What's New in October 2024: Apple TestFlight, Pangea, and More

Any update can be the start of something big, so we've pulled together October's most exciting releases to keep you in the loop and help you find something useful.

Today we'll examine critical new features, including Apple's TestFlight update, the arrival of PANGEA's multilingual model, improvements to PyTorch 2.5 with Intel GPU support, and Tinygo's powerful compiler for low-power systems.

In last month's news, we saw a new patch for the Linux kernel with CRC32C algorithm optimization, and some concerning reports of unencrypted AWS and Azure keys in popular apps.

Apple TestFlight Update

Apple's TestFlight, a beta testing platform for apps, games, and App Clips, has received essential enhancements to facilitate developers' interactions with testers. The new features give developers more control over testing and help them connect with the right audience.

The new invitations include a description of the beta, which you can use to showcase the app's special features and get people's attention. Testers can also leave feedback if they want to opt out, and this input is used to improve the product even more.

Most interestingly, the new version lets developers set criteria like device and OS version to attract appropriate testers and gather relevant feedback.

Invitation statistics are also available, allowing developers to analyze the effectiveness of leads, see how many testers didn't meet the criteria, and track how many people viewed the app description and installed the beta.

PANGEA, MLLM for 39 languages

PANGEA is a robust 7.94 billion-parameter language model that overcomes cultural and linguistic barriers. It’s powered by state-of-the-art architectures and trained on a unique multilingual dataset with 6 million sentences in 39 languages.

The model is designed to overcome cultural and linguistic barriers in visual comprehension tasks, such as multimodal chat, image annotation, cultural awareness, multilingual image question and answer (VQA) processing, and reasoning about diverse topics.

PANGEA has already shown impressive results in the PANGEABENCH tests, covering 14 datasets in 47 languages. We believe this is an excellent find for artificial intelligence researchers!

The PANGEA repository on GitHub contains detailed instructions and scripts for installation, tuning, training evaluation, and examples of data partitioning for tuning.

PyTorch 2.5 with Extended Intel GPU Support

We decided not to stray too far from the topic of machine learning, so we’ll tell you about the update of the open-source machine learning library PyTorch to version 2.5.0.

One of the main innovations in PyTorch 2.5.0 is the introduction of the SDPA (Self-Defined Precision Arithmetic) CuDNN backend. This backend lets users tweak the precision of neural network computations, making training and task execution more flexible and efficient. SDPA CuDNN helps developers get better performance and cut down on memory usage, especially when they're working with mixed-precision models.

Another great new feature in PyTorch 2.5.0 is Flex Attention. This new attention mechanism helps Transformer-based models work faster and use less memory. Flex Attention automatically adjusts the attention calculation based on the length of the input sequence, reducing computational and memory overhead. This feature is great for training and deploying large transformer-based models in natural language processing and computer vision tasks.

PyTorch 2.5.0 also includes the following enhancements:

• Recurrent Neural Networks (RNNs) now run faster, speeding up language modeling and speech recognition tasks.
• The TorchInductor tool has been developed to accelerate deep learning models by compiling them into efficient C++ code. This makes deploying PyTorch models in production easier, and it accelerates execution on multiple hardware platforms.
• Improved compatibility with other frameworks and tools, such as TensorFlow and sci-kit-learn, makes integrating different libraries into projects easier.

PyTorch 2.5.0 can be downloaded from the official PyTorch website. It supports Windows, Linux, and MacOS platforms, and is compatible with Python versions 3.7, 3.8, 3.9, and 3.10.

Tinygo - Go Compiler for Low-Power Systems

There is more good news for developers and enthusiasts looking for a Go language compiler for resource-constrained systems. Tinygo, an open-source Go language compiler for low-power systems, has released a new version, 0.34. This allows you to create compact executables and has low resource consumption, making it ideal for microcontrollers and embedded devices.

Critical features of Tinygo 0.34 include:

• Support for MIPS architecture with big-endian byte ordering
• Added support for RAKwireless RAK4631 and WaveShare ESP-C3-32S-Kit boards
• Directive “//go:wasmexport” exports WebAssembly functions
• Optimization of garbage collector performance
• New command line options “-C DIR” and “-ldflags=‘-extldflags=...’

Tinygo supports over a hundred microcontroller models (including various Adafruit, Arduino, BBC micro, ESP32, M5Stack, ST Micro, Digispark, Raspberry Pi Pico, Nordic Semiconductor, SiFive HiFive1, STM32, Makerdiary, and Phytec boards), so you're sure to find the right one for your project. And if you need to interact with sensors or other external devices, there are particular drivers for those as well.

Tinygo preserves the original Go memory management model using a garbage collector and, instead of compiling it into a C representation, uses LLVM to generate efficient machine code.

Tinygo is the ideal choice for programs requiring existing generic Go code and most standard packages. Its WebAssembly generation capabilities allow users to create standalone WebAssembly applications using the WASI (WebAssembly System Interface).

If you want to hone your technical programming skills in an isolated environment, a virtual private server (VPS) is the solution. VPSs are great for experimentation and testing, as well as for full-scale development deployment.

Patch for Linux Kernel with CRC32C Optimization

Change one algorithm, and the whole Linux system can run faster—this was the goal of the Anthropic development team when optimizing the CRC32C function. Note that the source code of the CRC32C implementation has been reduced by about 10 (from 4546 to 418 bytes).

The CRC32C algorithm detects errors in data transmission and storage, so its optimization aimed to reduce the size of the binary code and improve performance, especially in retpoline-enabled systems. In October, the development team released a patch for the Linux kernel.

The patch includes changes to the crc32c-pcl-intel-asm_64.S assembler file that replaces transition tables with loops, which reduces code size. In addition, loop unwrapping is reduced to four times instead of 127 times to reduce the overhead of loop accounting instructions.

Performance results show significant throughput improvements for different CPU microstructures and input data lengths. For example, on Intel Haswell with retpoline enabled, improvements range from 35% to 66.8%, depending on input data length. The patch also shows performance improvements on Intel Emerald Rapids and AMD Zen 2 processors. This is excellent news for those running Linux-based servers.

Unencrypted AWS and Azure Keys Found in the Code of Popular Apps

As we wrap up this digest, we've decided to refocus our attention on an equally important topic: security. A recent Symantec analysis uncovered a disturbing trend: several popular apps have hardcoded and insecure cloud credentials that could put sensitive user data and back-end services at risk.

• Pic Stitch, a popular collage-making app with over 5 million downloads in the Google Play Store, contained encrypted AWS credentials, including Amazon S3 bucket names, read/write access keys, and secret keys.
• Several iOS apps, including Crumbl, Eureka: Earn Money for Surveys, and Videoshop - Video Editor, also contained unencrypted AWS credentials in their codebases.
• Meru Cabs, which has over 5 million downloads on the Google Play Store, encrypted Azure credentials in its UploadLogs service, exposing the account key's connection string.
• Sulekha Business and ReSound Tinnitus Relief also embedded encrypted Azure Blob Storage credentials, exposing user data and backend resources.

Unfortunately, the list doesn't end there. This demonstrates the severe security risks of mobile apps' hardcoded and unencrypted cloud service credentials. This practice exposes critical infrastructure to potential attacks, putting user data and internal services at risk. Keep your projects secure!

Have a great month, and see you for the next is*hosting digest!