Tech News

The team behind Xubuntu, have released a new update for the lightweight, GTK-based desktop environment built around Ubuntu. Xubuntu 19.04 is available since yesterday as a part of the Ubuntu 19.04 "Disco Dingo" launch. New features include latest Xfce package releases, new wallpapers/artwork, re-addition of GIMP to ISO, and various other changes. Xubuntu 19.04 also halts the production of x86 32-bit install images. New additions in Xubuntu 19.04 AptURL is now included in the latest release. It provides an easy way to link to and install packages from the repositories. It supports most browsers and works without any additional configuration when installed. GIMP (GNU Image Manipulating Program), a feature-packed image editor also ships with this release. It was notably absent from Xubuntu since 15.04 “Vivid Vervet”. The addition of LibreOffice Impress completes the Xubuntu office suite. Impress makes it possible for users to quickly and easily produce and present high-quality presentations. It comes with a number of great templates already installed, and hundreds more at the LibreOffice Extensions website. Updates to existing Xfce settings Xfce Application Finder The application Finder is ported to GTK 3 and searches are now fuzzy Menu items without a name are no longer displayed Applications can now be launched by pressing Enter once The Application Finder will no longer crash when toggling bookmarks A new preference was added to hide the category panel and it has improved application sorting and keyboard navigation Xfce Desktop Orientation option is added for icon arrangement Support for the RandR primary monitor is added Integration for the AccountsService wallpaper is added The crash with monitor changes is fixed. Also the icon size in the “Open With” submenu is fixed. Xfce Dictionary Crashes related to invalid URLs were resolved Web search links are only displayed when URLs are valid The link tooltip is now escaped, fixing display issues Xfce Panel Maximum icon size can be specified for improved control. Per-panel icon size preferences are added Numerous improvements are made to plugin display and sizing issues Support for alternative menu editors, with MenuLibre as default is added Fixed issues with clicking panel items at the top or left of the screen Fixed space reservation on the bottom and right of the screen Fixed crashes in the Directory Menu plugin and when removing certain plugins Fixed alignment of various plugin menus and the display of the binary clock Xfce Screenshooter Added width and height to the region select overlay Fixed delay functionality in the panel plugin and saving screenshots from the panel plugin Improved Imgur upload results dialog Improved support when XInput is not available and for HiDPI displays Xfce Session Replaced packaging recommendation on Xscreensaver with Light Locker Added support for MATE Screensaver and Xfce Screensaver Xfce System Load Plugin Reworked preferences dialog The default update interval was updated to 0.5 seconds Xfce Task Manager Builds now default to GTK 3, with GTK 2 being removed in the next release Improved UTF-8 normalization Fixed crash when closing processes Xubuntu Artwork New desktop wallpaper for 19.04 New release-agnostic wallpaper for Plymouth These are just a select few updates. For a more exhaustive version, head over to the blog post by Bluesabre. If you want to contribute, check out the Xubuntu contributor documentation to learn how to get started. Ubuntu 19.04 Disco Dingo Beta releases with support for Linux 5.0 and GNOME 3.32 Chromium blacklists nouveau graphics device driver for Linux and Ubuntu users Ubuntu 18.10 ‘Cosmic Cuttlefish’ releases with focus on AI development, multi-cloud and edge deployments, and much more

Yesterday, a team of researchers from UC Berkeley's Robot Learning Lab announced the completion of their three-year-long project called Blue. It is a low-cost, high-performance robot arm that was built to work in real-world environments such as warehouses, homes, hospitals, and urban landscapes. https://www.youtube.com/watch?v=KZ88hPgrZzs&feature=youtu.be With Blue, the researchers aimed to significantly accelerate research towards useful home robots. Blue is capable of mimicking human motions in real-world environments and enables more intuitive teleoperation. Pieter Abbeel, the director of the Berkeley Robot Learning Lab and co-founder and chief scientist of AI startup Covariant, shared the vision behind this project, “AI has been moving very fast, and existing robots are getting smarter in some ways on the software side, but the hardware’s not changing. Everybody’s using the same hardware that they’ve been using for many years . . . We figured there must be an opportunity to come up with a new design that is better for the AI era. Blue design details Its dynamic properties meet or exceed the needs of a human operator, for instance, the robot has a nominal position-control bandwidth of 7.5 Hz and repeatability within 4mm. It is a kinematically-anthropomorphic robot arm with a 2 KG payload and can cost less than $5000. It consists of 7 Degree of Freedom, which includes 3 in the shoulder, 1 in the elbow, and 3 in the wrist. Blue has quasi-direct drive (QDD) actuators, which offer better force control, selectable impedance, and are highly backdrivable. These actuators make Blue resilient to damage and also makes it safer for humans to be around. The team is first distributing early release arms to developers and industry partners. We can see a product release within the next six months. The team is also planning to have a production edition of the Blue robot arm, which will be available by 2020. To read more on Blue, check out the Berkley Open Arms site. Walmart to deploy thousands of robots in its 5000 stores across US Boston Dynamics’ latest version of Handle, robot designed for logistics Setting up a Raspberry Pi for a robot – Headless by Default [Tutorial]

Nicholas Bergson-Shilcock, the co-founder of Recurse Center, announced yesterday, that the company has nearly achieved its 2012 goal of making RC 50% women. Recurse Center is a self-directed, community-driven educational retreat for programmers in New York City. After seven years, 48% of new hires at RC this year are women, trans, or non-binary. “We believe nearly every aspect of RC gets better when RC becomes more diverse...my cofounders and I have experienced RC across 60 batches: some with significant gender, racial, age, and other forms of diversity, and others with very little diversity. We believe firmly that the former are a better experience for everyone”, states Shilcock. RC mainly focused on three things as a part of its strategy to achieve its goal. These three things include: getting a strong and diverse pool of applicants, minimizing bias and evaluating everyone on the same admissions criteria, and building an environment where different people can easily thrive. As a part of RC’s strategy: It first focussed on getting as strong and diverse a range of applicants as possible. To achieve this, RC funded women and people from other traditionally underrepresented groups for the program. For instance, RC  partnered with Etsy in April 2012 to fund living expense grants for women who can’t afford to attend RC. RC further expanded its grants program in 2014 to include Black, Latina/o, Native American, and Pacific Islander people. By 2015, RC began funding grants itself and has managed to disburse over $1.5 million in grants so far. Apart from that, RC also offered merit-based fellowships of up to $10,000   to women, trans, and non-binary people that work on open source projects, research, and art. RC launched Joy of Computing last year which is a site that features technical work by members of the RC community. Secondly, RC focused on minimizing bias and evaluate everyone on the same admissions criteria. To achieve this, RC uses pseudonyms and hides the demographic information. For instance, RC updated its admissions review software in 2014 to replace people’s names with pseudonyms ( “Keyboarding Animal” or “Temperature Jeans” instead of “José Smith” or “Kimberly Lin”). Shilcock recommends that companies should document and clearly explain their admission criteria and process. Firms should also be very specific about what precisely comes under their criteria. RC also recommends training its interviewers and recording the interviews for quality control and training. Additionally, RC offers ongoing support and has a process in place for giving interviewers feedback Lastly, RC focused on building and nurturing an environment where different kind of people can thrive. To foster a healthy work environment, RC has explicit social rules in place that contribute towards making RC a friendly, and productive place to program and grow. RC also has a code of conduct in place which is a system for reporting violations and a response protocol. Moreover, it also focuses on welcoming people and making them a part of its community. RC is further working towards itself as a firm more accessible to the programming community. For instance, apart from attending RC for six or 12-week batches, people can now also attend for a week-long program and become alumni and lifelong member of the community. RC has also modified and updated some of its policies to make RC more family-friendly. There is now a lactation and wellness room at RC, which will allow parents to bring their children along with them. Shilcock states that earlier in 2012, only 5% of the Recursers were women, trans, or non-binary, but that figure has changed to 34% now. Also, of the nearly 150 people who have already joined RC’s batch for this year, 48% identify as women, trans, or non-binary. However, Shilcock states that although the numbers are quite promising, they can fluctuate. “We know it will take continuous investment and work to have any chance of consistently achieving a gender-balanced environment at RC”, writes Shilcock. For more information, check out the official Recurse Center announcement. Women win all open board director seats in Open Source Initiative 2019 board elections Google’s pay equity analysis finds men, not women, are underpaid; critics call out design flaws in the analysis Apollo 11 source code: A small step for a woman, and a huge leap for software engineering

Facebook has been in the radar since quite some time now, with each month showing some major blunder by the company with respect to its privacy concerns. Last month Facebook opened up about exposing millions of user passwords in a plain text. Recently, one of the Facebook shareholders stood by a proposal to depose Mark Zuckerberg from its position as the board chairperson. And last evening, Facebook broke the news that it may have “unintentionally uploaded” the email contacts of 1.5 million new users on its site since May 2016, without their consent. What exactly happened at Facebook This news comes out when a security researcher highlighted that Facebook was asking some users to enter their email passwords when they signed up for new accounts for verifying their identities, in a move widely condemned by security experts. And it seems that the list of affected users is not just limited to the United States. https://twitter.com/robaeprice/status/1118668162378035200 In a statement to CNBC, a Facebook spokesperson said, “We’ve fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage contacts they share with Facebook in their settings.” According to a report by Business Insider when a user entered his/her email password, a message popped up which read, “it was "importing" your contacts, without asking for permission first.” The official statement from Facebook reads, “Last month we stopped offering email password verification as an option for people verifying their account when signing up for Facebook for the first time. When we looked into the steps people were going through to verify their accounts we found that in some cases people's email contacts were also unintentionally uploaded to Facebook when they created their account. We estimate that up to 1.5 million people's email contacts may have been uploaded. These contacts were not shared with anyone and we're deleting them. We've fixed the underlying issue and are notifying people whose contacts were imported. People can also review and manage the contacts they share with Facebook in their settings.” Facebook’s justification According to Facebook, the platform used to have a step in the account verification process where few users had the option to confirm their email address and then voluntarily import their email contacts onto Facebook. The idea behind the feature was to help users find their friends easily and also improve ads. When this process got redesigned in May 2016, the text that explained the step was removed but the feature remained intact. So, the email contacts were still being uploaded to the site without users being aware of the fact. With the company confessing such data breach acts repeatedly and stricter legislations coming into place, Facebook might face huge consequences for it in the near future. Facebook shareholders back a proposal to oust Mark Zuckerberg as the board’s chairperson Facebook AI introduces Aroma, a new code recommendation tool for developers Facebook AI open-sources PyTorch-BigGraph for faster embeddings in large graphs    

This week, NATIONAL VULNERABILITY DATABASE (NVD) identified an integer overflow flaw in libssh2 before the release of version 1.8.1 which could lead to an out of bounds write. A remote attacker could take advantage of this flaw to compromise an SSH server and execute code on the client system when a user connects to the server. Impact of the flaw in libssh2 The Common Vulnerability Scoring System (CVSS) base score, a numerical score that reflects its severity, calculated by the team who identified the flaw is 8.8, which is high. The overall impact score calculated by the team is 5.9 where the exploitability score is 2.8. The team also identified that the attack vector was a network and the attack complexity was low. Security issues fixed by the team CVE-2019-3861: The team fixed out-of-bounds reads with SSH packets. CVE-2019-3862: The team fixed the issues related to out-of-bounds memory with message channel request packet. CVE-2019-3860: The team fixed out-of-bounds reads with SFTP packets. CVE-2019-3863: The team fixed the integer overflow in user authenticate keyboard which could allow out-of-bounds writes with keyboard responses. CVE-2019-3856: The team fixed the issues related to a potential integer overflow in keyboard handling which could allow out-of-bounds write with payload. CVE-2019-3859: The team fixed the issues with out-of-bounds reads with payloads because of unchecked use of _libssh2_packet_require and _libssh2_packet_requirev. CVE-2019-3855: The team fixed a potential Integer overflow in transport read which could allow out-of-bounds write with a payload. CVE-2019-3858: The issues with the zero-byte allocation have been fixed, which could lead to an out-of-bounds read with SFTP packet. To know more about this news, check out NVD’s post. Linux use-after-free vulnerability found in Linux 2.6 through 4.20.11 Stable release of CUDA 10.0 out, with Turing support, tools and library changes ‘Peekaboo’ Zero-Day Vulnerability allows hackers to access CCTV cameras, says Tenable Research  

A Microsoft team named Bling (Beyond Language Understanding) announced a Finite State machine and regular expression manipulation library called Fire, yesterday. Fire has been developed to use in case of different linguistic operations inside Bing including Tokenization, Multi-word expression matching, Unknown word-guessing, and Stemming/Lemmatization among others. Under Fire comes a tokenizer, which has been designed for fast-speed and quality tokenization of Natural Language text. Fire tokenization uses the tokenization logic of NLTK (Natural Language Toolkit), with an exception that hyphenated words can be split and only a few errors can be fixed. Also, when compared with other popular NLP libraries, Bling Fire becomes 10X faster speed in tokenization task. The latest release of Bling Fire model is enabled to support most languages including East Asian (Chinese Simplified, Traditional, Japanese, Korean, Thai). The tokenizer’s high-level API is friendly to use from languages such as Python, Perl, C#, Java, etc. Also, the tokenizer has been designed in a way that it requires 0 zero configurations, or initialization, or additional files. The reason Tokenizer is very fast is because it makes use of deterministic finite state machines underneath. In order to use the Bling Fire Library and Finite State Machine manipulation tools, the project can be built on Windows/Linux using CMake, which allows you to create your own tokenization/segmentation, stemming, etc. To use the Bling Fire Library in Python, users can install the release with the help of using: pip install blingfire For more information, check out Bling Fire on GitHub. Microsoft reveals certain Outlook.com user accounts were hacked for months Microsoft makes the first preview builds of Chromium-based Edge available for testing Microsoft announces the general availability of Live Share and brings it to Visual Studio 2019

GLFW is traditionally the OpenGL library that offers a basic API for the creation of windows/contexts/surfaces across software platforms. GLFW version 3.3 is now available with exciting feature enhancements to it. GLFW works for both desktop and mobile, various devices, and works across all major operating systems while being under the liberal Zlib license. Notable for macOS users is that GLFW 3.3 now supports Vulkan on macOS via the MoltenVK library that translates Vulkan calls for Apple Metal driver usage. The increase in Vulkan support on macOS is great to see and ultimately benefits Linux users/gamers too by allowing Vulkan to be a single common denominator across platforms and making it an attractive target for game engine developers. GLFW 3.3 also has improvements around HiDPI and display scaling, raw mouse motion input support, transparent windows and frame-buffer handling, and other configuration tunables. Get to know about more details on GLFW 3.3 via GLFW.org. Best game engines for Artificial Intelligence game development How AI is changing game development Microsoft plans to use Windows ML for Game development

Yesterday, Red Hat announced that it will serve as a steward of OpenJDK 8 and OpenJDK 11, following the transition from Oracle. “With this transition”, says Red Hat, “we are affirming our support of the Java community and following a similar path that led to its leadership of both the OpenJDK 6 and OpenJDK 7 projects.” At the end of January 2019, Oracle officially ended free public updates to Oracle JDK for non-Oracle customer commercial users. These users will no longer be able to get updates without an Oracle support contract. Additionally, Oracle has changed the Oracle JDK license (BCPL) so that commercial use for JDK 11 and beyond will require an Oracle subscription. The leadership transfer actually happened mid-February, when Red Hat's Java technical lead, Andrew Haley was assigned as the Lead Maintainer in the JDK 8u Updates and JDK 11u Updates projects in OpenJDK. While Andrew is the lead whose job is to accept backports, the actual people who do the backporting work span multiple companies: Red Hat, SAP, Oracle, Amazon, Google, etc. These vendors share the backporting, reviewing, testing work. OpenJDK 8u, 11u Update Projects is where that collaboration happens, and Red Hat is leading that collaboration. Additionally, in December 2018, Red Hat announced commercial support for OpenJDK on Microsoft Windows. Red Hat plans to launch OpenJDK in a Microsoft installer in the coming weeks and distribute IcedTea-Web, the free software implementation of Java Web Start, as part of the Windows OpenJDK distribution. Mike Piech, vice president, and general manager, Middleware, Red Hat notes, " There is a developer hunger to bring Java into the next generation of development, and Red Hat is a leader in this movement through our involvement in the OpenJDK project. We are helping to lead the way in our efforts to enable users of JDK to have support and innovation in their existing environments. Red Hat remains committed to Java and is excited to have the opportunity to help steward the OpenJDK community." The OpenJDK Transition: Things to know and do Mark Reinhold on the evolution of Java platform and OpenJDK RedHat’s OperatorHub.io makes it easier for Kuberenetes developers and admins to find pre-tested ‘Operators’ for applications.

Yesterday, Google released Android Studio 3.4, the latest version of its integrated development environment (IDE). Version 3.3 was released earlier this year. This release is the continuation of 'Project Marble’, Google’s initiative to improve Android Studio features. Android Studio 3.4 has an updated Project Structure Dialog (PSD). It also replaces Proguard with R8 as the default code shrinker and obfuscator. This release also supports the Android Q Beta and Intellij 2018.3.4. New features in Android Studio 3.4 Project Structure Dialog: This is a new user interface front end to manage Gradle project files. PSD allows developers to see and add dependencies to their project at a module level. Additionally, it displays build variables, suggestions to improve build file configuration etc. New Resource Manager: The resource manager is a new tool to visualize the drawables, colors, and layouts across your app project in a consolidated view. In addition to visualization, the panel supports drag & drop bulk asset import, and bulk SVG to VectorDrawable conversion. R8 replaces Proguard: R8 is now used as the default code shinker for new projects created with Android Studio 3.4. R8 code shrinking helps reduce the size of your APK by getting rid of unused code and resources as well as making your actual code take less space. Additionally, in comparison to Proguard, R8 combines shrinking, desugaring and dexing operations into one step. Import Intentions: Android Studio 3.4 will now recognize common classes in Jetpack and Firebase libraries. It will also suggest, via code intentions, adding the required import statement and library dependency to your Gradle project files. Android Emulator Skin updates and Android Q Beta Emulator System Image: Users can now download Android Q Beta emulator system images for app testing on Android Q. Android Studio 3.4 also includes the latest Google Pixel 3 and Google Pixel 3 XL device skins. Read more about this release on the Android Developers Blog. You can download the latest version of Android Studio 3.4 from the Android download page. Android Studio 3.3 released with support for Navigation Editor, C++ code lint inspections, and more Google announces the stable release of Android Jetpack Navigation Android Q will reportedly give network carriers more control over network devices

Microsoft is taking a stand against climate devastation by hiking its internal carbon tax in a new sustainability drive. On Tuesday, the company announced that it nearly doubling its internal carbon fee to $15 per metric ton on all carbon emissions. The company introduced the internal carbon tax back in 2012. The fee is charged based on energy use from the company’s data centers, offices, and factories, and emissions from its employees' business air travel. Now, the funds from this higher fee will maintain Microsoft’s carbon neutrality and help meet their sustainability goals. https://twitter.com/satyanadella/status/1118241283133149184 Microsoft is aiming to use 70% renewable energy to power its data centers by 2023. For comparison, Google reached 100% renewable energy for its global operations — including both their data centers and offices in 2017. In April, this year Apple announced that its global facilities are powered with 100 percent clean energy. This achievement includes retail stores, offices, data centers and co-located facilities in 43 countries. Amazon has been the slow one in this race. Although, Amazon announced that it would power data centers with 100 percent renewable energy; since 2018 Amazon has reportedly slowed down its efforts to use renewable energy using only 50 percent. Microsoft has started the construction of  17 new buildings at their Washington headquarters. These buildings will run on 100 percent carbon-free electricity. Also, the amount of carbon associated with the construction materials of these buildings will be reduced by at least 15 percent, with a goal of reaching 30 percent. This would be monitored through Embodied Carbon Calculator for Construction (EC3), a new tool to track the carbon emissions of raw building materials. What is missing from this plan, is a complete transition off of fossil fuels rather than relying on carbon offsets. Microsoft is also joining the Climate Leadership Council (CLC). CLC is an international policy institute which promotes a national carbon pricing approach. “In addition to our internal carbon tax”, Microsoft says, “we supported the recent Washington state ballot measure on pricing carbon and believe it’s time for a robust national discussion on carbon pricing to lower emissions in an economically sound way.” Microsoft is also aggregating and hosting the environmental data sets on its cloud platform, Azure, and make them publicly available. These data sets, Microsoft notes, “are large government datasets contain satellite. and aerial imagery, among other things, and require petabytes of storage. By making them available in our cloud, we will advance and accelerate the work of grantees and researchers around the world.” Finally, the company will also scale up the work it does with other nonprofits and companies tackling environmental issues through their own data and Artificial Intelligence expertise. Responsible tech leadership or climate washing? Although, Microsoft plans to address quite a number of climate change and sustainability issues, what is missing are commitments for structural and business goal level changes or commitments. A report by Gizmodo highlights the lengths that Google, Microsoft, Amazon and other tech companies are going to help the oil industry accelerate the climate crisis—and there continued profits from this process. Per Gizmodo, Bill Gates heads a $1 billion climate action fund and has published his own point-by-point plan for fighting climate change. Notably absent from that plan is “Empowering Oil & Gas with AI”. Microsoft is also two years into a seven-year deal—rumored to be worth over a billion dollars—to help Chevron, one of the world’s largest oil companies, better extract and distribute oil. Microsoft Azure has also partnered with Equinor, a multinational energy company to provide data services in a deal worth hundreds of millions of dollars. Microsoft has also partnered with ExxonMobil to help it triple oil production in Texas and New Mexico. Microsoft also has a 7-year, multibillion-dollar deal with Chevron. Instead of making profits from these deals Microsoft could be prioritizing climate impacts in business decisions, including ending partnerships with fossil fuel companies that accelerate oil and gas exploration and extraction. https://twitter.com/MsWorkers4/status/1098693994903552000 https://twitter.com/MsWorkers4/status/1118540637899354113 Last week, Over 4,520 Amazon employees signed an open letter addressed to Jeff Bezos and Amazon board of directors asking for a company-wide action plan to address climate change and an end to the company’s reliance on dirty energy resources. Their demands: “define public goals and timelines to reduce emissions; complete ban from using fossil fuels; ending partnerships with fossil fuel companies; reducing harm caused by a company’s operations to vulnerable communities first; advocacy for local, federal, and international policies to reduce carbon emissions and fair treatment of all employees during extreme weather events linked to climate change.” Microsoft Workers 4 good who created their own petition for Microsoft to do better, endorsed the stand taken by Amazon employees and called for all employees to encourage their employers to take actions for climate change. Microsoft’s closed employee only petition was launched in February where Microsoft employees were asking the company to help them align employee’s retirement investments with Microsoft’s sustainability mission. https://twitter.com/MsWorkers4/status/1092942849522323456 4,520+ Amazon employees sign an open letter asking for a “company-wide plan that matches the scale and urgency of climate crisis” Minecraft is serious about global warming, adds a new (spigot) plugin to allow changes in climate mechanics. Google moving towards data centers with 24/7 carbon-free energy

Yesterday, Intel announced its decision to leave the 5G smartphone modem market and channelize its focus towards 4G and 5G modems for PCs, internet of things devices and other data-centric devices. This news broke immediately after Apple’s settlement with Qualcomm with regards to the ongoing patent violation and royalty dispute because of Apple’s use of Qualcomm modems in the iPhone. None of the companies made a statement regarding the dispute. https://twitter.com/intelnews/status/1118296038337421312 According to a report by Nikkei, Apple had concerns regarding Intel’s ability to supply next year’s iPhone models with 5G modems. Also last year,  Intel became Apple’s sole supplier of smartphone modems as the dispute with Qualcomm got complex. https://twitter.com/jonfortt/status/1118297377620877312 Apple might now use Qualcomm’s 5G modems with the iPhone in 2020 as it seems Intel has backed out of the modem business. This might put Apple in a tough situation to make a decision in the legal battle with Qualcomm. Intel will continue to invest in its 5G network infrastructure business and will also meet the current customer commitments for its existing 4G smartphone modem product line. The company doesn’t have any plans to launch 5G modem products in the smartphone space. Bob Swan, CEO at Intel, said, “We are very excited about the opportunity in 5G and the ‘cloudification’ of the network, but in the smartphone modem business it has become apparent that there is no clear path to profitability and positive returns.” Swan further added, “5G continues to be a strategic priority across Intel, and our team has developed a valuable portfolio of wireless products and intellectual property. We are assessing our options to realize the value we have created, including the opportunities in a wide variety of data-centric platforms and devices in a 5G world.” This month, Intel might provide more details about its latest development over 4G and 5G modems for computers and other IoT devices in its upcoming first-quarter 2019 earnings release and conference call. To know more about this news, check out Intel’s official announcement. Researchers discover Spectre like new speculative flaw, “SPOILER” in Intel CPU’s Apple plans to make notarization a default requirement in all future macOS updates Ian Goodfellow quits Google and joins Apple as a director of machine learning  

A Debian maintainer, named, Mo Zhou, wrote a mail to Development of Debian or Debian Devel team (responsible for discussion over tech development topics) on Debian mailing list, stating difficulties in deep learning framework Packaging. Zhou re-evaluated the status of TensorFlow’s latest build systems and shared point related to deep learning framework packaging. “My thoughts are concluded from failures instead of success. That said, they should be helpful to future maintainers who'd like to maintain similar packages”, writes Zhou. Zhou elaborates on three obstacles faced by maintainers in Debian's context in case of License, ISA Baseline, and Build System. License Zhou states that although the de facto dominating performance library is cuDNN, no user would prefer using a D-L framework without cuDNN or TPU acceleration. He states that packaging for cuDNN is available under Salsa:nvidia-team, however, the plan to upload it had been aborted since its license looks “too scary”. ISA Baseline Zhou writes that the absence of SIMD code affects critical computational performance. There have been certain helpful suggestions made by other volunteers including ld.so tricks and some gcc features that enables run-time code selection as per the CPU capability. The ld.so tricks help to bloat the resulting .deb packages but it's the most applicable solution. On the other hand, patching a million lines of Tensorflow code that would enable the "function attributes" feature is very difficult and “impossible” to a volunteer. Build System Zhou states that the build systems of TensorFlow and PyTorch are volatile due to the fast pace of development, especially TensorFlow's build system "bazel" is very hard to package for Debian. Also, a good amount of patching work is required to prevent bazel from downloading ~3.0GiB of before building TensorFlow. Additionally, PyTorch's setup.py+cmake+shell build system also requires some patching work. Zhou writes that any future contributor who is about to deal with any deep learning packages to carefully assess the three factors listed above. Apart from that, Zhou has also filed Orphan bugs against tensorflow and several of its dependencies, except src:nsync that contains cmake files. Zhou also mentions that DUPR is the best choice for him in case of .deb packages. For more information, check out the official Debian mailing list. Debian project leader elections goes without nominations. What now? It is supposedly possible to increase reproducibility from 54% to 90% in Debian Buster! Debian 9.7 released with fix for RCE flaw

Mozilla is constantly putting its efforts in developing new tools that ease the life of a data scientist. In March this year, it introduced Iodide, an experimental tool to create interactive documents using web technologies. And, yesterday, it has come up with another experimental tool called Pyodide to create a full Python data science stack that runs entirely in the browser. Why Pyodide is introduced? JavaScript, the most popularly-used web language, does not offer a mature suite of data science library. It also lacks a number of features for numerical computing such as operator overloading. Mozilla aims to change this and bring data science-related tools to JavaScript. Additionally, it is also argued that Python’s limitation of not being able to run in the browser can prove to be a threat to the language itself. Mozilla in the blog wrote, “with so much user interaction happening on the web or on mobile devices, it needs to work there or be left behind.” What is Pyodide? Pyodide provides a full, standard Python interpreter, which runs entirely in the browser. It has full access to all the APIs that a browser provides. While it is closely related to the Iodide project, Pyodide can also be used standalone in any context you want to run Python inside a web browser. Here’s an example of what you can do with this tool. This example shows a 3D plot of the density of calls to the City of Oakland, California “311” local information service. Here the data loading and processing is performed in Python. The plotting is taken care off by WebGL, a JavaScript API for rendering 2D and 3D graphics within a compatible web browser. Source: Mozilla For creating Pyodide, the team has used the source code of the mainstream Python interpreter, CPython and the scientific computing packages such as NumPy. They did some small set of changes to make these tools work in the new environment. And, finally, the code was compiled to WebAssembly using Emscripten’s compiler. Pyodide enables you to fetch things over the network using the browser’s APIs and will come with support for threading in the near future. However, there is very less chance that it will ever support features such as low-level networking sockets because of the browser’s security sandbox. Some of the big legends in Python have appreciated this project: https://twitter.com/gvanrossum/status/1118733186253479936 https://twitter.com/pwang/status/1118753387967909888 To know more in detail, check out the official announcement by Mozilla. Mozilla and Google Chrome refuse to support Gab’s Dissenter extension for violating acceptable use policy Mozilla developers have built BugBug which uses machine learning to triage Firefox bugs Mozilla introduces Iodide, a tool for data scientists to create interactive documents using web technologies  

A team of researchers, namely, Ismail Akrout, Amal Feriani, and Mohamed Akrout, published a paper, titled ‘Hacking Google reCAPTCHA v3 using Reinforcement Learning’, last month. In the paper, researchers present a Reinforcement Learning (RL) method that can easily bypass Google reCAPTCHA v3. Google’s reCAPTCHA system is used for detection of bots from humans and is the most used defense mechanism. It’s used to protect the sites from automated agents and bots, attacks and spams. Google’s reCAPTCHA v3 makes use of machine learning to return a risk assessment score between 0.0 and 1.0. This score is used to characterize the trustability of the user. If a score is close to 1.0 then that means the user is human, if not, then it’s a bot. Method Used The problem has been formulated as a grid world in which the agents can learn the movement of the mouse and click on the reCAPTCHA button to receive a high score. The performance of the agent is studied on varying the cell size of the world. The paper shows that the performance drops when the agent takes big steps toward the goal. Finally, a divide and conquer strategy is used to defeat the reCAPTCHA system for any grid resolution. Researchers have produced a plausible formalization of the problem as a Markov Decision Process (MDP) that can be solved using advanced RL algorithms. Then, a new environment is introduced that simulates the user experience with websites that have reCAPTCHA system enabled. Finally, it is analyzed how RL agents learn or fail to defeat Google reCAPTCHA.   In order to pass the reCAPTCHA test, a human user is required to move the mouse starting from an initial position then perform a sequence of steps until the user reaches the reCAPTCHA check-box and clicks on it. Based on how the interaction goes, the reCAPTCHA system rewards the user with a score.   As shown in the figure, the point where the mouse is the starting point and goal is the position of reCAPTCHA. A grid is constructed where all the pixels between these two points is a possible position for the mouse. It is assumed in the paper that a normal user will not necessarily move the mouse pixel by pixel, hence, cell size is defined that refers to the number of pixels between these two consecutive positions.                                         Agent’s mouse movement After this, a browser page will be opened at each episode with the user mouse at a random position. The agent then takes in a sequence of actions until it reaches the reCAPTCHA or the time limit. Once the episode is complete, the user will receive a feedback of the reCAPTCHA algorithm as any normal human user would. Results Researchers trained a Reinforce agent on a grid world of a specific size. The results presented in the paper are success rates across different 1000 runs. For the experiment to be successful, the agent would have to defeat the reCAPTCHA and obtain a score of 0.9. As per the results of the experiment, the discount factor achieved was 0.99, thereby, successfully defeating the reCAPTCHA. “Our proposed method achieves a success rate of 97.4% on a 100 × 100 grid and 96.7% on a 1000 × 1000 screen resolution”, states the researchers. For more information, check out the official research paper. Google researchers propose building service robots with reinforcement learning to help people with mobility impairment Facebook researchers show random methods without any training can outperform modern sentence embeddings models for sentence classification Researchers release unCaptcha2, a tool that uses Google’s speech-to-text API to bypass the reCAPTCHA audio challenge

It was just last month when Chinese developers protested over the “996 work schedule” on GitHub. The “996” work culture refers to an unofficial work schedule that requires employees to work from 9 am to 9 pm, 6 days a week, totaling up to 60 hours of work per week. The site, 996icu, that went viral last month, also called out to companies such as Youzan and Jingdong, who both follow the 996 work rule. One such example given was of a Jingdong PR who posted on their maimai ( Chinese business social network) account that “(Our culture is to devote ourselves with all our hearts (to achieve the business objectives)”, defending the 996 work culture. Jack Ma, co-founder and executive chairman of the Alibaba Group, is also among the ones who believe in promoting the 12-hour, 6-day week working schedule. Ma defended the Chinese 996 tech-life on Alibaba’s WeChat account, last week, and chastised people wanting a balanced and typical eight-hour work shift. “In this world, everyone wants success, wants a nice life, wants to be respected. Let me ask everyone if you don't put out more time and energy than others, how can you achieve the success you want?" Compared to them, up to this day, I still feel lucky, I don't regret (working 12 hour days), I would never change this part of me”, states Ma. Other companies to support Ma includes JD.com Inc., whose chief executive, Richard Liu, said that although he wouldn’t force people to work 996, however, people who have slacked off are not his “brothers”, reports Bloomberg. “Many people just want to buy a car and buy a house for Mom and Dad. This is very important, but I think you should have this ideal...some things that you are willing to do can help your child to be more blessed and help you to be blessed. Isn't it a good thing? This requires 996”, states Ma. Jack Ma’s remarks in defense of the 996 work schedule have again ignited uproar among people who strictly disapprove of this extreme over-time work environment in Chinese tech companies. Many have pointed out how promoting “996 work culture” in the name of “devotion” and “hard work” is blatantly ignoring the consequences of such gladiatorial work environment on employees. Unbearable pressure and unrealistic demands from employees often lead to them being depressed, over-fatigued, burned out, and in worst cases, suicidal. For instance, during February 2015, Foxconn forced its employees to work overtime, which resulted in occasional karoshi (death due to job-related exhaustion) and suicide. Public reaction to Jack Ma’s approval of 996 work culture has been largely negative, with people condemning Ma for his utter ignorance towards the issue: https://twitter.com/lindydonna/status/1116870541967683584 https://twitter.com/limeytim/status/1116879825799610368 https://twitter.com/yanni02141/status/1117049673339015168 https://twitter.com/RogerDara/status/1117319069139656704 https://twitter.com/designer_dick/status/1117798646202941441 Chinese tech companies don’t want to hire employees over 30 years of age Alibaba’s Singles Day sale hit record $30 billion in 24 hours Alibaba Cloud released Mars, a tensor-based framework for large-scale data computation