Tech News

On Thursday, the team at Facebook open sourced F14, an algorithm for faster and memory-efficient hash tables. F14 helps the hash tables provide a faster way for maintaining a set of keys or map keys to values, even if the keys are objects, like strings. The team at Facebook aimed at simplifying the process of selecting the right hash table with the help of F14. The algorithm F14 focuses on the 14-way probing hash table within Folly, Facebook’s open source library of C++ components. These F14 hash tables are better in performance as compared to the previous tools the team had. According to Facebook F14 is can be used as default for all sorts of use cases. There are many factors that need to be considered while choosing a C++ hash table. These factors could be about keeping long-lived references or pointers to the entries, the size of the keys, the size of the tables, etc. The team at Facebook suggests if the developers aren’t planning to keep long-lived references to entries then they may start with the option- folly::F14FastMap/Set or, they can opt for folly::F14NodeMap/Set. Challenges with the existing hash table algorithms Usually the hash tables start by computing a numeric hash code for each key and uses that number for indexing into an array. The hash code for a key remains the same but the hash codes for different keys are different. These keys in a hash table are distributed randomly across the slots in the array. So there are chances of collisions between the keys that map to the same array. Using Chaining method Most of the hash table algorithms handle these collisions by using the chaining method. The chaining method uses a secondary data structure such as a linked list for storing all the keys for a slot. This helps in storing the keys directly in the main array and further checking new slots if there is a collision. If the number of keys are divided by the size of the main array, we get a number called the load factor which the measure of the hash table’s fullness. By decreasing the load factor and making the main array larger, it’s possible to reduce the number of collisions. The problem with this method is that it will waste memory. Using STL method The next method is using the standard template library (STL) for C++ that provides hash tables via std::unordered_map and std::unordered_set. The method does guarantee reference stability which means the references and pointers to the keys and values in the hash table remains valid until the corresponding key is removed. Thus the entries must be indirect and individually allocated but that would add a substantial CPU overhead. Folly comes with a fast C++ class without reference stability and a slower C++ class that allocates each entry in a separate node. According to Facebook, the node-based version is not fully standard compliant, but it is still compatible with the standard version for all the codes. F14 reduces collisions with vector instructions F14 provide practical improvements for both performance and memory by using the vector instructions available on modern CPUs. F14 uses the hash code for mapping the keys to a block of slots instead of to a single slot and then searches within the chunk in parallel. For this intra-chunk search, F14 uses vector instructions (SSE2 or NEON) that filters all the slots of the chunk at the same time. The team at Facebook has named this algorithm as F14 because it filters 14 slots at once. This F14  algorithm performs collision resolution in case a chunk overflows or if two keys both pass the filtering step. With F14 there is a low probability of collision taking place within instruction pipelining. The team used Chunking strategy for lowering the collision rate. To explain this better, the chance that 15 of the table’s keys would map to a chunk with 14 slots is quite lower than the chance that two keys would map to one slot. For instance, imagine you are in a room with 180 people. The chance that one other person has the same birthday as you is about 50 percent, but the chance that there are 14 people who were born in the same fortnight as you is much lower than 1 percent. Chunking keeps the collision rate low even for load factors above 80 percent. Even if there were 300 people in the room, the chance of a fortnight “overflow” is still less than 5 percent. F14 uses reference-counted tombstones for empty slots Most of the strategies for reducing the collisions keep looking for an empty slot until they find one but that is a little difficult to execute. In this case, the algorithm should either leave a tombstone, an empty slot that doesn’t terminate the probe search or it has to slide down the later keys in the probe sequence. This is again very complex and difficult to execute. In workloads that mix insert and erase, the tombstones can get accumulated. And accumulated tombstones increase the load factor from the performance perspective. F14 uses a strategy that acts similar to reference-counted tombstones. This strategy is based on an auxiliary bit for each slot suggested by Amble and Knuth in their 1974 article “Ordered hash tables.” A bit is set whenever their insertion routine passes a slot that is already full and the bit records that a slot has overflowed. A tombstone corresponds to an empty slot with the overflow bit set. The overflow bit makes searches faster as the search for a key can be stopped at a full slot where the overflow bit is clear, even if the following slot is not empty. The team at Facebook has worked towards having the count the number of active overflows. The overflow bits are set when a displaced key is inserted rather than when the key that did the displacing is removed. This makes it easy to keep track of the number of keys relying on an overflow bit. Each of the F14 chunks uses 1 byte of metadata for counting the number of keys that wanted to be placed in the chunk but are currently stored in a different chunk. And when a key gets erased, it decrements the overflow counter on all the chunks that are on its probe sequence by cleaning them up. F14 optimizes memory effectively It is important to reduce memory waste for improving performance and allowing more of a program’s data to fit in the cache. The two common strategies used for hash table memory layouts are indirect which uses a pointer stored in the main array and direct which uses a memory of the keys and values incorporated directly into the main hash array. F14 uses pointer-indirect (F14Node) and direct storage (F14Value) versions, and index-indirect (F14Vector). The Facebook team uses STL container std::unordered_set that never wastes any data space as it waits until the last moment to allocate nodes. The F14NodeSet executes a separate memory allocation for every value, like std::unordered_set. It also stores pointers to the values in chunks and uses F14’s probing collision resolution to ensure that there are no chaining pointers and no per-insert metadata. The  F14ValueSet stores the values inline and has lesser data waste due to using a higher maximum load factor. F14ValueSet hence achieves memory-efficiency easily. While testing, the team encountered unit test failures and production crashes. Though the team has randomized the code for debug builds. F14 now randomly chooses among all the empty slots in a chunk when inserting a new key. Also, the entry order isn’t completely randomized and according to the team, the shuffle is good enough to catch a regressing test with only a few runs. To know more about this news, check out Facebook’s post. New York AG opens investigation against Facebook as Canada decides to take Facebook to Federal Court for repeated user privacy violations Facebook shareholders back a proposal to oust Mark Zuckerberg as the board’s chairperson Facebook sets aside $5 billion in anticipation of an FTC penalty for its “user data practices”

Google's Go is one of the fastest growing programming languages on the planet. But Google is now bidding to make it the go-to language for cloud development. Go Cloud, a new library that features a set of tools to support cloud development, has been revealed in a blog post published yesterday. "With this project," the team explains, "we aim to make Go the language of choice for developers building portable cloud applications." Why Go Cloud now? Google developed Go Cloud because of a demand for a way of writing, simpler applications that aren't so tightly coupled to a single cloud provider. The team did considerable research into the key challenges and use cases in the Go community to arrive at Go Cloud. They found that the increased demand for multi-cloud or hybrid cloud solutions wasn't being fully leveraged by engineering teams, as there is a trade off between improving portability and shipping updates. Essentially, the need to decouple applications was being pushed back by the day-to-day pressures of delivering new features. With Go Cloud, developers will be able to solve this problem and develop portable cloud solutions that aren't tied to one cloud provider. What's inside Go Cloud? Go Cloud is a library that consists of a range of APIs. The team has "identified common services used by cloud applications and have created generic APIs to work across cloud providers." These APIs include: Blob storage MySQL database access Runtime configuration A HTTP server configured with request logging, tracing, and health checking At the moment Go Cloud is compatible with Google Cloud Platform and AWS, but say they plan "to add support for additional cloud providers very soon." Try Go Cloud for yourself If you want to see how Go Cloud works, you can try it out for yourself - this tutorial on GitHub is a good place to start. You can also stay up to date with news about the project by joining Google's dedicated mailing list.   Google Cloud Launches Blockchain Toolkit to help developers build apps easily Writing test functions in Golang [Tutorial]

The Raspberry Pi board developers can now make use of the latest TensorFlow 1.9 features to build their board projects. Most developers use Raspberry Pi for shaping their innovative DIY projects. The Pi also acts as a pathway to introduce people to programming with an added benefit of coding in Python. The main objective of blending TensorFlow with the Raspberry Pi board is to let people explore the capabilities of machine learning on cost-effective and flexible devices. Eben Upton, the founder of the Raspberry Pi project, says, “It is vital that a modern computing education covers both fundamentals and forward-looking topics. With this in mind, we’re very excited to be working with Google to bring TensorFlow machine learning to the Raspberry Pi platform. We’re looking forward to seeing what fun applications kids (of all ages) create with it.” By being able to use TensorFlow features, existing users, as well as new users, can try their hand on live machine learning projects. Here are few real-life examples of Tensorflow on Raspberry Pi: DonkeyCar platform DonkeyCar, a platform to build DIY Robocars, uses TensorFlow and the Raspberry Pi to create self-driving toy cars. Object Recognition Robot The Tensorflow framework is useful for recognizing objects. This robot uses a library, a camera, and a Raspberry Pi, using which one can detect up to 20,000 different objects. Waste sorting robot This robot is capable of sorting every piece of garbage with the same precision as a human. This robot is able to recognize at least four types of waste. To identify the category to which it belongs, the system uses TensorFlow and OpenCV. One can easily install Tensorflow from the pre-built binaries using Python pip package system from the pre-built binaries. One can also install it by simply running these commands on the Raspbian 9 (stretch) terminal: sudo apt install libatlas-base-dev pip3 install tensorflow Read more about this project on GitHub page 5 DIY IoT projects you can build under $50 Build your first Raspberry Pi project How to mine bitcoin with your Raspberry Pi

Today, the team at ActiveState, a software-based company known for building Perl, Python and Tcl runtime environments introduced the ActiveState Platform Command Line Interface (CLI), the State Tool. This new CLI tool aims at automating manual tasks such as the setup of development and test systems. With this tool, all instructions in the Readme can easily be reduced to a single command. How can the State Tool benefit the developers? Eases ad-hoc tasks The State Tool can address tasks that cause trouble to developers at project setup or environment setups that don’t work the first time. It also helps developers in managing dependencies, system libraries and other such tasks that affect productivity. These tasks usually end up consuming developers’ coding time. The State Tool can be used to automate all of the ad hoc tasks that developers come across on a daily basis.  Deployment of runtime environment With this tool, developers can now deploy a consistent runtime environment into a virtual environment on their machine and across CI/CD systems with a single command. Sharing secrets and cross-platform scripts Developers can now centrally create secrets that can be securely shared among team members without the need of using a password manager, email, or Slack. They can create and share cross-platform scripts that include secrets for starting off the builds and run tests as well as simplifying and speeding up common development tasks. Developers can incorporate their secrets in the scripts by simply referencing their names. Automation of workflows All the workflows that developers handle can now get centrally automated with this tool. Jeff Rouse, vice president, product management, said in a statement, “Developers are a hardy bunch. They suffer through a thousand annoyances at project startup/restart time, but soldier on anyway. It’s just the way things have always been done. With the State Tool, it doesn’t have to stay that way. The State Tool addresses all the hidden costs in a project that sap developer productivity. This includes automating environment setup to secrets sharing, and even automating the day to day scripts that everyone counts on to get their jobs done. Developers can finally stop solving the same annoying problems over and over again, and just rely on the State Tool so they can spend more time coding.”   To know more about this news, check out the official page.  Podcasting with Linux Command Line Tools and Audacity GitHub’s ‘Hub’ command-line tool makes using git easier Command-Line Tools  

Last week, a group of security researchers reported that they have found a new malware that takes its instructions from code hidden in memes posted to Twitter. This method is popularly known as Steganography, a method popularly used by cybercriminals to abstract a malicious file within an image to escape from security solutions. According to Trend Micro, some malware authors posted two tweets including malicious memes on 25th and 26th October. These images were tweeted via a Twitter account created in 2017.  “The memes contain an embedded command that is parsed by the malware after it’s downloaded from the malicious Twitter account onto the victim’s machine, acting as a C&C service for the already- placed malware”, reported Trend Micro. According to the blog post, this new threat is detected as TROJAN.MSIL.BERBOMTHUM.AA. Also, this malware gets its command from a legitimate source, which they state is a popular networking platform. The memes cannot be taken down until the malicious Twitter account is disabled. Twitter, on the other hand, has already taken the account offline as of December 13, 2018. Malicious memes are no laughing matter The memes posted via the malicious Twitter accounts have a “/print” command hidden, which enables the malware to take screenshots of the infected machine. These screenshots are then sent to a C&C server whose address is obtained through a hard-coded URL on pastebin.com. Next, the malware will send out the collected information or the command output to the attacker by uploading it to a specific URL address. According to Trend Micro, “During analysis, we saw that the Pastebin URL points to an internal or private IP address, which is possibly a temporary placeholder used by the attackers. The malware then parses the content of the malicious Twitter account and begins looking for an image file using the pattern:  “<img src=\”(.*?):thumb\” width=\”.*?\” height=\”.*?\”/>” on the account.” Source: TrendMicro Researchers have also mentioned some other commands supported by this malware, which includes /processos to retrieve the list of running processes. /clip, to capture clipboard content, /username to retrieve username from the infected machine, and /docs to retrieve filenames from a predefined path such as (desktop, %AppData% etc.) According to TechCrunch, “The malware appears to have first appeared in mid-October, according to a hash analysis by VirusTotal, around the time that the Pastebin post was first created.” After Trend Micro reported the account, Twitter pulled the account offline, suspending it permanently. How the biggest ad fraud rented Datacenter servers and used Botnet malware to infect 1.7m systems How to build a convolution neural network based malware detector using malware visualization [Tutorial] Privilege escalation: Entry point for malware via program errors

Microsoft recently announced few innovations to their AI platform powered by Microsoft Azure. These updates are well aligned to their Digital Transformation strategy of helping organizations augment their machine learning capabilities for better performance. Cognitive Search Cognitive Search is a new feature in Azure portal which leverages the power of AI to understand the content and append the information into Azure Search. It also has support for different file-readers like PDF, office documents.It also enables OCR capabilities like key phrase extraction, language detection, image analysis and even facial recognition. So the initial search will pull all the data from various resources and then apply cognitive skills to store data in the optimized index. Azure ML SDK for Python In the Azure Machine Learning ecosystem, this additional SDK facilitates the developers and the data scientists to execute key AML workflows, Model training, Model deployment, and scoring directly using a single control plane API within Python Azure ML Packages Microsoft now offers Azure ML packages that represent a rich set of pip- installable extensions to Azure ML. This makes the process of building efficient ML models more streamlined by building on deep learning capabilities of Azure AI platform. ML.NET This cross-platform open source framework is meant for .NET developers and provides enterprise-grade software libraries of latest innovations in Machine Learning and platforms that includes Bing, Office, and Windows. This service is available in the AI platform for preview. Project Brainware This service is also available on Azure ML portal for preview. This architecture is essentially built to process deep neural networks; it uses hardware acceleration to enable fast AI. You can have a look at the Azure AI portal for more details. New updates to Microsoft Azure services for SQL Server, MySQL, and PostgreSQL Epicor partners with Microsoft Azure to adopt Cloud ERP SAP Cloud Platform is now generally available on Microsoft Azure  

Uber’s Head of corporate development and best known as the ‘top dealmaker’, Cameron Poetzscher has resigned from the company, yesterday. Cameron Poetzscher joined Uber as the Vice President of corporate development in 2014 and was responsible for overseeing important business deals as well as the fundraising efforts for the company. He led Uber through its $7.7 billion investment from SoftBank. Uber confirmed that the resignation is effective immediately. According to last month’s report by Wall Street Journal, Poetzscher was the subject of a sexual misconduct investigation in 2017. The investigation took place a year ago but the allegations weren't made public until September 2018 when Wall Street  Journal published a report highlighting the investigation. Per the report, an outside law firm investigated and found that Poetzscher had a pattern of making sexually suggestive comments about other co-workers, including describing “which ones he would like to sleep with.” Also, he was engaged in a consensual affair with a colleague that violated the company's policy. Poetzscher was formally disciplined in November 2017, according to the report, though some people at the company argued he should have been fired. His formal statement, after the report, said, “After some concerns were raised in 2017, an outside law firm conducted a confidential review and I was rightfully disciplined.” Also three months ago, Uber's Head of Human Resources, Liane Hornsey, had resigned from the company. Her departure came exactly a day after Reuters contacted Uber regarding an investigation based on the complaints about Liane Hornsey's handling of allegations on racial discrimination, according to the outlet. Uber’s newly appointed Financial Chief, Nelson Chai, will take up Cameron Poetzscher’s responsibilities while the firm seeks a replacement, a spokesman confirmed to the Wall Street Journal. Why Uber created Hudi, an open source incremental processing framework on Apache Hadoop? Python founder resigns – Guido van Rossum goes ‘on a permanent vacation from being BDFL’ Yet another privacy expert quits Sidewalk Labs Toronto smart-city project with doubts over its ‘privacy by design’ commitment

There has been a lot of noise around serverless computing over the last couple of years. There have been arguments that it’s going to put the container revolution to bed, and while that’s highly unlikely (containers and serverless are simply different solutions that are appropriate in different contexts), it’s significant that a trend like serverless could emerge so quickly to capture the attention of engineers and architects. It says a lot about the rapidly changing nature of software infrastructures and the increased demands for agility, scalability, and power. Azure is a cloud solution that’s only going to help drive serverless adoption further. But we know there’s always some trepidation among tech decision makers when choosing to implement something new or use a new platform. That’s why we’re delighted to be partnering with Microsoft Azure to give the world free access to Azure Serverless Computing Cookbook. Packed with more than 50 Azure serverless tutorials and recipes to help solve common and not so common challenges, this 325-page eBook is both a useful introduction to Azure’s serverless capabilities and a useful resource for anyone already acquainted with it. Simply click here to go to Microsoft Azure to download the eBook for free.

Apple held its annual conference Worldwide Developers Conference, WWDC 2019 in San Jose on Monday and to say that the keynote session, was jammed with announcements would be an understatement. This time Apple has really tried to innovate, it was not just the usual product hardware updates but also key features in the business, software space, along with a focus on privacy. Some new products and services which were showcased included a Mac Pro and Pro Display XDR, iOS 13 with a dark mode, MacOS Catalina and an operating system for the iPad called iPadOS. There was also a new privacy-focused sign-in, SwiftUI framework, and Feedback Assistant. Needless to say, people were enthralled by the event and expressed their excitement on Twitter. https://twitter.com/ShaneyBoy112/status/1135628489065996288 https://twitter.com/stroughtonsmith/status/1135653636145590273 https://twitter.com/nickchapsas/status/1135616253677191169 New enhancements to Apple’s flagship operating systems macOS Catalina in beta Apple previewed a new version of Mac operating system, macOS Catalina (macOS 10.5) as a result of the expansion of the company's Marzipan program -- now called Project Catalyst -- which brings iOS apps to the Mac. With macOS Catalina, Apple is replacing iTunes with its popular entertainment apps — Apple Music, Apple Podcasts and the Apple TV app. It also has a new Sidecar feature which helps users extend their Mac desktop by using their iPad as a second display or as a high-precision input device across Mac apps. Catalina has new security features such as ‘Find My app’ and ‘Approve’ to keep users better protected. Voice Control lets users control their Mac entirely with their voice. It also has the Screen Time feature, giving users options such as monitoring usage, scheduling downtime, and setting limits for both apps and websites across all devices. macOS Catalina will be available this fall as a free software update for Macs introduced in mid-2012 or later. For more information, see our detailed coverage here. iOS 13 Beta Apple previewed the latest update of its mobile operating system, iOS 13 at WWDC. It introduces dark mode, advanced photo and camera features, Sign in with Apple and a new Maps experience. Sign in with Apple allows customers to simply use their Apple ID to authenticate instead of using a social account or filling out forms, verifying email addresses or choosing passwords. The Sign in will protect users’ privacy by providing developers with a unique random ID. Siri has a new, more natural voice. HomePod can also distinguish voices from anyone in the home to deliver personal requests, including messages, music and more. https://twitter.com/astralwave/status/1135602897821917184 The developer preview of iOS 13 is available to Apple Developer Program members at starting yesterday, and a public beta program will be available to iOS users later this month. New software features will be available this fall as a free software update for iPhone 6s and later. Read more about iOS 13 features here. Apple iPadOS WWDC 2019 also saw iPad getting its own Apple iPadOS. Basically, iPadOS builds on the same foundation as iOS, adding intuitive features specific to the large display of iPad. It has a Split view allowing iPad users to work with multiple files and documents from the same app simultaneously. They can also quickly view and switch between multiple apps in Slide Over. It also introduces mouse support for both USB and Bluetooth devices. Source: Apple Now Apple Pencil is even more integrated into the iPad experience. Customers can now mark up and send entire webpages, documents or emails on iPad by swiping Apple Pencil from the corner of the screen. The Files app also comes with iCloud Drive support for folder sharing. Text editing on the iPad receives a major update with iPadOS. It is easier and faster to point with precision and speed, select text with just a swipe and use new gestures to cut, copy, paste and undo. iPadOS will be available this fall as a free software update for iPad Air 2 and later, all iPad Pro models, iPad 5th generation and later and iPad mini 4 and later. tvOS 13 and watchOS 6 Apple also released tvOS 13 operating system for Apple TV 4K. With tvOS 13, Apple TV 4K now has a new Home screen; multi-user support for customers to access their own TV shows, movies, music, and recommendations; support for Apple Arcade; expanded game controller support for Xbox One S and PlayStation DualShock 4; and new 4K HDR screen savers. tvOS 13 will be available this fall as a free software update for Apple TV 4K and Apple TV HD. Apple previewed watchOS 6, offering users better health and fitness management such as cycle tracking and Noise app, gives access to dynamic new watch faces and the Activity Trends and App Store directly on Apple Watch. New software features will be available this fall as a free software update for Apple Watch Series 1 or later paired with iPhone 6s or later running iOS 13 or later. Source: Apple Swift UI framework Apple unveiled its SwiftUI framework at WWDC offering a simple way for developers to build user interfaces across all Apple platforms using just one set of tools and APIs. It features a declarative Swift syntax that’s easy to read and natural to write. SwiftUI Working with new Xcode design tools, Swift UI keeps code and design perfectly in sync. It also offers features such as automatic support for Dynamic Type, Dark Mode, localization, and accessibility. Swift UI got developers quite excited who compared it with React Native and Flutter. https://twitter.com/chrismaddern/status/1135624920036184067 https://twitter.com/wilshipley/status/1135835228696600576 https://twitter.com/benjaminencz/status/1135797158807035904 Apple aims to protect user privacy with Apple Sign in Apple has a new way to stop third-party sites and services from getting your information when you sign up to an app. The “Sign in with Apple” button introduced at WWDC, can authenticate a user using Face ID on their iPhone without turning over any of their personal data to a third-party company.  Often users are dependent on third-party apps for using a social account or filling out forms, verifying email addresses or choosing passwords. Sign in with Apple allows customers to simply use their Apple ID to authenticate. It protects users’ privacy by providing developers with a unique random ID. Other privacy updates to the App Store Apps intended for kids cannot include third-party advertising or analytics software and may not transmit data to third parties. HTML5 games distributed in apps may not provide access to real money gaming, lotteries, or charitable donations, and may not support digital commerce. VPN apps may not sell, use, or disclose to third parties any data for any purpose, and must commit to this in their privacy policy. Apps that compile information from any source that is not directly from the user or without the user’s explicit consent, even public databases, are not permitted on the App Store. Apps must get consent for data collection, even if the data is considered anonymous at the time of or immediately following collection. More privacy related announcements here. New Mac Pro with Apple Pro Display XDR At the WWDC, Apple also announced its all-new redesigned Mac Pro, starting at $5,999. The design is a homage to Apple’s classic “cheese grater” look, but it is far from a simple grater when it comes to features. https://twitter.com/briantong/status/1135612966789820418 The new Intel Xeon processor inside the Mac Pro will have up to 28 cores, with up to 300W of power and heavy-duty cooling. System memory can be maxed out at 1.5TB, says Apple, with six-channel memory across 12 DIMM slots. It also has 32GB of memory, Radeon Pro 580X graphics, and a 256GB SSD. With this Mac Pro, Apple is launching a custom expansion module, the MPX Module. It has a quad-wide PCIe card that fits two graphics cards, has its own dedicated heat sink, and also has a custom Thunderbolt connector to hook into Thunderbolt 3 backbone that Apple built into the motherboard to deliver additional power and high-speed connectivity to components. The power supply of the new Mac Pro maxes out at 1.4kW. Three large fans sit at the front, just behind the new aluminum grille, blowing air across the system at a rate of 300 cubic feet per minute. Alongside the new Mac Pro, Apple also introduced a matching 6K monitor, the 32-inch Pro Display XDR at WWDC, whose starting price is $4,999. The Pro Display XDR, which stands for extreme dynamic range, has P3 and 10-bit color with reference modes built in, as well as Apple’s True Tone automatic color adjustment for ambient lighting. It’s 40 percent larger than the iMac 5K display and has an anti-reflective coating, and comes in a matte option called nanotexture. Source: Apple Feedback Assistant for Developers Bug reporter is now replaced with Feedback Assistant which is available on iPhone, iPad, Mac, and the web, making it easy for developers to submit effective bug reports and request enhancements to APIs and tools. When developers file a bug, they will receive a Feedback ID to track the bug within the app or on the website. Other features include automatic on-device diagnostics, remote bug filing, detailed bug forms, and bug statuses. For more coverage of Apple’s special event keep watching this space. You can also stream the WWDC Keynote from the San Jose Convention Center here. Apple releases native SwiftUI framework with declarative syntax, live editing, and support of Xcode 11 beta. Apple Pay will soon support NFC tags to trigger payments Apple proposes a “privacy-focused” ad click attribution model for counting conversions without tracking users

Spotify announced earlier this week that it has filed an antitrust complaint against Apple with the European Commission (EC), claiming that Apple’s rules on the App Store ‘limits choice’ and ‘ stifle innovation’ at the expense of user experience. Spotify states that Apple receives a 30% tax on purchases made through Apple’s payment system from Spotify and other similar digital services. “If we pay this tax, it would force us to artificially inflate the price of our Premium membership well above the price of Apple Music. And to keep our price competitive for our customers, that isn’t something we can do”, states Daniel Ek, CEO, Spotify in a blog post. Ek mentions that in case Spotify decides not to use Apple’s payment system, then a series of technical and experience limited restrictions are applied by Apple. For instance, Customer communication on the app is restricted including its outreach efforts beyond the app. Also, they are not able to send emails to Apple customers in certain cases. Apart from that, Apple also blocks the experience enhancing upgrades on the app on a routine basis. Spotify is not the only one to have stood up against Apple tax. Many companies have chastised and spoken against Apple tax. For instance, companies like Netflix Inc. and video game makers Epic Games Inc. and Valve Corp also complained about the cost of Tax that Apple charges, last year. However, Spotify is the first company to file a complaint against Apple tax that is registered with the EU, a regulatory body that ensures fair competition across the market. Ek states that Spotify is not looking for any special treatment and wants Apple to treat them like other apps on the App Store, including  Uber or Deliveroo, who are neither imposed any Apple tax nor do these apps have the same restrictions as Spotify. Ek also mentioned a list of requests to bring about a change in rules laid out by Apple for the app store. These are as follows: Apps should compete fairly on the merits, and not based on who owns the App Store. All apps should be subject to the same fair set of restrictions (including Apple music). Consumers should be offered a real choice of payment systems. They should not be forced to use systems that have discriminatory tariffs associated with them like Apple’s. App stores should not dictate communications between different app services and users, by placing unfair restrictions on marketing. Spotify has also launched a separate ‘Time to Play Fair microsite’ that is dedicated to making users aware of Apple’s ‘anti-competitive behavior’.  The site illustrates the complaints by Spotify extensively. Horacio Gutierrez, General Counsel, and VP, Business & Legal Affairs at Spotify, confirmed that Spotify has submitted an “economic analysis” to the European Commission, that demonstrates how Apple’s policies have impacted its business. “We are confident that the evidence will show that even though we’ve been successful as a company, and have grown our business, we could have been even more successful if it were not for the restrictions that Apple has placed on our business,” said Guiterrez. Apple’s response to the complaint Apple has responded back to Spotify, addressing the claims of the complaint on a Press release published, yesterday. Apple states that Spotify wants to leverage all the benefits of the App Store without making any Contributions to Marketplace, and it wouldn’t be the business that it is today without the App Store. “We share Spotify’s love of music and their vision of sharing it with the world. Where we differ is how you achieve that goal. Underneath the rhetoric, Spotify’s aim is to make more money off others’ work”, states Apple. It also states that the only contribution that it requires is for the digital goods and services that are purchased inside the app with their secure in-app purchase system. Apple agrees that the revenue share is 30 percent but it further states that this is only applicable for the first year of an annual subscription and then drops to 15 percent in the years after. “The only time we have requested adjustments is when Spotify has tried to sidestep the same rules that every other app follows. Just this week, Spotify sued music creators after a decision.. required Spotify to increase its royalty payments. This isn’t just wrong, it represents a real, meaningful and damaging step backward for the music industry”, says Apple. Public reaction the news is varied with some sympathizing with Spotify, while others tweeting against Spotify and in support of Apple: https://twitter.com/cassiusdarrow/status/1106504786340253696 https://twitter.com/AvramNate/status/1106042615592570880 https://twitter.com/TonyXLR2/status/1105814168664506368 https://twitter.com/IsleJoseph/status/1105819045218144257 Rene Ritchie, a Canadian blogger, Youtuber, and editor in chief of iMore, also posted a video on his YouTube channel, where he took a deep dive into the Spotify action against Apple in the EU, and called Spotify’s move as “kinda victimy”. Spotify acquires Gimlet and Anchor to expand its podcast services Spotify releases Chartify, a new data visualization library in python for easier chart creation Spotify has “one of the most intricate uses of JavaScript in the world,” says former engineer

After 6 years of long anticipation, Magic Leap, the secretive billion dollar startup has finally unveiled its first augmented reality headset. This mysterious new device is supposedly priced at $1000 and hosts a variety of interesting new features. Let’s take a look at why this company, which is notoriously known to work in the “stealth mode”, has been gaining so much popularity. Magic Leap Origins Magic Leap was founded in 2010, by Rony Abovitz, a tech-savvy American entrepreneur. He previously founded a company which manufactured surgical robotic arm assistance platforms. But it was not until October 2014, when the company started to make the rounds in news by receiving $540 million of venture funding from Google, Qualcomm, Andreessen Horowitz, and Kleiner Perkins, among other leading tech investors. Some saw this funding as a desperate attempt from Google to match Facebook’s acquisition of Oculus, a virtual reality startup. This exaggerated valuation was based on little more than an ambitious vision of layering digital images on top of real-world objects with spatial glasses, and with no actual revenue or any products to show. The Anticipation After a year of the initial round of fundings, Magic Leap released a couple of cool demos. https://www.youtube.com/watch?v=kPMHcanq0xM Just another day in the office at Magic Leap https://www.youtube.com/watch?v=kw0-JRa9n94 Everyday Magic with Mixed Reality Both these videos showcased augmented reality gaming and productivity applications. While the description in the first one mentioned that it was just a concept video that highlights the potential of augmented reality, the second video claimed that it was shot from the actual device without the use of any special effects. These demos skyrocketed the popularity of Magic Leap creating huge anticipation among the users, developers, and investors alike. This hype attracted the likes of Alibaba and Disney to join hands with them in their quest for the next generation Augmented Reality device. Product Announcement and Pricing After 4 years of hype videos and almost 2 billion dollars in funding Magic Leap finally unveiled their first product called Magic Leap One Creator Edition. These headsets are specifically catered to developers and will start shipping later this year. The Creator Edition consists of three pieces of hardware: Source: Magic Leap Official Website Lightwear: It’s the actual headset which uses “Digital Lightfield” display technology with multiple integrated sensors to gather spatial information. Lightpack: The core computing power of the headsets lies in the Lightpack, a circular belt-worn hip pack which is connected to the headset. Controller: It is a remote that contains buttons, six-degrees of freedom motion sensing, touchpad, and haptic feedback. The remote-shaped controller appears to be very similar to what we can see in Samsung Gear VR and Google Daydream headset controllers. Along with the headsets, Magic Leap also launched the Lumin SDK, the toolkit which allows developers to build AR experiences for Lumin OS, the operating system that powers the Magic Leap One headset. There’s more! Magic Leap has made their SDK available in both Unity and Unreal game engines. This would allow a wide range of developers to start creating augmented reality experiences for their respective platforms. Although Magic Leap hasn’t shared any details on the exact pricing of the headsets, but if you go by what Rony Abovitz said in an interview, the price of the headset would be similar to that of a “Premium Computer”. He also mentioned that the company is planning to develop high-end devices for enterprises as well as lower-end versions for the common masses. Product trial shrouded in secrets Magic Leap, since their inception, have been claiming to revolutionize the AR/VR space with their mysterious technology. They boast that their proprietary features like “Digital Lightfield” and “Visual Perception”  would solve the long-standing problem of dizziness caused due to the continuous use of these headsets. Still, a lot of specifications are missing, like the field of view, or the processing power of the Lightpack processor. To add to the ambiguity, Magic Leap released a long list of security clauses for the developers who want to try out their products, some almost asking the developers to “lock away the hardware”. But this isn’t stopping the investors from pouring in more funds. Magic Leap just received another $461 million dollars from a Saudi Arabia sovereign investment arm. The uncertainty will only be cleared when the headsets become production ready and reach the consumers. Until then the hype remains... To know more about other features of Magic Leap One, check out their official webpage.

On Monday, August 19, the Cisco Talos research team disclosed eight security vulnerabilities in Google’s Nest Cam IQ, a high-end security indoor camera (IoT device). These vulnerabilities allow hackers to take over the camera, prevent its use or allow code execution. The two researchers, Lilith Wyatt and Claudio Bozzato, said that these eight vulnerabilities  apply to version 4620002 of the Nest Cam IQ indoor device and were located in the Nest implementation of the Weave protocol. The Weave protocol is designed specifically for communications among Internet of Things or IoT devices. Per Cisco Talos, Nest Labs’ Cam IQ Indoor integrates security-enhanced Linux in Android, Google Assistant and facial recognition all into a compact security camera. Nest, on the other hand, has provided a firmware update that the company says will fix the vulnerabilities. Nest says that these updates will happen automatically if the user’s camera is connected to the internet. The researchers in their official statement said, "Nest Cam IQ Indoor primarily uses the Weave protocol for setup and initial communications with other Nest devices over TCP, UDP, Bluetooth, and 6lowpan.” "It is important to note that while the weave-tool binary also lives on the camera and is vulnerable, it is not normally exploitable as it requires a local attack vector (i.e. an attacker-controlled file) and the vulnerable commands are never directly run by the camera," they further added. The eight vulnerabilities in Google Nest Cam IQ TCP connection denial-of-service vulnerability This vulnerability (CVE-2019-5043) is an exploitable denial-of-service vulnerability that exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability. Legacy pairing information disclosure vulnerability This exploitable information disclosure vulnerability (CVE-2019-5034) exists in the Weave legacy pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted Weave packets can cause an out-of-bounds read, resulting in information disclosure. PASE pairing brute force vulnerability This vulnerability (CVE-2019-5035) exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. Here, a set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. KeyError denial-of-service vulnerability This vulnerability (CVE-2019-5036) exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. Here, a specially crafted weave packet can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. WeaveCASEEngine::DecodeCertificateInfo vulnerability This vulnerability (CVE-2019-5037) exists in the Weave certificate loading functionality of the Nest Cam IQ Indoor camera, version 4620002, where a specially crafted weave packet can cause an integer overflow and an out-of-bounds read to occur on unmapped memory, resulting in a denial of service. Tool Print-TLV code execution vulnerability This exploitable command execution vulnerability (CVE-2019-5038) exists in the print-tlv command of Weave tools. Here, a specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted Weave command. ASN1Writer PutValue code execution vulnerability This exploitable command execution vulnerability (CVE-2019-5039) exists in the ASN1 certificate writing functionality of Openweave-core, version 4.0.2. Here, a specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can exploit this vulnerability by tricking the user into opening a specially crafted Weave. DecodeMessageWithLength information disclosure vulnerability This vulnerability (CVE-2019-5040) exists in the Weave MessageLayer parsing of Openweave-core, version 4.0.2 and the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packet can cause an integer overflow to occur, resulting in PacketBuffer data reuse. In a statement to ZDNet, Google said, "We've fixed the disclosed bugs and started rolling them out to all Nest Camera IQs. The devices will update automatically so there's no action required from users." To know more about this news in detail, read Cisco Talos’ official blog post. Vulnerabilities in the Picture Transfer Protocol (PTP) allows researchers to inject ransomware in Canon’s DSLR camera Google’s Project Zero reveals several serious zero-day vulnerabilities in a fully remote attack surface of the iPhone Docker 19.03 introduces an experimental rootless Docker mode that helps mitigate vulnerabilities by hardening the Docker daemon

In November, last year, the React Native team shared a roadmap for React Native to provide better support to its users and collaborators outside of Facebook. The team is planning to open source some of the internal tools and improve the widely used tools in the open source community. Yesterday, they shared updates on the progress they have made in the two months since the release of the roadmap. Per the team, the goals were to “reduce outstanding pull requests, reduce the project's surface area, identify leading user problems, and establish guidelines for community management.” Updates to Pull Requests The number of open pull requests was reduced to 65. The average number of pull requests opened per day increased from 3.5 to 7. Almost two-thirds of pull requests were merged and one-third of the pull requests closed. Out of all the merged pull requests, only six caused issues; four only affected internal development and two were caught in the release candidate state. Cleaning up for leaner core The developers are planning on reducing the surface area of React Native by removing non-core and unused components. The community response on helping with the Lean Core project was massive. The maintainers jumped in for fixing long-standing issues, adding tests, and supporting long-requested features. Examples of such projects are WebView that has received many pull requests since their extraction and the CLI that is now maintained by members of the community and received much-needed improvements and fixes. Helping people upgrade to newer versions of React Native One of the highest voted problems was the developer experience of upgrading to newer versions of React Native. The team is planning on recommending CocoaPods by default for iOS projects which will reduce churn in project files when upgrading React Native. This will make it easier for people to install and link third-party modules. The team also acknowledged contributions from members of the community. One maintainer, Michał Pierzchała from Callstack helped in improving the react-native upgrade by using rn-diff-purge under the hood. Releasing React Native 0.59 For future releases, the team plans to: work with community members to create a blog post for each major release show breaking changes directly in the CLI when people upgrade to new versions reduce the time it takes to make a release by increasing automated testing and creating an improved manual test plan These plans will also be incorporated in the upcoming React Native 0.59 release. It is currently published as a release candidate and is expected to be stable within the next two weeks. What’s next The team will now focus on managing pull requests while also starting to reduce the number of outstanding GitHub issues. They will continue to reduce the surface area of React Native through the Lean Core project. They also plan to address five of the top community problems and work on the website and documentation. React Native 0.59 RC0 is now out with React Hooks, and more Changes made to React Native Community’s GitHub organization in 2018 for driving better collaboration The React Native team shares their open source roadmap, React Suite hits 3.4.0

Yesterday, Google introduced a new Tensorflow-based framework named Dopamine, which aims to provide flexibility, stability, and reproducibility for both new and experienced RL researchers. This release also includes a set of colabs that clarify how to use the Dopamine framework. Dopamine is inspired by one of the main components in reward-motivated behavior in the brain. It also reflects a strong historical connection between neuroscience and reinforcement learning research. Its main aim is to enable a speculative research that drives radical discoveries. Dopamine framework feature highlights Ease of Use The two key considerations in Dopamine’s design are its clarity and simplicity. Its code is compact (about 15 Python files) and is well-documented. This is achieved by focusing on the Arcade Learning Environment (a mature, well-understood benchmark), and four value-based agents: DQN, C51, A carefully curated simplified variant of the Rainbow agent, and The Implicit Quantile Network agent, which was presented last month at the International Conference on Machine Learning (ICML). Reproducibility Google has provided the Dopamine code with full test coverage. These tests also serve as an additional form of documentation. Dopamine follows the recommendations given by Machado et al. (2018) on standardizing empirical evaluation with the Arcade Learning Environment. Benchmarking It is important for new researchers to be able to quickly benchmark their ideas against established methods. Following this, Google has provided the full training data of the four provided agents, across the 60 games supported by the Arcade Learning Environment. They have also provided a website where one can quickly visualize the training runs for all provided agents on all 60 games. Given below is a snapshot showcasing the training runs for the 4 agents on Seaquest, one of the Atari 2600 games supported by the Arcade Learning Environment. The x-axis represents iterations, where each iteration is 1 million game frames (4.5 hours of real-time play); the y-axis is the average score obtained per play. The shaded areas show confidence intervals from 5 independent runs. The Google community aims to empower researchers to try out new ideas, both incremental and radical with Dopamine ’s flexibility and ease-of-use. It is actively being used in Google’s research, giving them the flexibility to iterate quickly over many ideas. To know more about Dopamine in detail visit the Google AI blog. You can also check out its GitHubrepo. Build your first Reinforcement learning agent in Keras [Tutorial] Reinforcement learning model optimizes brain cancer treatment, reduces dosing cycles and improves patient quality of life OpenAI builds a reinforcement learning based system giving robots hhuman-likedexterity

There is a new web application framework in town. Categorized as “Military grade” by its creator, Rich Harris, Sapper is a Next.js-style framework that is almost close to being the ideal web application framework. [box type="info" align="" class="" width=""]Fun Fact: Sapper, the name comes from the term for combat engineers, hence the term Military grade. It is also short for Svelte app maker.[/box] Sapper offers high grade development experience, with declarative routing, hot-module replacement, and scoped styles. It also includes modern development practices at par with current web application frameworks such as code-splitting, server-side rendering, and offline support. It is powered by Svelte, the UI framework which is essentially a compiler that turns app components into standalone JavaScript modules. What makes Sapper unique is that it dramatically reduces the amount of code that gets sent to the browser. In the RealWorld project challenge, Sapper implementation took 39.6kb (11.8kb zipped) to render an interactive homepage. The entire app cost 132.7kb (39.9kb zipped), which is significantly smaller than the reference React/Redux implementation at 327kb (85.7kb). Infact, the implementation totals 1,201 lines of source code, compared to 2,377 for the reference implementation. Another crucial feature of Sapper is code splitting. If an app uses React or Vue, there's a hard lower bound on the size of the initial code-split chunk, the framework itself, which is likely to be a significant portion of the total app size. Sapper has no lower bound for initial code splitting, which makes the app even faster. The framework is also extremely performant, memory-efficient, and easy to learn with Svelte's template syntax. It has scoped CSS, with unused style removal and minification built-in. The framework also has a svelte/store, a tiny global store that synchronises state across the component hierarchy with zero boilerplate. Currently Sapper is not released in version 1.0.0. Currently, Svelte's compiler operates at the component level. For the stable release, the team is looking for ‘whole-app optimisation' where the compiler understands the boundaries between the components to generate even more efficient code. Also, because Sapper is written in TypeScript, there may be plans to officially support TypeScript. Sapper may not be ready yet to take over an established framework such as React. The reason being, that the developers may have an aversion to any form of 'template language'. Moreover, React is extremely flexible and appealing to new developers. This is because of its highly active community and other learning resources, in particular, the devtools, editor integrations, tutorials, StackOverflow answers, and even job opportunities. When compared to such a giant, Sapper still has a long way to go. You can view the framework's progress and contribute your own ideas at Sapper GitHub and Gitter. Top frameworks for building your Progressive Web Apps (PWA) 5 reasons why your next app should be a PWA (progressive web app) Progressive Web AMPs: Combining Progressive Wep Apps and AMP