Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar packages could be subject to malware downloads or theft of user credentials and passwords.
Check Point Research, which reported its findings Monday, wrote that it didn’t know how many people had downloaded the 10 packages, but it noted that PyPi has 613,000 active users, and its code is used in more than 390,000 projects. Installing from PyPi through the pip command is a foundational step for starting or setting up many Python projects. PePy, a site that estimates Python project downloads, suggests most of the malicious packages saw hundreds of downloads.
Bodo.ai, a parallel compute platform for data workloads, is developing a compiler to make Python portable and efficient across multiple hardware platforms. It announced Wednesday a $14 million Series A funding round led by Dell Technologies Capital.
Python is one of the top programming languages used among artificial intelligence and machine learning developers and data scientists, but as Behzad Nasre, co-founder and CEO of Bodo.ai, points out, it is challenging to use when handling large-scale data.
Bodo.ai, headquartered in San Francisco, was founded in 2019 by Nasre and Ehsan Totoni, CTO, to make Python higher performing and production ready. Nasre, who had a long career at Intel before starting Bodo, met Totoni and learned about the project that he was working on to democratize machine learning and enable parallel learning for everyone. Parallelization is the only way to extend Moore’s Law, Nasre told TechCrunch.
Bodo does this via a compiler technology that automates the parallelization so that data and ML developers don’t have to use new libraries, APIs or rewrite Python into other programming languages or graphics processing unit code to achieve scalability. Its technology is being used to make data analytics tools in real time and is being used across industries like financial, telecommunications, retail and manufacturing.
“For the AI revolution to happen, developers have to be able to write code in simple Python, and that high-performance capability will open new doors,” Totoni said. “Right now, they rely on specialists to rewrite them, and that is not efficient.”
Joining Dell in the round were Uncorrelated Ventures, Fusion Fund and Candou Ventures. Including the new funding, Bodo has raised $14 million in total. The company went after Series A dollars after its product had matured and there was good traction with customers, prompting Bodo to want to scale quicker, Nasre said.
Nasre feels Dell Technologies Capital was “uniquely positioned to help us in terms of reserves and the role they play in the enterprise at large, which is to have the most effective salesforce in enterprise.”
Though he was already familiar with Nasre, Daniel Docter, managing director at Dell Technologies, heard about Bodo from a data scientist friend who told Docter that Bodo’s preliminary results “were amazing.”
Much of Dell’s investments are in the early-stage and in deep tech founders that understand the problem. Docter puts Totoni and Nasre in that category.
“Ehsan fits this perfectly, he has super deep technology knowledge and went out specifically to solve the problem,” he added. “Behzad, being from Intel, saw and lived with the problem, especially seeing Hadoop fail and Spark take its place.”
Meanwhile, with the new funding, Nasre intends to triple the size of the team and invest in R&D to build and scale the company. It will also be developing a marketing and sales team.
The company is now shifting from financing to customer- and revenue-focused as it aims to drive up adoption by the Python community.
“Our technology can translate simple code into the fast code that the experts will try,” Totoni said. “I joined Intel Labs to work on the problem, and we think we have the first solution that will democratize machine learning for developers and data scientists. Now, they have to hand over Python code to specialists who rewrite it for tools. Bodo is a new type of compiler technology that democratizes AI.”
Apple has encountered monumental backlash to a new child sexual abuse imagery (CSAM) detection technology it announced earlier this month. The system, which Apple calls NeuralHash, has yet to be activated for its billion-plus users, but the technology is already facing heat from security researchers who say the algorithm is producing flawed results.
NeuralHash is designed to identify known CSAM on a user’s device without having to possess the image or knowing the contents of the image. Because a user’s photos stored in iCloud are end-to-end encrypted so that even Apple can’t access the data, NeuralHash instead scans for known CSAM on a user’s device, which Apple claims is more privacy friendly as it limits the scanning to just photos rather than other companies which scan all of a user’s file.
Apple does this by looking for images on a user’s device that have the same hash — a string of letters and numbers that can uniquely identify an image — that are provided by child protection organizations like NCMEC. If NeuralHash finds 30 or more matching hashes, the images are flagged to Apple for a manual review before the account owner is reported to law enforcement. Apple says the chance of a false positive is about one in one trillion accounts.
But security experts and privacy advocates have expressed concern that the system could be abused by highly-resourced actors, like governments, to implicate innocent victims or to manipulate the system to detect other materials that authoritarian nation states find objectionable. NCMEC called critics the “screeching voices of the minority,” according to a leaked memo distributed internally to Apple staff.
Last night, Asuhariet Ygvar reverse-engineered Apple’s NeuralHash into a Python script and published code to GitHub, allowing anyone to test the technology regardless of whether they have an Apple device to test. In a Reddit post, Ygvar said NeuralHash “already exists” in iOS 14.3 as obfuscated code, but was able to reconstruct the technology to help other security researchers understand the algorithm better before it’s rolled out to iOS and macOS devices later this year.
It didn’t take long before others tinkered with the published code and soon came the first reported case of a “hash collision,” which in NeuralHash’s case is where two entirely different images produce the same hash. Cory Cornelius, a well-known research scientist at Intel Labs, discovered the hash collision. Ygvar confirmed the collision a short time later.
Hash collisions can be a death knell to systems that rely on cryptography to keep them secure, such as encryption. Over the years several well-known password hashing algorithms, like MD5 and SHA-1, were retired after collision attacks rendered them ineffective.
Kenneth White, a cryptography expert and founder of the Open Crypto Audit Project, said in a tweet: “I think some people aren’t grasping that the time between the iOS NeuralHash code being found and [the] first collision was not months or days, but a couple of hours.”
When reached, an Apple spokesperson declined to comment on the record. But in a background call where reporters were not allowed to quote executives directly or by name, Apple downplayed the hash collision and argued that the protections it puts in place — such as a manual review of photos before they are reported to law enforcement — are designed to prevent abuses. Apple also said that the version of NeuralHash that was reverse-engineered is a generic version, and not the complete version that will roll out later this year.
It’s not just civil liberties groups and security experts that are expressing concern about the technology. A senior lawmaker in the German parliament sent a letter to Apple chief executive Tim Cook this week saying that the company is walking down a “dangerous path” and urged Apple not to implement the system.
Open source packages downloaded an estimated 30,000 times from the PyPI open source repository contained malicious code that surreptitiously stole credit card data and login credentials and injected malicious code on infected machines, researchers said on Thursday.
In a post, researchers Andrey Polkovnichenko, Omer Kaspi, and Shachar Menashe of security firm JFrog said they recently found eight packages in PyPI that carried out a range of malicious activity. Based on searches on https://pepy.tech, a site that provides download stats for Python packages, the researchers estimate the malicious packages were downloaded about 30,000 times.
The discovery is the latest in a long line of attacks in recent years that abuse the receptivity of open source repositories, which millions of software developers rely on daily. Despite their crucial role, repositories often lack robust security and vetting controls, a weakness that has the potential to cause serious supply chain attacks when developers unknowingly infect themselves or fold malicious code into the software they publish.
Microsoft today announced PyTorch Enterprise, a new Azure service that provides developers with additional support when using PyTorch on Azure. It’s basically Microsoft’s commercial support offering for PyTorch
PyTorch is a Python-centric open-source machine learning framework with a focus on computer vision and natural language processing. It was originally developed by Facebook and is, at least to some degree, comparable to Google’s popular TensorFlow framework.
Frank X. Shaw, Microsoft’s corporate VP for communications, described the new PyTorch Enterprise service as providing developers with “a more reliable production experience for organizations using PyTorch in their data sciences work.”
With PyTorch Enterprise, members of Microsoft’s Premier and Unified support program will get benefits like prioritized requests, hands-on support and solutions for hotfixes, bugs and security patches, Shaw explained. Every year, Microsoft will also select one PyTorch support for long-term support.
Azure already made it relatively easy to use PyTorch and Microsoft has long invested in the library by, for example, taking over the development of PyTorch for Windows last year. As Microsoft noted in today’s announcement, the latest release of PyTorch will be integrated with Azure Machine Learning and the company promises to feed back the PyTorch code it developers back to the public PyTorch distribution.
Enterprise support will be available for PyTorch version 1.8.1 and up on Windows 10 and a number of popular Linux distributions.
“This new enterprise-level offering by Microsoft closes an important gap. PyTorch gives our researchers unprecedented flexibility in designing their models and running their experiments,” said Jeremy Jancsary, Senior Principal Research Scientist at Nuance. “Serving these models in production, however, can be a challenge. The direct involvement of Microsoft lets us deploy new versions of PyTorch to Azure with confidence.”
With this new offering, Microsoft is taking a page out of the open-source monetization playbook for startups by offering additional services on top of an open-source project. Since PyTorch wasn’t developed by a startup, only to have a major cloud provider then offer its own commercial version on top of the open-source code, this feels like a rather uncontroversial move.
Quix, a platform for Python developers working on streaming data, has secured a £2.3 Million ($3.2M)Seed funding round led by Project A Ventures in Germany, with participation from London’s Passion Capital and angel investors. The Quix Portal is also providing developers with a free subscription to a real-time data engineering platform.
Quix attracted angel investors including Frank Sagnier (CEO, Codemasters), Ian Hogarth (Co-author, State of AI Report), Chris Schagen (CMO, Contentful), and Michael Schrezenmaier (COO, Pipedrive).
Quix wants to change the way data is handled and processed from a database-centric approach to a ‘stream-centric’ approach, connecting machine learning models to real-time data streams. This is arguably the next paradigm in computing.
Use cases for Quix, it says, include developing electric vehicles, and fraud prevention in financial services. Some of its early customers are the NHS, Deloitte and McLaren.
Indeed, the founding team consists of former McLaren F1 engineers who are used to processing real-time data streams from the systems used by most Formula 1 teams.
Co-founder and CEO Michael Rosam said: “At Quix, we believe that it will soon be essential for every organization to automatically action data within milliseconds of it being created. Whether it’s personalizing digital experiences, developing electric vehicles, automating industrial machinery, deploying smart wearables in healthcare, or detecting financial fraud faster, the ability to run machine learning models on live data streams and immediately respond to rapidly changing environments is critical to delivering better experiences and outcomes to people.”
Over email he told me that Quix’s main advantage is that it allows developers to build streaming applications on Kafka without investing in cloud infrastructure first: “Uniquely, our API & SDK connects any Python code directly to the broker so that teams can run real-time machine learning models in-memory, reducing latency and cost compared to database-centric architectures.”
Quix is entering the data ecosystem alongside batch data processing platforms like Snowflake and Databricks, and event streaming platforms like Confluent, Materialize, and DBT. However, this ecosystem is very complementary with organizations usually combining multiple products into a production infrastructure based on the strengths of each proposition.
Sam Cash of Project A Ventures said: “Data streaming is the next paradigm in data architecture, given end-users accelerating demand for live, on-demand and personalized applications. The Quix team are leading the way in this market, by democratizing access to data streaming infrastructure, which until now has been the reserve of the largest companies.”
Malin Posern, Partner at Passion Capital commented: “The world today is generating unimaginable amounts of data from digital and physical activities. Businesses of all types and sizes will want to make use of their data in real-time in order to be competitive.”
Making deep fake videos used to be hard. Now all you need is a smartphone. Avatarify, a startup that allows people to make deep-fake videos directly on their phone rather than in the Cloud, is soaring up the app charts after being used by celebrities such as Victoria Beckham.
However, the problem with many deep fake videos is that there is no digital watermark to determine that the video has been tampered with. So Avatarify says it will soon launch a digital watermark to prevent this from happening.
Run out of Moscow but with a US HQ, Avatarify launched in July 2020 and since then has been downloaded millions of times. The founders say that 140 million deepfake videos were created with Avatarify this year alone. There are now 125 million views of videos with the hashtag #avatarify on TikTok. While its competitors include the well-funded Reface, Snapchat, Wombo.ai, Mug Life, Xpression, Avatarify has yet to raise any money beyond an Angel round.
Despite taking only $120,000 in angel funding, the company has yet to accept any venture capital and says it has bootstrapped its way from zero to almost 10 million downloads and claims to have a $10 million annual run-rate with a team of less than 10 people.
It’s not hard to see why. Avatarify has a freemium subscription model. They offer a 7-day free trial and a 12-month subscription for $34.99 or a weekly plan for $2.49. Without a subscription, they offer the core features of the App for free, but videos then carry a visible watermark.
The founders also say the app protects privacy, because the videos are processed directly on the phone, rather than in the cloud where they could be hacked.
Avatarify processes user’s photos and turns them into short videos by animating faces, using machine learning algorithms, and adding sounds. The user chooses a picture she wants to animate, chooses the effects and music, and then taps to animate the picture. This short video can then be posted on Instagram or TikTok.
The Avatarify videos are taking off on TikTok because teens no longer need to learn a dance or be much more creative than finding a photo of a celebrity to animate to.
Avartify says you can’t use their app to impersonate someone, but there is of course no way to police this.
Founders Ali Aliev and Karim Iskakov wrote the app during the COVID-19 lockdown in April 2020. Ali spent 2 hours writing a program in Python to transfer his facial expressions to the other person’s face and use a filter in Zoom. The result was a real-time video, which could be streamed to Zoom. He joined a call with Elon Mask’s face and everyone on the call was shocked. The team posted the video, which then went viral.
The code on Github and immediately saw the number of downloads grow. The repository was published on 6 April 2020, and as of 19 March 2021 had been downloaded 50,000 times.
Ali left his job at Samsung AI Centre and devoted himself to the app. After Avatarify’s iOS app was released on 28 June 2020, viral videos on TikTok, created with the app, led it to App Store’s top charts without paid acquisition. In February 2021, Avatarify was ranked first among Top Free Apps worldwide. Between February and March, the app 2021 generated more than $1M in revenue (Source: AppMagic).
However, despite Avartify’s success, the ongoing problems with deep-fake videos remain, such as using these apps to make non-consensual porn, using the faces of innocent people.
IonQ, the trapped ion quantum computing company that recently went public via a SPAC, today announced that it is integrating its quantum computing platform with the open-source Qiskit software development kit. This means Qiskit users can now bring their programs to IonQ’s platform without any major modifications to their code.
At first glance, that seems relatively unremarkable, but it’s worth noting that Qiskit was founded by IBM Research and is IBM’s default tool for working with its quantum computers. There is a healthy bit of competition between IBM and IonQ (and, to be fair, many others in this space), in part because both are betting on very different technologies at the core of their platforms. While IonQ is betting on trapped ions, which allows its machines able to run at room temperature, IBM’s technique requires its machine to be supercooled.
“IonQ is excited to make our quantum computers and APIs easily accessible to the Qiskit community,” said IonQ CEO & President Peter Chapman. “Open source has already revolutionized traditional software development. With this integration, we’re bringing the world one step closer to the first generation of widely-applicable quantum applications.”
On the one hand, it’s hard not to look at this as IonQ needling IBM a bit, but it’s also an acknowledgment that Qiskit has become somewhat of a standard for developers who want to work with quantum computers. But putting these rivalries aside, we’re also in the early days of quantum computing and with no clear leader yet, anything that makes these various platforms more interoperable is a win for developers who want to dip their feet into writing for them.
At its Octane21 conference, Okta, the popular authentication and identity platform, today announced a new — and free — developer edition that features fewer limitations and support for significantly more monthly active users than its current free plan.
“Our overall philosophy isn’t, ‘we want to just provide […] a set of authentication and authorization services.’ The way we’re looking at this is, ‘hey, app developer, how do we provide you the foundation you need to get up and running quickly with authorization and authentication as one part of it,’ ” Diya Jolly, Okta’s chief product officer, told me. And she believes that Okta is in a unique position to do so, because it doesn’t only offer tools to manage authorization and access, but also systems for securing microservices and providing applications with access to privileged resources.
Image Credits: Okta
It’s also worth noting that, while the deal hasn’t closed yet, Okta’s intent to acquire Auth0 significantly extends its developer strategy, given Auth0’s developer-first approach.
As for the expanded free account, Jolly noted that the company found that developers wanted to be able to access more of the service’s features during their prototyping phases. That means the new free Developer Edition comes with support for multi-factor authentication, machine-to-machine tokens and B2B integrations, for example, in addition to expanded support for integrations into toolchains. As is so often the case with enterprise tools, the free edition doesn’t come with the usual enterprise support options and has lower rate limits than the paid plans.
Still, and Jolly acknowledged this, a small to medium-sized business may be able to build applications and take them into production based on this new free plan.
“15K [monthly active users] is is a lot, but if you look at our customer base, it’s about the right amount for the smaller business applications, the real SMBs, and that was the goal. In a developer motion, you want people to try out things and then upgrade. I think that’s the key. No developer is going to come and build with you if you don’t have a free offering that they can tinker around and play with.”
Image Credits: Okta
She noted that the company has spent a lot of time thinking about how to support developers through the application development lifecycle overall. That includes better CLI tools for developers who would rather bypass Okta’s web-based console, for example, and additional integrations with tools like Terraform, Kong and Heroku. “Today, [developers] have to stitch together identity and Okta into those experiences — or they use some other identity — we’ve pre-stitched all of this for them,” Jolly said.
The new Okta Starter Developer Edition, as well as the new documentation, sample applications and integrations, are now available at developer.okta.com.
While quantum computing may still be in its infancy, most pundits in the industry will tell you that now is the time to learn the basic concepts. And while there is little that’s immediately intuitive on the hardware side of quantum computing, the actual software tools that most players in the industry are developing today should feel somewhat familiar to virtually any developer.
Unsurprisingly, the ‘IBM Quantum Developer Certification,’ as it’s officially called, focuses on IBM’s own software tools and especially Qiskit, its SDK for working with quantum computers. Qiskit has already proven quite popular, with more than 600,000 installs and when IBM Quantum and the Qiskit team hosted a quantum summer school last year, almost 5,000 developers participated.
But on top of knowing their way around the basics of Qiskit (think defining and executing quantum circuits) developers also need to learn some of the basics of quantum computing itself. Once you know your way around Bloch spheres, Pauli matrices and Bell states, you’ll probably be in good shape for taking the certification exam, which will be administered on the Pearson VUE platform.
Abe Asfaw, the global lead for Quantum Education and Open Science at IBM, told me that this is just the first of a series of planned quantum certifications.
“What we’ve built is a multi-tiered developer certification,” he told me. “The first tier is what we’re releasing in this announcement and that tier gets developers introduced to how to work with quantum circuits. How do you use Qiskit […] and how do you run it on a quantum computer? And once you run it on a quantum computer, how do you look at the results and how do you interpret the results? This sets the stage for the next series of certifications that we’re developing, which are then going to be attached to use cases that are being explored in optimization, chemistry and finance. All of these can now be sort of integrated into the developer workflow once we have enabled someone to show that they can work with quantum circuits.”
Image Credits: IBM
Asfaw stressed that IBM has focused on education developers about quantum computing for quite a while now, in part because it takes some time to develop the skills and intuition to build quantum circuits. He also noted that the open-source Qiskit project has integrated a lot of the tools that developers need to work at both the circuit level — which is a bit closer to writing in C or maybe even assembly in the classical computing world — and at the application level, where a lot of that is abstracted away.
“The idea is to make it easy for someone who is currently developing, whether it’s in the cloud, whether it’s using Python, to be able to run these tools and integrate quantum computing into their workflow,” Asfaw said. “I think the hardest part, to be very honest, is just giving someone the comfort to know that quantum computing is real today and that you can work with quantum computers. It’s as easy as opening up a Jupyter notebook and writing some code in Python.”
He noted that IBM already often helps upskill developers in its partner companies who are interested in quantum computing. So far, though, this has been a very ad hoc process. With the new certification program, developers can now formally demonstrate their skills and show that they are in a position to utilize quantum computing in their workflow.
Fylamynt, a new service that helps businesses automate their cloud workflows, today announced both the official launch of its platform as well as a $6.5 million seed round. The funding round was led by Google’s AI-focused Gradient Ventures fund. Mango Capital and Point72 Ventures also participated.
At first glance, the idea behind Fylamynt may sound familiar. Workflow automation has become a pretty competitive space, after all, and the service helps developers connect their various cloud tools to create repeatable workflows. We’re not talking about your standard IFTTT- or Zapier -like integrations between SaaS products, though. The focus of Fylamynt is squarely on building infrastructure workflows. And while that may sound familiar, too, with tools like Ansible and Terraform automating a lot of that already, Fylamynt sits on top of those and integrates with them.
Image Credits: Fylamynt
“Some time ago, we used to do Bash and scripting — and then […] came Chef and Puppet in 2006, 2007. SaltStack, as well. Then Terraform and Ansible,” Fylamynt co-founder and CEO Pradeep Padala told me. “They have all done an extremely good job of making it easier to simplify infrastructure operations so you don’t have to write low-level code. You can write a slightly higher-level language. We are not replacing that. What we are doing is connecting that code.”
So if you have a Terraform template, an Ansible playbook and maybe a Python script, you can now use Fylamynt to connect those. In the end, Fylamynt becomes the orchestration engine to run all of your infrastructure code — and then allows you to connect all of that to the likes of DataDog, Splunk, PagerDuty Slack and ServiceNow.
Image Credits: Fylamynt
The service currently connects to Terraform, Ansible, Datadog, Jira, Slack, Instance, CloudWatch, CloudFormation and your Kubernetes clusters. The company notes that some of the standard use cases for its service are automated remediation, governance and compliance, as well as cost and performance management.
The company is already working with a number of design partners, including Snowflake
Fylamynt CEO Padala has quite a bit of experience in the infrastructure space. He co-founded ContainerX, an early container-management platform, which later sold to Cisco. Before starting ContainerX, he was at VMWare and DOCOMO Labs. His co-founders, VP of Engineering Xiaoyun Zhu and CTO David Lee, also have deep expertise in building out cloud infrastructure and operating it.
“If you look at any company — any company building a product — let’s say a SaaS product, and they want to run their operations, infrastructure operations very efficiently,” Padala said. “But there are always challenges. You need a lot of people, it takes time. So what is the bottleneck? If you ask that question and dig deeper, you’ll find that there is one bottleneck for automation: that’s code. Someone has to write code to automate. Everything revolves around that.”
Fylamynt aims to take the effort out of that by allowing developers to either write Python and JSON to automate their workflows (think ‘infrastructure as code’ but for workflows) or to use Fylamynt’s visual no-code drag-and-drop tool. As Padala noted, this gives developers a lot of flexibility in how they want to use the service. If you never want to see the Fylamynt UI, you can go about your merry coding ways, but chances are the UI will allow you to get everything done as well.
One area the team is currently focusing on — and will use the new funding for — is building out its analytics capabilities that can help developers debug their workflows. The service already provides log and audit trails, but the plan is to expand its AI capabilities to also recommend the right workflows based on the alerts you are getting.
“The eventual goal is to help people automate any service and connect any code. That’s the holy grail. And AI is an enabler in that,” Padala said.
Gradient Ventures partner Muzzammil “MZ” Zaveri echoed this. “Fylamynt is at the intersection of applied AI and workflow automation,” he said. “We’re excited to support the Fylamynt team in this uniquely positioned product with a deep bench of integrations and a non-prescriptive builder approach. The vision of automating every part of a cloud workflow is just the beginning.”
The team, which now includes about 20 employees, plans to use the new round of funding, which closed in September, to focus on its R&D, build out its product and expand its go-to-market team. On the product side, that specifically means building more connectors.
The company offers both a free plan as well as enterprise pricing and its platform is now generally available.
“Hi, I’m Rivers from the band, Weezer,” Rivers Cuomo says with a slight smile and a wave. He turns away from the camera for a bit, before launching into his best infomercial pitch. “Imagine you’re on tour, and you’re sitting in your dressing room or your tour bus. You’re backstage. You have stage fright, you’re stressing out. You’re pacing back and forth. And then on top of that, your tour manager is constantly calling you, asking you logistical questions.”
As far as internet pitch videos go, it’s not the most universal. If anything, the three-minute clip loses any hope of populist appeal by the end. In a final shot, the singer in a maroon SpaceX hoodie is the last up the ramp onto a private jet. The plane door closes revealing a Weezer flying “W” logo.
“Download Drivetimes now, on GitHub,” Cuomo adds in voice-over. “This is CS50X.”
It’s not the most polished app pitch video, and Cuomo’s elevator pitch could probably do with a bit of refining before approaching venture capitalists about a seed round. As far as final projects for online programming courses go, however, it’s something to behold. The images alternate between pages of code, Google spreadsheets and POV shots as he takes the stage for a co-headlining tour with the Pixies.
It helped earn Cuomo a 95 in the class.
But while, in its current configuration, the Drivetime tour scheduling tool might have limited appeal, the musician’s final project from Harvard’s follow-up course, CS50W, is immediately apparent for an army of fans who have followed his quarter-century-plus career. This week Cuomo dropped more than 2,400 demos totaling more than 86 hours. Spanning 1976 to 2015, the songs range in quality from tape-recorded sketches to more polished fare. Some would eventually find their way onto Weezer’s 13 albums, or assorted side projects. Others wouldn’t be so lucky.
Available through Cuomo’s “Mr. Rivers’ Neighborhood” site, the tracks are gathered into nine bundles, each available for $9 a piece. “By the way,” Cuomo writers at the bottom of a disclaimer, “this market is my final project for a course I’m taking in web programming.”
For half-a-decade, the platinum-selling rock star has been moonlighting as a computer programming student.
“I was always a spreadsheet guy,” Cuomo tells TechCrunch. “Around 2000, I think I started in Microsoft Access and then Excel. Just keeping track of all my songs and demos and ideas. Spreadsheets got more and more complicated to the point where it was like, ‘Well, I’m kind of almost writing code here in these formulas, except it’s super hard to use. So maybe I should actually do programming instead.’ ”
It would be an odd side hustle for practically any other successful musician. For Cuomo, however, it’s the next logical step. In the wake of the massive success of Weezer’s self-titled debut, he enrolled as a sophomore at Harvard, spending a year living in a dorm. He would ultimately leave school to record the band’s much-loved follow-up, Pinkerton, but two more more enrollments in 1997 and 2004 found the musician ultimately graduating with an English BA in 2006.
CS50 found Cuomo returning to Harvard — at least in spirit. The course is hosted online by the university, a free introduction to computer science.
“I went through some online courses and was looking for something that looked appealing and so I saw the Harvard CS50 was very popular,” Cuomo says. “So I was like, ‘Well, I’ll give this a shot.’ It didn’t take immediately. The first week course was using Scratch. I don’t know if you know that, but it’s like kind of click and drag type of programming, and you’re making a little video game.”
A six-week course stretched out for six months for the musician. That same year, the musician — now a father of two — played dozens of shows and recorded Weezer’s 10th album, the Grammy-nominated White Album.
“When we hit Python halfway through the course,” Cuomo says, “I was just amazed at how powerful it was and intuitive it was for me, and I could just get so much done. Then by the end of the course, I was writing programs that were really helping me manage my day-to-day life as a traveling musician and then also managing my spreadsheets and managing my work as a creative artist.”
For Cuomo, productivity has never been much of an issue. The band has two albums completed beyond this year’s Black Album, and he’s already begun work on two more follow-ups. What has seemingly been a bigger issue, however, is organizing those thoughts. That’s where the spreadsheets and database come in.
The “thousands” of spreadsheets became a database, cataloging Cuomo’s own demos and work he was studying from other artists.
“For years it seemed like kind of a waste of time or an indulgence,” he says. “I should be writing a new song or, or recording a song rather than just cataloging these old ideas, but I’ve found that, years later, I’m able to very efficiently make use of these ancient ideas because I can just tell my Python program, ‘Hey, show me all the ideas I have at 126 BPM in the key of A flat that start with a third degree of the scale and the melody and are in Dorian mode and that my manager has given three stars or more to.’ ”
He admits that the process may be lacking in some of the rock and roll romanticism for which fans of the bands might hope. But in spite of drawing on pages of analytics, Cuomo insists there’s still magic present.
For Cuomo, productivity has never been much of an issue. Given his level of productivity, however, organizing all of those thoughts can get tricky. That’s where the spreadsheets and database come in.
“There’s still plenty of room for spontaneity and inspiration in what we traditionally think of as human creativity,” Cuomo explains. “One of my heroes in this realm is Igor Stravinsky. There’s a collection of his lectures called “The Poetics of Music.” And he had a note in that collection. He said he has no interest in a composer that’s only using one of his faculties, like a composer that says, ‘I am only going to write what pops into my head spontaneously when I’m in some kind of a creative zone. I won’t use any of my other tools.’
“He says, ‘No, I prefer to listen to the music of a composer who’s using every faculty at his disposal, his intuition, but also his intellect and his ability to analyze and categorize and make use of everything he has.’ I find that those ended up being the most wild and unpredictable and creative compositions.”
And there’s been no shortage of compositions. Cuomo says the band has two albums completed beyond this year’s Black Album, and he’s already begun work on two more follow-ups. After decades of feeling beholden to the 18-month major label album release cycle, the singer says that after the Demos project, he has a newfound interest in finding more ways to release music directly to fans.
“I don’t feel like I’m really good at understanding the big-picture marketplace and how to make the biggest impact in the world,” he says. “My manager is so good at that, but I just told them like, ‘Hey, this feels like something here. First of all, it’s really fun. The fans are really happy. It’s super easy for everyone involved.’ The coding part wasn’t easy, but for everyone else, it’s a couple of clicks and you’ve got all this music, and it’s a cheap price, and there’s no middleman. PayPal takes a little bit, but it’s nothing like a major label. So, this could be something. And there’s just something, it feels so good when it’s directly from me to the audience.”
For now, computer science continues to take up a major chunk of his time. Cuomo estimates that he’s been spending around 70% of his work hours on programming projects. On Wednesday nights, he helps out with programming for a meditation site (another decades-long passion), and he plans to take Harvard’s follow-up CS50M course, which centers around developing for mobile apps.
There are, however, no immediate plans to quit his day job.
“I can’t see me getting a job at a startup or something or maintaining somebody’s website,” he says. “But maybe the line between rock star and web developer is getting blurred so that musicians will be making more and more use of technological tools. Besides just the music software, we’ll be making more and more use of means of distribution and organization and creativity that’s coming out in the way we code our connection to the audience.”
Guido van Rossum, the creator of the Python programming language, today announced that he has unretired and joined Microsoft’s Developer Division.
Van Rossum, who was last employed by Dropbox, retired last October after six and a half years at the company. Clearly, that retirement wasn’t meant to last. At Microsoft, van Rossum says, he’ll work to “make using Python better for sure (and not just on Windows).”
A Microsoft spokesperson told us that the company also doesn’t have any additional details to share but confirmed that van Rossum has indeed joined Microsoft. “We’re excited to have him as part of the Developer Division. Microsoft is committed to contributing to and growing with the Python community, and Guido’s on-boarding is a reflection of that commitment,” the spokesperson said.
The Dutch programmer started working on what would become Python back in 1989. He continued to actively work on the language during his time at the U.S. National Institute of Standards and Technology in the mid-90s and at various companies afterward, including as Director of PythonLabs at BeOpen and Zope and at Elemental Security. Before going to Dropbox, he worked for Google from 2005 to 2012. There, he developed the internal code review tool Mondrian and worked on App Engine.
I decided that retirement was boring and have joined the Developer Division at Microsoft. To do what? Too many options to say! But it’ll make using Python better for sure (and not just on Windows :-). There’s lots of open source here. Watch this space.
Only a few years ago, van Rossum joining Microsoft would’ve been unthinkable, given the company’s infamous approach to open source. That has clearly changed now and today’s Microsoft is one of the most active corporate open-source contributors among its peers — and now the owner of GitHub . It’s not clear what exactly van Rossum will do at Microsoft, but he notes that there’s “too many options to say” and that “there’s lots of open source here.”
AI and data analytics company Databricks today announced the launch of SQL Analytics, a new service that makes it easier for data analysts to run their standard SQL queries directly on data lakes. And with that, enterprises can now easily connect their business intelligence tools like Tableau and Microsoft’s Power BI to these data repositories as well.
SQL Analytics will be available in public preview on November 18.
In many ways, SQL Analytics is the product Databricks has long been looking to build and that brings its concept of a ‘lake house’ to life. It combines the performance of a data warehouse, where you store data after it has already been transformed and cleaned, with a data lake, where you store all of your data in its raw form. The data in the data lake, a concept that Databrick’s co-founder and CEO Ali Ghodsi has long championed, is typically only transformed when it gets used. That makes data lakes cheaper, but also a bit harder to handle for users.
Image Credits: Databricks
“We’ve been saying Unified Data Analytics, which means unify the data with the analytics. So data processing and analytics, those two should be merged. But no one picked that up,” Ghodsi told me. But ‘lake house’ caught on as a term.
“Databricks has always offered data science, machine learning. We’ve talked about that for years. And with Spark, we provide the data processing capability. You can do [extract, transform, load]. That has always been possible. SQL Analytics enables you to now do the data warehousing workloads directly, and concretely, the business intelligence and reporting workloads, directly on the data lake.”
The general idea here is that with just one copy of the data, you can enable both traditional data analyst use cases (think BI) and the data science workloads (think AI) Databricks was already known for. Ideally, that makes both use cases cheaper and simpler.
The service sits on top of an optimized version of Databricks’ open-source Delta Lake storage layer to enable the service to quickly complete queries. In addition, Delta Lake also provides auto-scaling endpoints to keep the query latency consistent, even under high loads.
While data analysts can query these data sets directly, using standard SQL, the company also built a set of connectors to BI tools. Its BI partners include Tableau, Qlik, Looker and Thoughtspot, as well as ingest partners like Fivetran, Fishtown Analytics, Talend and Matillion.
Image Credits: Databricks
“Now more than ever, organizations need a data strategy that enables speed and agility to be adaptable,” said Francois Ajenstat, Chief Product Officer at Tableau. “As organizations are rapidly moving their data to the cloud, we’re seeing growing interest in doing analytics on the data lake. The introduction of SQL Analytics delivers an entirely new experience for customers to tap into insights from massive volumes of data with the performance, reliability and scale they need.”
In a demo, Ghodsi showed me what the new SQL Analytics workspace looks like. It’s essentially a stripped-down version of the standard code-heavy experience that Databricks users are familiar with. Unsurprisingly, SQL Analytics provides a more graphical experience that focuses more on visualizations and not Python code.
While there are already some data analysts on the Databricks platform, this obviously opens up a large new market for the company — something that would surely bolster its plans for an IPO next year.
The new languages are Java, Kotlin, Scala, C/C++, Objective C, C#, Go, Typescript, HTML/CSS and Less. Kite works in most popular development environments, including the likes of VS Code, JupyterLab, Vim, Sublime and Atom, as well as all Jetbrains IntelliJ-based IDEs, including Android Studio.
This will make Kite a far more attractive solution for a lot of developers. Currently, the company says, it saves its most active developers from writing about 175 “words” of code every day. One thing that always made Kite stand out is that it ranks its suggestions by relevance — not alphabetically as some of its non-AI driven competitors do. To build its models, Kite fed its algorithms code from GitHub .
The service is available as a free download for Windows users and as a server-powered paid enterprise version with a larger deep learning model that consequently offers more AI smarts, as well as the ability to create custom models. The paid version also includes support for multi-line code completion, while the free version only supports line-of-code completions.
Kite notes that in addition to adding new languages, Kite also spent the last year focusing on the user experience, which should now be less distracting and, of course, offer more relevant completions.
Dataloop, a Tel Aviv-based startup that specializes in helping businesses manage the entire data lifecycle for their AI projects, including helping them annotate their datasets, today announced that it has now raised a total of $16 million. This includes a $5 seed round that was previously unreported, as well as an $11 million Series A round that recently closed.
“Many organizations continue to struggle with moving their AI and ML projects into production as a result of data labeling limitations and a lack of real time validation that can only be achieved with human input into the system,” said Dataloop CEO Eran Shlomo. “With this investment, we are committed, along with our partners, to overcoming these roadblocks and providing next generation data management tools that will transform the AI industry and meet the rising demand for innovation in global markets.”
Image Credits: Dataloop
For the most part, Dataloop specializes in helping businesses manage and annotate their visual data. It’s agnostic to the vertical its customers are in, but we’re talking about anything from robotics and drones to retail and autonomous driving.
The platform itself centers around the ‘humans in the loop’ model that complements the automated systems with the ability for humans to train and correct the model as needed. It combines the hosted annotation platform with a Python SDK and REST API for developers, as well as a serverless Functions-as-a-Service environment that runs on top of a Kubernetes cluster for automating dataflows.
Image Credits: Dataloop
The company was founded in 2017. It’ll use the new funding to grow its presence in the U.S. and European markets, something that’s pretty standard for Israeli startups, and build out its engineering team as well.
Diffblue, a spin-out from Oxford University, uses machine learning to help developers automatically create unit tests for their Java code. Since few developers enjoy writing unit tests to ensure that their code works as expected, increased automation doesn’t just help developers focus on writing the code that actually makes a difference but also lead to code with fewer bugs. Current Diffblue customers include the likes of Goldman Sachs and AWS.
So far, Diffblue only offered its service through a paid — and pricey — subscription. Today, however, the company also launched its free community edition, Diffblue Cover: Community Edition, which doesn’t feature all of the enterprise features in its paid versions, but still offers an IntelliJ plugin and the same AI-generated unit tests as the paid editions.
The company also plans to launch a new lower cost ‘individual’ plan for Diffblue Cover soon, starting at $120 per month. This plan will offer access to support and other advanced features as well.
At its core, Diffblue uses unsupervised learning to build these unit tests. “What we’re doing is unique in the sense that there have been tools before that use what’s called static analysis,” Diffblue CEO Mathew Loge, who joined the company about a year ago, explained. “They look at the program and they basically understand the path through the program and try and work backwards from the path. So if the path gets to this point, what inputs do we need to put into the program in order to get here?” That approach has its limitations, though, which Diffblue’s reinforcement learning method aims to get around.
Once the process has run its course, Diffblue provides developers with readable tests. That’s important, Loge stressed, because if a test fails and a developer can’t figure out what happened, it’s virtually impossible for the developer to fix the issue. That’s something the team learning the hard way, as early version so Diffblue used a very aggressive algorithm that provided great test coverage (the key metric for unit tests), but made it very hard for developers to figure out what was happening.
With the community edition, which doesn’t offer the command-line interface (CLI) of Diffblue’s paid editions, developers can write their code in IntelliJ as before and then simply click a button to have Diffblue write the tests for that code.
“The Community Edition is designed to be very accessible. It is literally one click in the IDE and you get your tests. The CLI version is more sophisticated and it covers more cases and solves for teams and large deployments inside of an organization,” Loge explained.
Diffblue has actually been around for a bit. The company raised a $22 million Series A round led by Goldman Sachs and with participation from Oxford Sciences Innovation and the Oxford Technology and Innovations Fund in 2017. You obviously don’t raise that kind of money to focus only on unit tests for Java code. Besides support for more language, unit tests are just the first step in the company’s overall goal of automating more of the programming process with the help of AI.
“We started with testing because it’s an important and urgent problem, especially with the impact that it has on DevOps and the adoption of more rapid software cycles,” Loge said. The next obvious step is to then take a similar approach to automatically fixing bugs — and especially security bugs — in code as well.
“The idea is that there are these steppingstones to machines writing more and more code,” he said. “And also, frankly, it’s a way of getting developers used to that. Because developer acceptance is a crucial part of making this successful.”
Cloudflare today announced the private beta launch of Workers Unbound, the latest step in its efforts to offer a serverless platform that can compete with the likes of AWS Lambda.
The company first launched its Workers edge computing platform in late 2017. Today it has “hundreds of thousands of developers” who use it and in the last quarter alone, more than 20,000 developers built applications based on the service, according to the company. Cloudflare also uses Workers to power many of its own services, but the first iteration of the platform had quite a few limitations. The idea behind Workers Unbound is to do away with most of those and turn it into a platform that can compete with the likes of AWS, Microsoft and Google.
“The original motivation for us building Cloudflare Workers was not to sell it as a product but because we were using it as our own internal platform to build applications,” Cloudflare co-founder and CEO Matthew Prince told me ahead of today’s announcement. “Today, Cloudflare Teams, which is our fastest-growing product line, is all running on top of Cloudflare workers and it’s allowed us to innovate as fast as we have and stay nimble and stay agile and all those things that get harder as you as you become a larger and larger company.”
Prince noted that Cloudflare aims to expose all of the services it builds for its internal consumption to third-party developers as well. “The fact that we’ve been able to roll out a whole Zscaler competitor in almost no time is because of the fact that we had this platform and we could build on it ourselves,” he said.
The original Workers service will continue to operate (but under the Workers Bundled moniker) and essentially become Cloudflare’s serverless platform for basic workloads that only run for a very short time. Workers Unbound — as the name implies — is meant for more complex and longer-running processes.
When it first launched Workers, the company said that its killer feature was speed. Today, Prince argues that speed obviously remains an important feature — and Cloudflare Workers Unbound promises that it essentially does away with cold start latencies. But developers also adopted the platform because of its ability to scale and its price.
Indeed, Workers Unbound, Cloudflare argues, is now significantly more affordable than similar offerings. “For the same workload, Cloudflare Workers Unbound can be 75 percent less expensive than AWS Lambda, 24 percent less expensive than Microsoft Azure Functions, and 52 percent less expensive than Google Cloud Functions,” the company says in today’s press release.
As it turned out, the fact that Workers was also an edge computing platform was basically a bonus but not necessarily why developers adopted it.
Another feature Prince highlighted is regulatory compliance. “I think the thing we’re realizing as we talk to our largest enterprise customers is that for real companies — not just the individual developer hacking away at home — but for real businesses in financial services or anyone who has to deal with a regulated industry, the only thing that trumps ease of use is regulatory compliance, which is not sexy or interesting or anything else but like if your GC says you can’t use XYZ platform, then you don’t use XYZ platform and that’s the end of the story,” Prince noted.
Speed, though, is of course something developers will always care about. Prince stressed that the team was quite happy with the 5ms cold start times of the original Workers platform. “But we wanted to be better,” he said. “We wanted to be the clearly fastest serverless platform forever — and the only number that we know no one else can beat is zero — unless they invent a time machine.”
The way the team engineered this is by queuing up the process while the two servers are still negotiating their TLS handshake. “We’re excited to be the first cloud computing platform that [offers], for no additional costs, out of the box, zero millisecond cold start times which then also means less variability in the performance.”
Cloudflare also argues that developers can update their code and have it go live globally within 15 seconds.
Another area the team worked on was making it easier to use the service in general. Among the key new features here is support for languages like Python and a new SDK that will allow developers to add support for their favorite languages, too.
Prince credits Cloudflare’s ability to roll out this platform, which is obviously heavy on compute resources — and to keep it affordable — to the fact that it always thought of itself as a security platform first (the team has often said that the CDN functionality was more or less incidental). Because it performed deep packet inspection, for example, the company’s servers always featured relatively high-powered CPUs. “Our network has been optimized for CPU usage from the beginning and as a result, it’s actually made it much more natural for us to extend our network that way,” he explained. “To this day, the same machines that are running our firewall products are the same machines that are running our edge computing platform.”
Looking ahead, Prince noted that while Workers and Workers Unbound feature a distributed key-value store, the team is looking at adding a more robust database infrastructure and distributed storage.
The team is also looking at how to decompose applications to put them closest to where they will be running. “You could imagine that in the future, it might be that you write an application and we say, ‘listen, the parts of the application that are sensitive to the user of the database might run in Portland, where you are — but if the database is in Ashburn, Virginia, then the parts that are sensitive to latency in the database might run there,” he said.
Matt Martin is CEO and co-founder of Clockwise, a San Francisco-based software company.
Software engineering is generally an employee’s market.
In 2019, demand for frontend and backend engineers grew 17%, according to Hired’s 2020 State of Software Engineers Report. In 2018 there were 23 million software developers and by the end of 2019 that number had grown to 26.4 million. 67% of IT managers said they planned to expand their teams in 2020.
But as COVID-19 spurs layoffs, furloughs and hiring freezes, hopes of a V-shaped recovery are vanishing. Where companies once fought each other for talent, software engineers are likely to find themselves out of work — many for the first time. To help you prepare for what’s next, I’ve talked with software developers who’ve been through previous recessions to get their advice on what moves to make now to put yourself in the best position possible in a recession. Let’s start with your network.
Cultivate your professional network
Workers with large, powerful professional networks get hired faster, earn more money and enjoy more professional success than their less-connected peers, according to Harvard Business Review. One survey showed referrals brought in 78% of recruiters’ best candidates. Another survey showed 70% of new hires had a personal connection at their company and 80% of professionals considered networking important to career success.
In a recession, you’ll be competing with far more software developers for each role. So it will be vitally important to set your resume apart with a personal recommendation. Companies often don’t even publicly post their best jobs. “The only reliable way to find a job is through your network,” said Grant Gould, Senior Software Engineer, Toyota Research Institute .
During this pandemic, many organizations are offering free or drastically cheaper courses to help people skill-up for when we eventually get out of lock-down. There are numerous outlets if you want to learn to code from, for instance, Freecodecamp or the ‘Free Fridays‘ scheme form General Assembly. And for gamers, Gamedev.tv has taken 80% off its courses where you can learn to code by building video games.
However most online coding courses, either free or paid, essentially suggest you download a project or copy-paste code from their snippets going through their courses. They tend not to include Integrated Development Environments, which are more helpful in the learning process.
But JetBrains, a startup that makes development tools for developers actually developed its own Educational IDEs, realised they could take a fresh approach to online learning, especially during this pandemic.
Their own IDE means that, while some of the learning happens in the browser, a large part is be available in the IDE on a person’s computer. That means a student learn coding through practicing tasks and integrated tests – directly in the professional environment of the IDE and get instant feedback.
This new product, JetBrains Academy, was due to be launched out of beta just prior to the outbreak of the COVID-19, and it would have been a paid-for product. But now JetBrains has decided to make the entire platform free during the pandemic, allowing people stuck at home or who were laid off or furloughed to learn new skills.
Students can learn Java, Python or Kotlin (the preferred language for Android development by Google) through 60+ projects which they would be building themselves and then get instant feedback because of the IDE. They are provided with the full curriculum that consists of single-concept topics that can be completed in about 15 minutes and try out more than 5,700 interactive challenges.
In addition, students, teachers, schools and courses can apply for educational licenses for full-on JetBrains IDEs and team tools and use them for free.
As the company also today announced, it now has over 10,000 users and more than 100 paying customers. With that, it’s seeing a 10x increase in its year-over-year annual run rate, though without knowing the exact numbers, it’s obviously hard to know what exactly to make of that number. Current customers include the likes of Cockroach Labs, Mercedes-Benz and Tableau .
When the company first launched, its messaging was very much around containers and serverless. But as Pulumi founder and CEO Joe Duffy told me, today the company is often directly engaging with infrastructure teams that are building the platforms for the engineers in their respective companies.
As for Pulumi 2.0, Duffy says that “this is really taking the original Pulumi vision of infrastructure as code — using your favorite language — and augmenting it with what we’re calling superpowers.” That includes expanding the product’s overall capabilities from infrastructure provisioning to the adjacent problem spaces. That includes continuous delivery, but also policy-as-code. This extends the original Pulumi vision beyond just infrastructure but now also lets developers encapsulate their various infrastructure policies as code, as well.
Another area is testing. Because Pulumi allows developers to use “real” programming languages, they can also use the same testing techniques they are used to from the application development world to test the code they use to build their underlying infrastructure and catch mistakes before they go into production. And with all of that, developers can also use all of the usual tools they use to write code for defining the infrastructure that this code will then run on.
“The underlying philosophy is taking our heritage of using the best of what we know and love about programming languages — and really applying that to the entire spectrum of challenges people face when it comes to cloud infrastructure, from development to infrastructure teams to security engineers, really helping the entire organization be more productive working together,” said Duffy. “I think that’s the key: moving from infrastructure provisioning to something that works for the whole organization.”
Duffy also highlighted that many of the company’s larger enterprise users are relying on Pulumi to encode their own internal architectures as code and then roll them out across the company.
“We still embrace what makes each of the clouds special. AWS, Azure, Google Cloud and Kubernetes,” Duffy said. “We’re not trying to be a PaaS that abstracts over all. We’re just helping to be the consistent workflow across the entire team to help people adopt the modern approaches.”