerns have a wider scope than responsibilities, typically influencing your application's design and architecture rather than individual classes or interfaces. Separation of concerns is essential in a graphical application to correctly detach your easily-tested logic from the presentation code, which manages user interaction. This article is an excerpt taken from the book Hands-On GUI Application Development in Go. This book covers the benefits and complexities of building native graphical applications, the procedure for building platform and developing graphical Windows applications using Walk.  In this article, we will learn certain aspects of best practices that make it easier to maintain and grow GUI-based applications. This article covers separation of concerns, test-driving UI development and much more. By separating the concerns of an application, it is easier to test subcomponents and check the validity of our software without even needing to run the application. In doing so, we create more robust applications that can adapt to changes in requirements or technology over time. For example, the graphical toolkit that you choose for your application should not be incorporated into, or impact the design of, your business logic. Suggested application structure As you plan the development of your application, consider how the core concerns could be separated to maintain flexibility. The following suggested structure should provide some inspiration: project/ The root of the project structure. This package should define the interfaces and utility functions used by the rest of the project. These files should not depend on any sub-packages. project/logic/ This package will contain most of your application logic. Careful consideration should be given to which functions and types are exposed, as they will form the API that the rest of your application will depend upon. There may be multiple packages that contain application logic as you separate the application's concerns. An alternative, domain-specific term may be preferred to logic. project/storage/ Most applications will rely upon a data source of some kind. This package will define one or many possible data sources. They will conform to an interface in the top-level project so that data access can be passed between packages of the project. project/gui/ This package is the only place where your graphical toolkit should be imported. It is responsible for loading your application GUI and responding to user events. It will probably access data provided by a storage package set from the application runner. project/cmd/appname/ The Go convention for application binaries is that they reside within a cmd/appname sub-package. The actual package for this directory will be main, and it will contain, minimal code that is required to load and run the main application defined within the other packages. It will probably initialize a storage system, load the application logic, and instruct the graphical interface to load. When writing tests in each of these packages, they will focus on the functionality of the current package. The logic package should have very high unit-test coverage, whereas the storage package may rely more on integration testing. The gui package, which is often considered the hardest to test, could directly import the logic package in its tests, but should probably not include the main storage package to validate its functionality. Following a sensible structure will aid significantly in making your application testable, as many developers are probably already aware. It is often much harder, however, to test the graphical portions of an application. Designing your application to be unit-testable from the beginning will often result in a code base that is better organized and will naturally lead to code that is easier to understand and change. Let's take a look at what Test-driven Development (TDD) can teach us about building graphical interfaces. Test-driving UI development The effort required to automatically test user interfaces or frontend software is often debated as being far too expensive for the value it returns in avoiding future bugs. However, this is largely rooted in the toolkits being utilized or even the presentation technologies chosen. Without full support for testing in the development tools or graphical APIs, it can indeed be difficult to create simple unit tests without a huge effort. As seen frequently in web-based environments (and some native test frameworks), the only remaining possibility is to run the application and execute test scripts that will perform the validation. They will typically control the user input, simulating mouse actions and keyboard taps, and monitor the resulting behavior of the application under test. If, however, your application and GUI toolkit are architected with testing in mind (for example, using separation of concerns), automated tests should be possible with far less overhead. Designed to be testable When setting out the components within a project's UI code (as illustrated in the gui sub-package), care should be taken to define types and classes that have a single responsibility and a clear API. Doing so will make it easier to load and test individual components with the standard Go testing tools. If smaller components can be tested, we can avoid launching the whole application and the required test runners, therefore making the testing process much faster. When a test suite runs quickly, it can be run more frequently and extended more easily, leading to higher test coverage and greater confidence in the software quality. For a practical example, let's look at the GoMail compose dialog and its Send button. Clearly, the dialog box should perform all sorts of validation before sending, and if they pass then send the email. Validation can easily be tested with normal unit tests, but verifying that the send button correctly sends a new email will require the user interface to be tested. In the following example, we will load the compose window, enter some data, and simulate the Send button being pressed. By using a test email server, as used through each of the GoMail examples, we can check that the email has been sent by the user interface without needing to communicate with a real email server. Example application test As the tests are in the same package, we can test internal function definitions rather than relying on exported APIs—this is common with UI code as long as the application is not large enough to warrant separate packages or libraries. We start by adding the test imports; testing is required for go test code and github.com/stretchr/testify/assert provides helpful assertion functionality. We also import the client email library created for our GoMail examples and finally the Fyne test package, fyne.io/fyne/test: package main import ( "testing" "fyne.io/fyne/test" "github.com/PacktPublishing/Hands-On-GUI-Application-Development-in-Go/client" "github.com/stretchr/testify/assert" ) Now we can add a test method using the recommended naming pattern of Test<type>_<function>(); normally, the function would be a function name, but here we refer to the button title or its action. In the first part of the function, we set up the compose window for testing by calling newCompose() and passing it a test application (returned from test.NewApp()). We then prepare the state for our test—we record the size of the server outbox and set up an OnClosed handler that will report when the window is closed. Finally, we simulate typing an email address into the compose.to field using test.Type(): func TestCompose_Send(t *testing.T) { server := client.NewTestServer() compose := newCompose(test.NewApp(), server) ui := compose.loadUI() pending := len(server.Outbox) closed := false ui.SetOnClosed(func() { closed = true }) address := "test@example.com" test.Type(compose.to, address) ... } Once the setup code is complete, we can implement the main test. This starts by using test.Tap() to tap the compose.send button, which should cause an email to be sent. We first verify that the window was closed after the email send completes (the OnClosed handler we added records this). Then we check that there is one more email in the server.Outbox than before. If these tests pass, we will move to the final check. The email that was sent is extracted from the outbox so we can examine its content. With one final assertion, we verify that the email address matched what we typed into the To input box: func TestCompose_Send(t *testing.T) { ... test.Tap(compose.send) assert.True(t, closed) assert.Equal(t, pending + 1, len(server.Outbox)) email := server.Outbox[len(server.Outbox)-1] assert.Equal(t, address, email.ToEmailString()) } Running the preceding test will load the user interface in memory, execute the setup code, and run the tests, and then exit with the results. We run the following test with -v to see each test that is run rather than just a summary. You will notice that testing in this way takes very little time (go test reports 0.00 seconds for the test and 0.004 seconds in total); therefore, many more tests could be run on a regular basis to verify the application's behavior: Running the user interface test took very little time When running the tests, you may notice that this test does not cause any window to be displayed on your computer screen. This is a design feature of many test frameworks for GUI toolkits – it is much faster to run the application without displaying it for test purposes. This is often called headless mode and is very useful when running automated tests as part of a continuous integration process. Continuous integration for GUIs Continuous integration (the regular merging of a team's work-in-progress code to be automatically tested) has become commonplace in software development teams. Adding this process to your team workflow is shown to highlight issues earlier in the development process, which leads to fixing issues faster and, ultimately, better-quality software. A critical part of this is the automation of tests that exercise the whole of the source code, which includes the graphical user interface. Approaches to GUI test automation It is important to organize your code into logical components for development and testing. Using the framework test features (or external support libraries) smaller components can more easily be verified through simple tests. The Go language's built-in support for testing has meant that test coverage is improving; in fact, the popular Go library list, on Awesome, asks that libraries have a test coverage of at least 80%! If your chosen framework does not provide the necessary support, it is still possible to automate functional testing. The technique involves running the application from a test script that then performs simulated user actions on the host computer. This is not ideal as it requires the application to be visible on the screen and for the test script to take control of the keyboard and mouse – but it is better than having no GUI testing in place. To work around this inconvenience, it is possible to load a virtual frame buffer (an off-screen display area) in which to run the application. This technique basically creates an invisible screen to which the application can draw. Avoiding external dependencies One thing to be aware of when testing an application, or portions of it, is that there may be external systems involved. A file browser may rely on network connections for some of its work, or an instant messenger app is going to need a server to handle sending and receiving messages. If your code has been organized carefully to separate its concerns, you will already have used interfaces to define the interactions between different components. If this approach is taken, we can use dependency injection to provide alternative implementations for areas of an application that should not be included in automated testing. When code is properly decoupled from the components that it relies on, it's possible to load different versions of an application for testing. In this manner, we can avoid relying on any external systems or causing permanent changes to a data store. Let's look at a trivial example, a Storage interface is defined that will be used to read and write files from a disk: type Storage interface { Read(name string) string Write(name, content string) } There is an application runner that invokes permanent storage and uses it to write and then read a file: func runApp(storage Storage) { log.Println("Writing README.txt") storage.Write("README.txt", "overwrite") log.Println("Reading README.txt") log.Println(storage.Read("README.txt")) } func main() { runApp(NewPermanentStorage()) } Clearly, this application will cause whatever was in an existing README.txt file to be overwritten with the contents of overwrite. If we assume, for example, that this is the desired behavior, we probably don't want this external system (the disk) to be affected by our tests. Because we have designed the storage to conform to an interface, our test code can include a different storage system that we can use in tests, as follows: type testStorage struct { items map[string]string } func (t *testStorage) Read(name string) string { return t.items[name] } func (t *testStorage) Write(name, content string) { t.items[name] = content } func newTestStorage() Storage { store := &testStorage{} store.items = make(map[string]string) return store } Following this addition, we can test our application's runApp function without the risk of overwriting real files: import ( "testing" "github.com/stretchr/testify/assert" ) func TestMain_RunApp(t *testing.T) { testStore := newTestStorage() runApp(testStore) newFile := testStore.Read("README.txt") assert.Equal(t, "overwrite", newFile) } When running this test, you will see that we get the expected result, and should also notice that no real files have changed. See that our TestMain_RunApp completed successfully without writing to our disk In this article, we explored some of the tips and techniques for managing a GUI-based application written with Go. We have learned about the separation of concerns, test-driving UI development and much more. To know more about managing specific platforms with Go, check out the book Hands-On GUI Application Development in Go. GitHub releases Vulcanizer, a new Golang Library for operating Elasticsearch State of Go February 2019 – Golang developments report for this month released The Golang team has started working on Go 2 proposals

Despite Facebook’s long line of scandals and multiple parliamentary hearings, the company and its leadership have remained unscathed, with no consequences or impact on their performance. Once again, Facebook is under fresh investigations; this time from New York’s Attorney General, Letitia James. The Canadian and British Columbia privacy commissioners have also decided to take Facebook to Federal Court to seek an order to force the company to correct its deficient privacy practices. It remains to be seen if Facebook’s lucky streak would continue in light of these charges. NY Attorney General’s investigation over FB’s email harvesting scandal Yesterday, New York’s Attorney General, Letitia James opened an investigation into Facebook Inc.’s unauthorized collection of 1.5 million users’ email contacts without users’ permission. This incident, which was first reported on Business Insider, happened last month where Facebook’s email password verification process for new users asked users to hand over the password to their personal email account. According to the Business Insider report, “a pseudononymous security researcher e-sushi noticed that Facebook was asking some users to enter their email passwords when they signed up for new accounts to verify their identities, a move widely condemned by security experts.” https://twitter.com/originalesushi/status/1112496649891430401 Read Also: Facebook confessed another data breach; says it “unintentionally uploaded” 1.5 million email contacts without consent On March 21st, Facebook opened up about a major blunder of exposing millions of user passwords in a plain text, soon after Security journalist, Brian Krebs first reported about this issue. “We estimate that we will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users”, the company said in their press release. Recently, on April 18, Facebook updated the same post stating that not tens of thousands, but “millions” of Instagram passwords were exposed. “Reports indicate that Facebook proceeded to access those user’s contacts and upload all of those contacts to Facebook to be used for targeted advertising”, the Attorney General mentioned in the statement. https://twitter.com/NewYorkStateAG/status/1121512404272189440 She further mentions that “It is time Facebook is held accountable for how it handles consumers' personal information.” “Facebook has repeatedly demonstrated a lack of respect for consumers’ information while at the same time profiting from mining that data. Facebook’s announcement that it harvested 1.5 million users’ email address books, potentially gaining access to contact information for hundreds of millions of individual consumers without their knowledge, is the latest demonstration that Facebook does not take seriously its role in protecting our personal information”, James adds. “Facebook said last week that it did not realize this collection was happening until earlier this month when it stopped offering email password verification as an option for people signing up to Facebook for the first time”, CNN Business reports. One of the users on HackerNews wrote, “I'm glad the attorney general is getting involved. We need to start charging Facebook execs for these flagrant privacy violations. They're being fined 3 billion dollars for legal expenses relating to an FTC inquiry… and their stock price went up by 8%. The market just does not care; it's time regulators and law enforcement started to.” To know more about this news in detail, read Attorney General James’ official press release. Canadian and British Columbia privacy commissioners to take Facebook to Federal Court Canada and British Columbia privacy commissioners Daniel Therrien and Michael McEvoy, uncovered major shortcomings in Facebook’s procedures in their investigation, published yesterday. This investigation was initiated after media reported that “Facebook had allowed an organization to use an app to access users’ personal information and that some of the data was then shared with other organizations, including Cambridge Analytica, which was involved in U.S. political campaigns”, the report mentions. The app, at one point, called “This is Your Digital Life,” encouraged users to complete a personality quiz. It collected information about users who installed the app as well as their Facebook “friends.” Some 300,000 Facebook users worldwide added the app, leading to the potential disclosure of the personal information of approximately 87 million others, including more than 600,000 Canadians. The investigation also revealed that Facebook violated federal and B.C. privacy laws in a number of respects. According to the investigation, “Facebook committed serious contraventions of Canadian privacy laws and failed to take responsibility for protecting the personal information of Canadians.” According to the press release, Facebook has disputed the findings and refused to implement the watchdogs’ recommendations. They have also refused to voluntarily submit to audits of its privacy policies and practices over the next five years. Following this, the Office of the Privacy Commissioner of Canada (OPC) said it, therefore, plans to take Facebook to Federal Court to seek an order to force it the company to correct its deficient privacy practices. Daniel Therrien, the privacy commissioner of Canada, said, “Facebook’s refusal to act responsibly is deeply troubling given the vast amount of sensitive personal information users have entrusted to this company. Their privacy framework was empty, and their vague terms were so elastic that they were not meaningful for privacy protection.” He further added, “The stark contradiction between Facebook’s public promises to mend its ways on privacy and its refusal to address the serious problems we’ve identified – or even acknowledge that it broke the law – is extremely concerning. It is untenable that organizations are allowed to reject my office’s legal findings as mere opinions.” British Columbia Information and Privacy Commissioner Michael McEvoy said, “Facebook has spent more than a decade expressing contrition for its actions and avowing its commitment to people’s privacy. But when it comes to taking concrete actions needed to fix transgressions they demonstrate disregard.” The press release also mentions that “giving the federal Commissioner order-making powers would also ensure that his findings and remedial measures are binding on organizations that refuse to comply with the law”. To know more about the federal and B.C. privacy laws that FB violated, head over to the investigation report. Facebook AI introduces Aroma, a new code recommendation tool for developers Ahead of Indian elections, Facebook removes hundreds of assets spreading fake news and hate speech, but are they too late? Ahead of EU 2019 elections, Facebook expands its Ad Library to provide advertising transparency in all active ads

The data science community is reeling after data science learning startup DataCamp penned a blog post acknowledging that an unnamed company executive made "uninvited physical contact" with one of its employees. DataCamp, which operates an e-platform where aspiring data scientists can take courses in coding and data analysis is a startup valued at $184 million. It has additionally raised over $30 million in funding. The company disclosed in a blog post published on 4th April that this incident occurred at an "informal employee gathering" at a bar in October 2017. The unnamed DataCamp executive had "danced inappropriately and made uninvited physical contact" with the employee on the dance floor, the post read. The company didn't name the executive involved in the incident in its post. But called the executive's behavior on the dance floor "entirely inappropriate" and "inconsistent" with employee expectations and policies. When Buisness Insider reached out to one of the course instructors OS Keyes familiar with this matter, Keyes said that the executive in question is DataCamp's co-founder and CEO Jonathan Cornelissen. Yesterday Motherboard also reported that the company did not adequately address sexual misconduct by a senior executive there and instructors at DataCamp have begun boycotting the service and asking the company to delete their courses following allegations. What actually happened and how did DataCamp respond? On April 4, DataCamp shared a statement on its blog titled “a note to our community.” In it, the startup addressed the accusations against one of the company’s executives: “In October 2017, at an informal employee gathering at a bar after a week-long company offsite, one of DataCamp’s executives danced inappropriately and made uninvited physical contact with another employee while on the dance floor.” DataCamp got the complaint reviewed by a “third party not involved in DataCamp’s day-to-day business,” and said it took several “corrective actions,” including “extensive sensitivity training, personal coaching, and a strong warning that the company will not tolerate any such behavior in the future.” DataCamp only posted its blog a day after more than 100 DataCamp instructors signed a letter and sent it to DataCamp executives. “We are unable to cooperate with continued silence and lack of transparency on this issue,” the letter said. “The situation has not been acknowledged adequately to the data science community, leading to harmful rumors and uncertainty.” But as instructors read the statement from DataCamp following the letter, many found the actions taken to be insufficient. https://twitter.com/hugobowne/status/1120733436346605568 https://twitter.com/NickSolomon10/status/1120837738004140038 Motherboard reported this case in detail taking notes from Julia Silge, a data scientist who co-authored the letter to DataCamp. Julia says that going public with our demands for accountability was the last resort. Julia spoke about the incident in detail and says she remembered seeing the victim of the assault start working at DataCamp and then leave abruptly. This raised “red flags” but she did not reach out to her. Then Silge heard about the incident from a mutual friend and she began to raise the issue with internal people at DataCamp. “There were various responses from the rank and file. It seemed like after a few months of that there was not a lot of change, so I escalated a little bit,” she said. DataCamp finally responded to Silge by saying “I think you have misconceptions about what happened,” and they also mentioned that “there was alcohol involved” to explain the behavior of the executive. DataCamp further explained that “We also heard over and over again, ‘This has been thoroughly handled.’” But according to Silge and other instructors who have spoken out, say that DataCamp hasn’t properly handled the situation and has tried to sweep it under the rug. Silge also created a private Slack group to communicate and coordinate their efforts to confront this issue. She along with the group got into a group video conference with DataCamp, which was put into “listen-only” mode for all the other participants except DataCamp, meaning they could not speak in the meeting, and were effectively silenced. “It felt like 30 minutes of the DataCamp leadership saying what they wanted to say to us,” Silge said. “The content of it was largely them saying how much they valued diversity and inclusion, which is hard to find credible given the particular ways DataCamp has acted over the past.” Following that meeting, instructors began to boycott DataCamp more blatantly, with one instructor refusing to make necessary upgrades to her course until DataCamp addressed the situation. Silge and two other instructors eventually drafted and sent the letter, at first to the small group involved in accountability efforts, then to almost every DataCamp instructor. All told, the letter received more than 100 signatures (of about 200 total instructors). A DataCamp spokesperson said in response to this, “When we became aware of this matter, we conducted a thorough investigation and took actions we believe were necessary and appropriate. However, recent inquiries have made us aware of mischaracterizations of what occurred and we felt it necessary to make a public statement. As a matter of policy, we do not disclose details on matters like this, to protect the privacy of the individuals involved.” “We do not retaliate against employees, contractors or instructors or other members of our community, under any circumstances, for reporting concerns about behavior or conduct,” the company added. The response received from DataCamp was not only inadequate, but technologically faulty, as per one of the contractors Noam Ross who pointed out in his blog post that DataCamp had published the blog with a “no-index” tag, meaning it would not show up in aggregated searches like Google results. Thus adding this tag knowingly represents DataCamp’s continued lack of public accountability. OS Keyes said to Business Insider that at this point, the best course of action for DataCamp is a blatant change in leadership. “The investors need to get together and fire the [executive], and follow that by publicly explaining why, apologising, compensating the victim and instituting a much more rigorous set of work expectations,” Keyes said. #Rstats and other data science communities and DataCamp instructors take action One of the contractors Ines Montani expressed this by saying, “I was pretty disappointed, appalled and frustrated by DataCamp's reaction and non-action, especially as more and more details came out about how they essentially tried to sweep this under the rug for almost two years,” Due to their contracts, many instructors cannot take down their DataCamp courses. Instead of removing the courses, many contractors for DataCamp, including Montani, took to Twitter after DataCamp published the blog, urging students to boycott the very courses they designed. https://twitter.com/noamross/status/1116667602741485571 https://twitter.com/daniellequinn88/status/1117860833499832321 https://twitter.com/_tetration_/status/1118987968293875714 Instructors put financial pressures on the company by boycotting their own courses. They also wanted to get the executive responsible for such misbehaviour account for his actions, compensate the victim and compensate those who were fired for complaining—this may ultimately undercut DataCamp’s bottom line. Influential open-source communities, including RStudio, SatRdays, and R-Ladies, have cut all ties with DataCamp to show disappointment with the lack of serious accountability.. CEO steps down “indefinitely” from his role and accepts his mistakes Today Jonathan Cornelissen, accepted his mistake and wrote a public apology for his inappropriate behaviour. He writes, “I want to apologize to a former employee, our employees, and our community. I have failed you twice. First in my behavior and second in my failure to speak clearly and unequivocally to you in a timely manner. I am sorry.” He has also stepped down from his position as the company CEO indefinitely until there is complete review of company’s environment and culture. While it is in the right direction, unfortunately this apology comes to the community very late and is seen as a PR move to appease the backlash from the data science community and other instructors. https://twitter.com/mrsnoms/status/1121235830381645824 9 Data Science Myths Debunked 30 common data science terms explained Why is data science important?

MongoDB, the open source NoSQL database, is going to acquire mobile database platform Realm. The purchase is certainly one with clear technological and strategic benefits for both companies - and with MongoDB paying $39 million for a company that has up to now raised $40 million since its launch in 2011, it's clear that this is a move that isn't about short term commercial gains. It's important to note that the acquisition is not yet complete. It's expected to close in January 2020 at the end of the second quarter MongoDB's fiscal year. Further details about the acquisition and what it means for both products, will be revealed at MongoDB World in June. Why is MongoDB acquiring Realm? In the materials that announce the launch there's a lot of talk about the alignment between the two projects. "The best thing in the world is when someone just gets you, and you get them" MongoDB CTO Eliot Horowitz wrote in a blog post accompanying the release, "because when you share a vision of the world like that, you can do incredible things together. That’s exactly the case with MongoDB and Realm." At a more fundamental level the acquisition allows MongoDB to do a number of things. It can reach a new community of developers  working primarily in mobile development (according to the press release Realm has 100,000 active users), but it also allows MongoDB to strengthen its capabilities as cloud evolves to become the dominant way that applications are built and hosted. According to Dev Ittycheria, MongoDB President and CEO, Realm "is a natural fit for our global cloud database, MongoDB Atlas, as well as a complement to Stitch, our serverless platform." Serverless might well be a nascent trend at the moment, but the level of conversation and interest around it indicates that it's going to play a big part in application developers lives in the months and years to come. What's in it for Realm? For Realm, the acquisition will give the project access to a new pool of users. With backing from MongoDB, is also provides robust foundations for the project to extend its roadmap and even move faster than it previously would have been able to. Realm CEO David Ratner wrote yesterday (April 24) that: "The combination of MongoDB and Realm will establish the modern standard for mobile application development and data synchronization for a new generation of connected applications and services. MongoDB and Realm are fully committed to investing in the Realm Database and the future of data synchronization, and taking both to the next phase of their evolution. We believe that MongoDB will help accelerate Realm’s product roadmap, go-to-market execution, and support our customers’ use cases at a whole new level of global operational scale." A new chapter for MongoDB? 2019 hasn't been the best year for MongoDB so far. The project withdrew its submission for its controversial Server Side Public License last month following news that Red Hat was dropping it from Enterprise Linux and Fedora. This brought an initiative that the leadership viewed as strategically important in defending MongoDB's interests to a dramatic halt. However, the Realm acquisition sets up a new chapter and could go some way in helping MongoDB bolster itself for a future that it has felt uncertain about.