Four decades later, Suzumo Machinery Co.’s robots are used by about 70,000 customers around the world, ranging from sushi chains to factories, and account for about 70 percent of the market for the equipment at restaurants, according to Suzumo’s estimates. Kaiten sushi, also known as conveyor-belt sushi, has become a $6 billion industry in Japan alone, partly thanks to Suzuki’s invention.

Over time, the software industry has come up with several ways to deliver code faster, safer, and with better quality. Many of these efforts center on ideas such as continuous integration, continuous delivery, agile development, DevOps, and test-driven development. All these methodologies have one common goal: to enable developers to get their code out quickly and correctly to the people who use it, in safe, small, incremental steps.

The development and deployment processes at Facebook have grown organically to encompass many parts of these rapid iteration techniques without rigidly adhering to any one in particular. This flexible, pragmatic approach has allowed us to release our web and mobile products successfully on rapid schedules.

For many years, we pushed the Facebook front end three times a day using a simple master and release branch strategy. Engineers would request cherry-picks — changes to the code that had passed a series of automated tests — to pull from the master branch into one of the daily pushes from the release branch. In general, we saw between 500 and 700 cherry-picks per day. Once a week, we’d cut a new release branch that picked up any changes that were not cherry-picked during the week.

This system scaled well, starting with a handful of engineers in 2007 to thousands today. The good news is that as we added more engineers, we got more done — the rate of code delivery scaled with the size of the team. But it took a certain amount of human effort in the form of release engineers, in addition to the tools and automated systems in place, to drive the daily and weekly pushes out the door. We understood that batching up larger and larger chunks of code for delivery would not continue to scale as the team kept growing.

By 2016, we saw that the branch/cherry-pick model was reaching its limit. We were ingesting more than 1,000 diffs a day to the master branch, and the weekly push was sometimes as many as 10,000 diffs. The amount of manual effort needed to coordinate and deliver such a large release every week was not sustainable.

We decided to move facebook.com to a quasi-continuous “push from master” system in April 2016. Over the next year, we gradually rolled it out, first to 50 percent of employees, then from 0.1 percent to 1 percent to 10 percent of production web traffic. Each of these progressions allowed us to test the ability of our tools and processes to handle the increased push frequency and get real-world signal. Our main goal was to make sure that the new system made people’s experience better — or at the very least, didn’t make it worse. After almost exactly a year of planning and development, over the course of three days in April 2017 we enabled 100 percent of our production web servers to run code deployed directly from master.

Continuous delivery at scale

While a true continuous push system would deliver every individual change to production soon after it landed, the code velocity at Facebook required us to develop a system that pushes tens to hundreds of diffs every few hours. The changes that get made in this quasi-continuous delivery mode are generally small and incremental, and very few will have a visible effect on the actual user experience. Each release is rolled out to 100 percent of production in a tiered fashion over a few hours, so we can stop the push if we find any problems.

First, diffs that have passed a series of automated internal tests and land in master are pushed out to Facebook employees. In this stage, we get push-blocking alerts if we’ve introduced a regression, and an emergency stop button lets us keep the release from going any further. If everything is OK, we push the changes to 2 percent of production, where again we collect signal and monitor alerts, especially for edge cases that our testing or employee dogfooding may not have picked up. Finally, we roll out to 100 percent of production, where our Flytrap tool aggregates user reports and alerts us to any anomalies.

Many of the changes are initially kept behind our Gatekeeper system, which allows us to roll out mobile and web code releases independently from new features, helping to lower the risk of any particular update causing a problem. If we do find a problem, we can simply switch the gatekeeper off rather than revert back to a previous version or fix forward.

This quasi-continuous release cycle comes with several advantages:

It eliminates the need for hotfixes. In the three-push-a-day system, if a critical change had to get out and it wasn’t during one of the scheduled push times, someone had to call for a hotfix. These out-of-band pushes were disruptive because they usually needed some human action and could bump into the next scheduled push. With the new system, the vast majority of things that would have required a hotfix can simply be committed to master and pushed in the next release.

It allows better support for a global engineering team. We tried to schedule the three daily pushes to accommodate our engineering offices around the world, but even with that effort the weekly push required all engineers to pay attention at a specific date and time that was not always convenient in their time zone. The new quasi-continuous system means all engineers everywhere in the world can develop and deliver their code when it makes sense for them.

It provides a forcing function to develop the next generation of tools, automation, and processes necessary to allow the company to scale. When we take on projects like this, it works as a pressure test across many teams and systems. We made improvements to our push tools, our diff review tools, our testing infrastructure, our capacity management system, our traffic routing systems, and many other areas. These teams all came together because they wanted to see the main project of a faster push cycle succeed. The improvements we made will help ensure the company is ready for future growth.

It makes the user experience better, faster. When it takes days or weeks to see how code will behave, engineers may have already moved on to something new. With continuous delivery, engineers don’t have to wait a week or longer to get feedback about a change they made. They can learn more quickly what doesn’t work, and deliver small enhancements as soon as they are ready instead of waiting for the next big release. From an infrastructure perspective, this new system puts us in a much better position to react to rare events that might impact people. Ultimately, this brings engineers closer to users and improves both product development and product reliability.

Bringing continuous delivery to mobile

Evolving to a quasi-continuous system on the web was possible in part because we own the entire stack and could build or improve the tools we needed to make it a reality. Shipping on mobile platforms presents more of a challenge, as many of the current development and deployment tools available for mobile make rapid iteration difficult.

Facebook has worked to make this better by building and open-sourcing a wide set of tools that focus specifically on rapid mobile development, including Nuclide, Buck, Phabricator, a variety of iOS libraries, React Native, and Infer. Together, this build and test stack gives us the ability to produce quality code that’s ready for rapid deployment to mobile platforms.

Our continuous integration stack is broken down into three layers: builds, static analysis, and testing.

Whenever code is committed from a developer branch into our mobile master branches, it first is built across all products the code could affect. For mobile, this means building Facebook, Messenger, Pages Manager, Instagram, and other apps on every commit. We also build several flavors of each product to ensure we’ve covered all the chip architectures and simulators those products support.

While the builds are going, we run linters and our static analysis tool, Infer. These will help catch null pointer exceptions, resource and memory leaks, unused variables, and risky system calls, and will flag Facebook coding guideline issues.

The third concurrent system, mobile automated testing, includes thousands of unit tests, integration tests, and end-to-end tests driven by tools like Robolectric, XCTest, JUnit, and WebDriver.

This build and test stack not only runs on every commit, but also runs multiple times during the life cycle of any code change. On Android alone, we do between 50,000 and 60,000 builds a day.

By applying traditional continuous delivery techniques to our mobile stack, we've gone from four-week releases to two-week releases to one-week releases. Today we use the same kind of branch/cherry-pick model on mobile that we previously used on web. Although we push to production only once a week, it's still important to test the code early in real-world settings so that engineers can get quick feedback. We make mobile release candidates available every day for canary users, including 1 million or so Android beta testers.

At the same time we've increased our release frequency, our mobile engineering teams have grown by a factor of 15, and our code delivery velocity has increased considerably. Despite this, our data from 2012 to 2016 shows that engineer productivity remained constant for both Android and iOS, whether measured by lines of code pushed or the number of pushes. Similarly, the number of critical issues arising from mobile releases is almost constant regardless of the number of deployments, indicating that our code quality does not suffer as we continue to scale.

With so many advances in available tools and methodologies, it's an exciting time to be working in the area of release engineering. I'm very proud of the teams at Facebook that have worked together to give us what I think is one of the most advanced web and mobile deployment systems at this scale. Part of what made this all possible is having a strong, central release engineering team that's a first-class citizen in the infrastructure engineering space. The release team at Facebook will continue to drive initiatives that improve the release process for developers and customers, and we'll continue to share our experiences, tools, and best practices.

Flow of Information
Beyond computational performance and higher accuracy, another intriguing aspect of the Transformer is that we can visualize what other parts of a sentence the network attends to when processing or translating a given word, thus gaining insights into how information travels through the network.

To illustrate this, we chose an example involving a phenomenon that is notoriously challenging for machine translation systems: coreference resolution. Consider the following sentences and their French translations:

The encoder self-attention distribution for the word “it” from the 5th to the 6th layer of a Transformer trained on English to French translation (one of eight attention heads).

Next Steps
We are very excited about the future potential of the Transformer and have already started applying it to other problems involving not only natural language but also very different inputs and outputs, such as images and video. Our ongoing experiments are accelerated immensely by the Tensor2Tensor library, which we recently open sourced. In fact, after downloading the library you can train your own Transformer networks for translation and parsing by invoking just a few commands. We hope you’ll give it a try, and look forward to seeing what the community can do with the Transformer.

Acknowledgements
This research was conducted by Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez and Łukasz Kaiser. Additional thanks go to David Chenell for creating the animation above.

(Submitted on 30 Aug 2017)

Abstract: LangPro is an automated theorem prover for natural language (this https URL). Given a set of premises and a hypothesis, it is able to prove semantic relations between them. The prover is based on a version of analytic tableau method specially designed for natural logic. The proof procedure operates on logical forms that preserve linguistic expressions to a large extent. %This property makes the logical forms easily obtainable from syntactic trees. %, in particular, Combinatory Categorial Grammar derivation trees. The nature of proofs is deductive and transparent. On the FraCaS and SICK textual entailment datasets, the prover achieves high results comparable to state-of-the-art.

Tanzania has become the latest country to partner with Zipline as it has launched the world’s largest drone delivery service. The service will provide emergency on-demand access to critical and life-saving medicines.

This comes after Rwanda kicked-off its medical supplies delivery service by Zipline drones in October 2016. Subsequently, in January 2017, Tanzania announced that it will be partnering with Zipline to trial drone medicine deliveries.

"Every life is precious. The government of Tanzania through the Ministry of Health, Community Development, Gender, Elderly and Children has made great achievements in improving health services including the availability of medicines in all Public Health Facilities,” said Dr. Mpoki Ulisubisya, Permanent Secretary of the Tanzania Ministry of Health.

The Tanzanian government is expected to begin using drones to make up to 2,000 life-saving deliveries per day to over one thousand health facilities, serving 10 million people across the country.

"Our vision is to have a healthy society with improved social well being that will contribute effectively to personal and national development; working with Zipline will help make that vision a reality,” added Dr. Ulisubisya.

Since the October 2016 launch in Rwanda, Zipline reports that it has already flown more than 100,000 km in the East Afrikan country, delivering 2,600 units of blood over 1,400 flights.

“We strive to ensure that all 5,640 public health facilities have all the essential medicines, medical supplies and laboratory reagents they need, wherever they are—even in the most the hard to reach areas,” said Laurean Bwanakunu, Director General of Tanzania's Medical Stores Department.

“But that mission can be a challenge during emergencies, times of unexpected demand, bad weather, or for small but critical orders. Using drones for just-in-time deliveries will allow us to provide health facilities with complete access to vital medical products no matter the circumstance,” concluded Bwanakunu.

Companies like Cedato and http://Adap.tv (now OneByAOL?) are the scum of the Internet. Ads like these make me so mad. Just look at this shit.

A static ad loads. Then behind the scenes thousands of requests continue to execute, absolutely destroying browser performance. And the worst part is nothing is even happening on the screen - the ad that is showing is completely static.

Currently reproducible here:
1. Open Chrome Dev Tools on desktop.
2. Load up http://api-us-east-1.adsnative.com/v1/creative.html?crid=rtb%3A45%3Anone&sid=0be93fcee93f4debb1b4d92a1f5eb39f_22eb05f1
3. Disable your ad blocker on that page and reload.
4. Observe the sad state of today's advertising hasn't changed in years since I first brought it up here https://plus.google.com/+ArtemRussakovskii/posts/7jMWV7oCQpn and here https://plus.google.com/+ArtemRussakovskii/posts/VgrLdYcoifr.

Advertising companies that do this - you are the reason people use ad blockers. Greedy and incompetent.

Edit: Oh good, my post is at the top of HackerNews​​ https://news.ycombinator.com/item?id=15145226. I hope those who can fix this mess notice.

The consensus is there's ad fraud going on here. I see this kind of thing so frequently, it's just sad that the ad networks allow it to continue happening, year after year.

This post was initially published on Off the Convex Path. It is reposted here with authors’ permission.

A core, emerging problem in nonconvex optimization involves the escape of saddle points. While recent research has shown that gradient descent (GD) generically escapes saddle points asymptotically (see Rong Ge’s and Ben Recht’s blog posts), the critical open problem is one of efficiency— is GD able to move past saddle points quickly, or can it be slowed down significantly? How does the rate of escape scale with the ambient dimensionality? In this post, we describe our recent work with Rong Ge, Praneeth Netrapalli and Sham Kakade, that provides the first provable positive answer to the efficiency question, showing that, rather surprisingly, GD augmented with suitable perturbations escapes saddle points efficiently; indeed, in terms of rate and dimension dependence it is almost as if the saddle points aren’t there!

Perturbing Gradient Descent

We are in the realm of classical gradient descent (GD) — given a function $f:\mathbb{R}^d \to \mathbb{R}$ we aim to minimize the function by moving in the direction of the negative gradient:

where $x_t$ are the iterates and $\eta$ is the step size. GD is well understood theorietically in the case of convex optimization, but the general case of nonconvex optimization has been far less studied. We know that GD converges quickly to the neighborhood of stationary points (points where $\nabla f(x) = 0$) in the nonconvex setting, but these stationary points may be local minima or, unhelpfully, local maxima or saddle points.

Clearly GD will never move away from a stationary point if started there (even a local maximum); thus, to provide general guarantees, it is necessary to modify GD slightly to incorporate some degree of randomness. Two simple methods have been studied in the literature:

1. Intermittent Perturbations: Ge, Huang, Jin and Yuan 2015 considered adding occasional random perturbations to GD, and were able to provide the first polynomial time guarantee for GD to escape saddle points. (See also Rong Ge’s post )

2. Random Initialization: Lee et al. 2016 showed that with only random initialization, GD provably avoids saddle points asymptotically (i.e., as the number of steps goes to infinity). (see also Ben Recht’s post)

Asymptotic — and even polynomial time —results are important for the general theory, but they stop short of explaining the success of gradient-based algorithms in practical nonconvex problems. And they fail to provide reassurance that runs of GD can be trusted — that we won’t find ourselves in a situation in which the learning curve flattens out for an indefinite amount of time, with the user having no way of knowing that the asymptotics have not yet kicked in. Lastly, they fail to provide reassurance that GD has the kind of favorable properties in high dimensions that it is known to have for convex problems.

One reasonable approach to this issue is to consider second-order (Hessian-based) algorithms. Although these algorithms are generally (far) more expensive per iteration than GD, and can be more complicated to implement, they do provide the kind of geometric information around saddle points that allows for efficient escape. Accordingly, a reasonable understanding of Hessian-based algorithms has emerged in the literature, and positive efficiency results have been obtained.

Is GD also efficient? Or is the Hessian necessary for fast escape of saddle points?

A negative result emerges to this first question if one considers the random initialization strategy discussed. Indeed, this approach is provably inefficient in general, taking exponential time to escape saddle points in the worst case (see “On the Necessity of Adding Perturbations” section).

Somewhat surprisingly, it turns out that we obtain a rather different — and positive— result if we consider the perturbation strategy. To be able to state this result, let us be clear on the algorithm that we analyze:

Perturbed gradient descent (PGD)

1. for $~t = 1, 2, \ldots ~$ do
2. $\quad\quad x_{t} \leftarrow x_{t-1} - \eta \nabla f (x_{t-1})$
3. $\quad\quad$ if $~$perturbation condition holds$~$ then
4. $\quad\quad\quad\quad x_t \leftarrow x_t + \xi_t$

Here the perturbation $\xi_t$ is sampled uniformly from a ball centered at zero with a suitably small radius, and is added to the iterate when the gradient is suitably small. These particular choices are made for analytic convenience; we do not believe that uniform noise is necessary. nor do we believe it essential that noise be added only when the gradient is small.

Strict-Saddle and Second-order Stationary Points

We define saddle points in this post to include both classical saddle points as well as local maxima. They are stationary points which are locally maximized along at least one direction. Saddle points and local minima can be categorized according to the minimum eigenvalue of Hessian:

We further call the saddle points in the last category, where $\lambda_{\min}(\nabla^2 f(x)) < 0$, strict saddle points.

While non-strict saddle points can be flat in the valley, strict saddle points require that there is at least one direction along which the curvature is strictly negative. The presence of such a direction gives a gradient-based algorithm the possibility of escaping the saddle point. In general, distinguishing local minima and non-strict saddle points is NP-hard; therefore, we — and previous authors — focus on escaping strict saddle points.

Formally, we make the following two standard assumptions regarding smoothness.

Assumption 1: $f$ is $\ell$-gradient-Lipschitz, i.e.
$\quad\quad\quad\quad \forall x_1, x_2, |\nabla f(x_1) - \nabla f(x_2)| \le \ell |x_1 - x_2|$.
$~$
Assumption 2: $f$ is $\rho$-Hessian-Lipschitz, i.e.
$\quad\quad\quad\quad \forall x_1, x_2$, $|\nabla^2 f(x_1) - \nabla^2 f(x_2)| \le \rho |x_1 - x_2|$.

Similarly to classical theory, which studies convergence to a first-order stationary point, $\nabla f(x) = 0$, by bounding the number of iterations to find a $\epsilon$-first-order stationary point, $|\nabla f(x)| \le \epsilon$, we formulate the speed of escape of strict saddle points and the ensuing convergence to a second-order stationary point, $\nabla f(x) = 0, \lambda_{\min}(\nabla^2 f(x)) \ge 0$, with an $\epsilon$-version of the definition:

Definition: A point $x$ is an $\epsilon$-second-order stationary point if:
$\quad\quad\quad\quad |\nabla f(x)|\le \epsilon$, and $\lambda_{\min}(\nabla^2 f(x)) \ge -\sqrt{\rho \epsilon}$.

In this definition, $\rho$ is the Hessian Lipschitz constant introduced above. This scaling follows the convention of Nesterov and Polyak 2006.

Applications

In a wide range of practical nonconvex problems it has been proved that all saddle points are strict— such problems include, but not are limited to, principal components analysis, canonical correlation analysis, orthogonal tensor decomposition,phase retrieval,dictionary learning,matrix sensing,matrix completion, and other nonconvex low-rank problems.

Furthermore, in all of these nonconvex problems, it also turns out that all local minima are global minima. Thus, in these cases, any general efficient algorithm for finding $\epsilon$-second-order stationary points immediately becomes an efficient algorithm for solving those nonconvex problem with global guarantees.

Escaping Saddle Point with Negligible Overhead

In the classical case of first-order stationary points, GD is known to have very favorable theoretical properties:

Theorem (Nesterov 1998): If Assumption 1 holds, then GD, with $\eta = 1/\ell$, finds an $\epsilon$-first-order stationary point in $2\ell (f(x_0) - f^\star)/\epsilon^2$ iterations.

In this theorem, $x_0$ is the initial point and $f^\star$ is the function value of the global minimum. The theorem says for that any gradient-Lipschitz function, a stationary point can be found by GD in $O(1/\epsilon^2)$ steps, with no explicit dependence on $d$. This is called “dimension-free optimization” in the literature; of course the cost of a gradient computation is $O(d)$, and thus the overall runtime of GD scales as $O(d)$. The linear scaling in $d$ is especially important for modern high-dimensional nonconvex problems such as deep learning.

We now wish to address the corresponding problem for second-order stationary points. What is the best we can hope for? Can we also achieve

1. A dimension-free number of iterations;
2. An $O(1/\epsilon^2)$ convergence rate;
3. The same dependence on $\ell$ and $(f(x_0) - f^\star)$ as in (Nesterov 1998)?

Rather surprisingly, the answer is Yes to all three questions (up to small log factors).

Main Theorem: If Assumptions 1 and 2 hold, then PGD, with $\eta = O(1/\ell)$, finds an $\epsilon$-second-order stationary point in $\tilde{O}(\ell (f(x_0) - f^\star)/\epsilon^2)$ iterations with high probability.

Here $\tilde{O}(\cdot)$ hides only logarithmic factors; indeed, the dimension dependence in our result is only $\log^4(d)$. The theorem thus asserts that a perturbed form of GD, under an additional Hessian-Lipschitz condition, converges to a second-order-stationary point in almost the same time required for GD to converge to a first-order-stationary point. In this sense, we claim that PGD can escape strict saddle points almost for free.

We turn to a discussion of some of the intuitions underlying these results.

Why do polylog(d) iterations suffice?

Our strict-saddle assumption means that there is only, in the worst case, one direction in $d$ dimensions along which we can escape. A naive search for the descent direction intuitively should take at least $\text{poly}(d)$ iterations, so why should only $\text{polylog}(d)$ suffice?

Consider a simple case in which we assume that the function is quadratic in the neighborhood of the saddle point. That is, let the objective function be $f(x) = x^\top H x$, a saddle point at zero, with constant Hessian $H = \text{diag}(-1, 1, \cdots, 1)$. In this case, only the first direction is an escape direction (with negative eigenvalue $-1$).

It is straightforward to work out the general form of the iterates in this case:

Assume that we start at the saddle point at zero, then add a perturbation so that $x_0$ is sampled uniformly from a ball $\mathcal{B}_0(1)$ centered at zero with radius one. The decrease in the function value can be expressed as:

Set the step size to be $1/2$, let $\lambda_i$ denote the $i$-th eigenvalue of the Hessian $H$ and let $\alpha_i = e_i^\top x_0$ denote the component in the $i$th direction of the initial point $x_0$. We have $\sum_{i=1}^d \alpha_i^2 = | x_0|^2 = 1$, thus:

A simple probability argument shows that sampling uniformly in $\mathcal{B}_0(1)$ will result in at least a $\Omega(1/d)$ component in the first direction with high probability. That is, $\alpha^2_1 = \Omega(1/d)$. Substituting $\alpha_1$ in the above equation, we see that it takes at most $O(\log d)$ steps for the function value to decrease by a constant amount.

Pancake-shape stuck region for general Hessian

We can conclude that for the case of a constant Hessian, only when the perturbation $x_0$ lands in the set $\{x | ~ |e_1^\top x|^2 \le O(1/d)\}$ $\cap \mathcal{B}_0 (1)$, can we take a very long time to escape the saddle point. We call this set the stuck region; in this case it is a flat disk. In general, when the Hessian is no longer constant, the stuck region becomes a non-flat pancake, depicted as a green object in the left graph. In general this region will not have an analytic expression.

Earlier attempts to analyze the dynamics around saddle points tried to the approximate stuck region by a flat set. This results in a requirement of an extremely small step size and a correspondingly very large runtime complexity. Our sharp rate depends on a key observation — although we don’t know the shape of the stuck region, we know it is very thin.

In order to characterize the “thinness” of this pancake, we studied pairs of hypothetical perturbation points $w, u$ separated by $O(1/\sqrt{d})$ along an escaping direction. We claim that if we run GD starting at $w$ and $u$, at least one of the resulting trajectories will escape the saddle point very quickly. This implies that the thickness of the stuck region can be at most $O(1/\sqrt{d})$, so a random perturbation has very little chance to land in the stuck region.

On the Necessity of Adding Perturbations

We have discussed two possible ways to modify the standard gradient descent algorithm, the first by adding intermittent perturbations, and the second by relying on random initialization. Although the latter exhibits asymptotic convergence, it does not yield efficient convergence in general; in recent joint work with Simon Du, Jason Lee, Barnabas Poczos, and Aarti Singh, we have shown that even with fairly natural random initialization schemes and non-pathological functions, GD with only random initialization can be significantly slowed by saddle points, taking exponential time to escape. The behavior of PGD is strikingingly different — it can generically escape saddle points in polynomial time.

To establish this result, we considered random initializations from a very general class including Gaussians and uniform distributions over the hypercube, and we constructed a smooth objective function that satisfies both Assumptions 1 and 2. This function is constructed such that, even with random initialization, with high probability both GD and PGD have to travel sequentially in the vicinity of $d$ strict saddle points before reaching a local minimum. All strict saddle points have only one direction of escape. (See the left graph for the case of $d=2$).

When GD travels in the vicinity of a sequence of saddle points, it can get closer and closer to the later saddle points, and thereby take longer and longer to escape. Indeed, the time to escape the $i$th saddle point scales as $e^{i}$. On the other hand, PGD is always able to escape any saddle point in a small number of steps independent of the history. This phenomenon is confirmed by our experiments; see, for example, an experiment with $d=10$ in the right graph.

Conclusion

In this post, we have shown that a perturbed form of gradient descent can converge to a second-order-stationary point at almost the same rate as standard gradient descent converges to a first-order-stationary point. This implies that Hessian information is not necessary for to escape saddle points efficiently, and helps to explain why basic gradient-based algorithms such as GD (and SGD) work surprisingly well in the nonconvex setting. This new line of sharp convergence results can be directly applied to nonconvex problem such as matrix sensing/completion to establish efficient global convergence rates.

There are of course still many open problems in general nonconvex optimization. To name a few: will adding momentum improve the convergence rate to a second-order stationary point? What type of local minima are tractable and are there useful structural assumptions that we can impose on local minima so as to avoid local minima efficiently? We are making slow but steady progress on nonconvex optimization, and there is the hope that at some point we will transition from “black art” to “science”.

README.md

$ ./bootstrap.sh

$ ./configure
$ make install

$ brew tap caskroom/fonts
$ brew cask install font-gentium-plus

$ sile examples/test.sil
This is SILE 0.9.2<examples/test.sil><examples/macros.sil>[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26] [27] [28]

The National Weather Service attributed San Francisco’s blazing heat and other falling records around the Bay Area to a “massive area of high pressure” hovering above Northern California and no onshore wind, which usually brings cooling sea air into the city and other coastal areas. The Weather Service issued an excessive-heat warning through 9 p.m. Saturday along the coast.

Meteorologist Scott Rowe of the National Weather Service in Monterey summed up the news with this masterful understatement: “It’s very hot.”

San Francisco summers typically mean coats, space heaters, and high heating bills. Air conditioning in city homes is not even a thing.

“I don’t like this,” said Habte Tesfom, a valet parking attendant at the downtown Nordstrom. “Nothing helps. It’s hot outside, and it’s even hotter when you get into a parked car.”

As the thermometers peaked in San Francisco, Tesfom said he’d already drunk five bottles of water and was working on a mango juice. He said he wasn’t surprised that the heat set a new record. “It feels like it.”

Patience wasn’t the only thing melting in San Francisco’s surprising swelter. The tourist trade all but evaporated for street vendors.

“Nobody’s buying, everyone’s inside,” said “Blue,” who tried to sell mini seagull sculptures made of pine cone petals for $5 each at Aquatic Park.

Meanwhile, nine Bay Area cities, as well as Moffett Field, Santa Cruz and Salinas, broke heat records for Sept. 1, most set more than 60 years ago.

Among them were Santa Rosa, which at 110 degrees, broke its record of 105 set in 1950. San Jose hit 108 degrees, well above its previous record for the day of 101, also set in 1950. And Richmond, at 102, crushed its record of 93 degrees set in 1955.

“What we’re seeing today is incredible heat throughout the San Francisco Bay Area — including locations that are usually lot cooler, so we urge folks to take extra precautions to stay safe,” Rowe said. “Even at our office in Monterey it’s 101 degrees — in Monterey!”

BART officials, concerned that the sizzling heat could warp its steel tracks, are running trains slower than usual so operators can keep an eye out for dips and bumps.

Another unlovely side-effect of the record heat is that it has combined with smoke from wildfires burning in Northern California and Oregon to create plenty of soot and smog in Bay Area air.

The particulates can cause breathing problems in sensitive people or those who work outside, said Ralph Borrmann, spokesman for the Bay Area Air Quality Management District.

Jumping into cool water is one way to cool off.

Walnut Creek has a creek — but you can’t swim in it, not even when the temperature is 108. It’s largely a fenced-off storm drain with warning signs to keep out, which everyone except ducks was doing.

Instead, people headed to the usual lineup of libraries and other public buildings rebranded as “cooling stations.” At the senior center, it meant that a nice person like receptionist Eileen Kempker put out a pitcher of ice water and plastic cups by the front desk, next to the basket with the free hearing-aid batteries.

“We’re a respite, and you can just stay inside and do whatever you want,” said Kempker, although she herself could not stay inside because the ice machine was in another building and she had to go out the front door from time to time to replenish the ice in the pitcher, one of her official duties when the senior center becomes a cooling station.

Next door, at the Walnut Creek main library, it was OK to come in and read, or come in and not read.

“I like to read,” said Pat Strong, the clerk in the Friends of the Library bookstore. “I don’t know if it’s ever really too hot to read, but if you don’t want to read, you don’t have to.”

Downtown, one of the hardiest souls was 95-year-old Emily Hagen, who comes to a coffee bar on Locust Street for ice herb tea and a cheese danish every Monday and Friday because that’s just what she does, and never mind how hot it is. Cold weather is nice, she said, and hot weather is nice and so is all the weather in between.

“I enjoy a day like this,” she said. “I enjoy everything. When you’re 95, you thank the good Lord you’re alive and you stop complaining.”

Donald Steeves, 67, said he’s been homeless for about 30 years. He said Walnut Creek is one of the places he’s been homeless in, and it’s as good as any. Being homeless when the temperature is 100 is “all about being logical.”

“You go into public buildings when you can,” he said, pushing a grocery cart with stuff in it besides groceries down Olympic Blvd. “You drink water, not beer. A cold beer doesn’t really work in weather like this.”

The triple-digit temperatures elsewhere in the Bay Area were considered “very high risk” for the entire population due to their duration — and no relief was expected overnight. So officials warned were warning people to take precautions: drink water and stay indoors if possible.

Officials advise people to stay inside from 10 a.m. to 6 p.m., the hottest hours of the day, to prevent heat-related illnesses.

Pet and livestock owners are advised to take extra care of their animals and give them lots of water.

Many schools closed early Friday, and some outdoor events have been canceled this weekend, thanks to the heat, including Livermore’s 36th Harvest Wine Celebration at Las Positas College.

Steve Rubenstein, Nanette Asimov and Jenna Lyons are San Francisco Chronicle staff writers. Email: srubenstein@sfchronicle.com, nasimov@sfchronicle.com and jlyons@sfchronicle.com Twitter: @SteveRubeSF, @NanetteAsimov and @JennaJourno

Juicero has run out of juice.

The San Francisco-based maker of counter-top cold-press juicers said today that it is shutting down operations and suspending the sale of its presses and produce packs immediately.

The announcement on the company’s website comes after the startup said in July that it was undergoing a “strategic shift” to more quickly lower the cost of its $399 juicers and $5-7 juice packs filled with raw fruits and vegetables. As part of the shift, the company said then that it would lay off about a quarter of its staff.

At the time, Juicero CEO Jeff Dunn wrote in a letter to employees obtained by Fortune that the current prices were “not a realistic way for us to fulfill our mission at the scale to which we aspire.”

But Juicero realized it couldn't bring down the cost of its products as a standalone company. It was too small to achieve the required economies of scale on its own. The company will now focus on finding a buyer, it wrote in Friday's blog post.

A source familiar with the situation said employees are being given 60 days notice and that the company is notifying all customers via email that they can request a refund for the machine for up 90 days.

Before today’s news, Juicero had said it would focus on building a second generation machine that would cost in the $200 range—versus its initial launch price 16 months ago of $699.

Juicero fell under heightened scrutiny after a Bloomberg article in April reported on how consumers could use their hands to squeeze the juice packs without the aid of the Juicero machine.

As Fortune reported earlier this month, Dunn addressed the Bloomberg hand-squeezing issue in a Medium post and again in the letter to employees obtained by Fortune, in which he wrote that “it was frustrating to read that something we always knew about, and that our customers simply aren’t interested in doing, was somehow new and relevant.”

The hand-squeezing dustup inflamed some of the criticism Juicero has gotten since bringing its juicer to market. "Some held up the countertop appliance as a symbol of all that was wrong with Silicon Valley: a $699 connected device that solved a problem most people didn’t even have the luxury of affording—how to get fresh juice on demand at home," Fortune wrote in January.

The Bloomberg article described Juicero as "one of the most lavishly funded gadget startups in Silicon Valley" and founder Doug Evans once said he planned to do for juicing what Steve Jobs did for computers.

At the Japan Society event, we were split into workshop groups, where we explained to one another what had brought us here and what we had got out of “The Life-Changing Magic of Tidying Up.” Most of the women at the event could not claim “tidying completed!” status; only 27 in the room did, or less than a third. One woman in my group who had finished her tidying, Susan, expressed genuine consternation that a bunch of women who wanted to become KonMari tidying consultants hadn’t even “completed tidying!” How were they going to tidy someone else’s home when they couldn’t even get their own in order? How could they possibly know how profoundly life could improve if they hadn’t yet completed their tidying?

A woman named Diana, who wore star-and-flower earrings, said that before she tidied, her life was out of control. Her job had been recently eliminated when she found the book. “It’s a powerful message for women that you should be surrounded by things that make you happy,” she said, and her and everyone else’s faces engaged in wide-eyed, open-mouthed incredulous agreement, nodding emphatically up and down, skull to spine and chin to chest. “I found the opposite of happiness is not sadness,” Diana told us. “It’s chaos.” Another woman said she KonMaried a bad boyfriend. Having tidied everything in her home and finding she still distinctly lacked happiness, she held her boyfriend in her hands, realized he no longer sparked joy and got rid of him.

During her lecture, Marie demonstrated how the body feels when it finds tidying joy. Her right arm pointed upward, her left leg bent in a display of glee or flying or something aerial and upright, her body arranged I’m-a-little-teacup-style, and a tiny hand gesture accompanied by a noise that sounded like “kyong.” Joy isn’t just happy; joy is efficient and adorable. A lack of joy, on the other hand, she represented with a different pose, planting both feet and slumping her frame downward with a sudden visible depletion of energy. When Kondo enacted the lack of joy, she appeared grayer and instantly older. There isn’t a specific enough name for the absence of joy; it is every emotion that isn’t pure happiness, and maybe it doesn’t deserve a name, so quickly must it be expunged from your life. It does, however, have a sound effect: “zmmp.”

Joy is the only goal, Kondo said, and the room nodded, yes, yes, in emphatic agreement, heads bobbing and mouths agape in wonder that something so simple needed to be taught to them. “My dream is to organize the world,” Kondo said as she wrapped up her talk. The crowd cheered, and Kondo raised her arms into the air like Rocky.

She did not set out to become a superpower in the already booming world of professional organization. It just sort of happened to her, a natural outgrowth of a lifelong obsession with carefully curating her belongings. When she was a little girl, she read all of her mother’s homemaking magazines, and as early as elementary school began researching various tidying methods, so disquieted was her brain by her family’s possessions. Kondo recalls that the national library of Japan held a large collection of tidying, decluttering and organizing books, but it didn’t admit anyone under 18. Kondo spent her 18th birthday there.

When she was 19, her friends began offering her money for her tidying services. At the time, she was enrolled at Tokyo Woman’s Christian University, studying sociology, with a concentration on gender. She happened upon a book called “Women With Attention Deficit Disorder,” by Sari Solden, and in it there was a discussion over women who are too distracted to clean their homes. Kondo was disturbed that there was little consideration that a man might pick up the slack in this regard, that a woman with A.D.D. was somehow broken because she couldn’t tidy. But, she conceded, buried in this outrageous notion was a core truth: that women have a closer connection to their surroundings than men do. She realized that the work she was doing as a tidying consultant was far more psychological than it was practical. Tidying wasn’t just a function of your physical space; it was a function of your soul. After college she found work at a staffing agency but continued to take tidying jobs in the early mornings and late evenings, initially charging $100 per five-hour block. Eventually she quit her job, and soon, even working at tidying full time, the wait list for her services reached six months.

When she enters a new home, Kondo says, she sits down in the middle of the floor to greet the space. She says that to fold a shirt the way everyone folds a shirt (a floppy rectangle) instead of the way she thinks you should (a tight mass of dignified envelope-shaped fabric so tensile that it could stand upright) is to deprive that shirt of the dignity it requires to continue its work, i.e. hanging off your shoulders until bedtime. She would like your socks to rest. She would like your coins to be treated with respect. She thinks your tights are choking when you tie them off in the middle. She would like you to thank your clothes for how hard they work and ensure that they get adequate relaxation between wearings. Before you throw them out — and hoo boy will you be throwing them out — she wants you to thank them for their service. She wants you to thank that blue dress you never wore, tell it how grateful you are that it taught you how blue wasn’t really your color and that you can’t really pull off an empire waist. She wants you to override the instinct to keep a certain thing because an HGTV show or a home-design magazine or a Pinterest page said it would brighten up your room or make your life better. She wants you to possess your possessions on your own terms, not theirs. (This very simple notion has proved to be incredibly controversial, but more on that later.)

She is tiny — just 4-foot-8. When I interviewed her, not only did her feet not touch the ground when we were sitting, but her knees didn’t even bend over the side of the couch. When she speaks, she remains pleasant-faced and smiling; she moves her hands around, framing the air in front of her, as if she were the director on “Electric Company” or Tom Cruise in “Minority Report.” The only visible possessions in her hotel room for a two-week trip from Tokyo were her husband’s laptop and a small silver suitcase the size of a typical man’s briefcase. She has long bangs that obscure her eyebrows, and that fact — along with the fact that her mouth never changes from a faint smile — contributes to a sense that she is participating in more of a pageant than an interview, which possibly is what it does feel like when big-boned American interviewers whose gargantuan feet do touch the ground come to your hotel room and start jawing at you through an interpreter. Her ankles are skinny but her wrists are muscular. When she shows pictures of herself in places she has tidied, before she starts, she looks like a lost sparrow in a tornado. On the other side, in the “after” picture, it is hard to believe that such a creature could effect such change.

Her success has taken her by surprise. She never thought someone could become so famous for tidying that it would be hard to walk down the street in Tokyo. “I feel I am busy all the time and I work all the time,” she said, and she did not seem so happy about this, though her faint smile never wavered. She sticks with speaking and press appearances and relegates her business to her handlers — the team of men who pop out of nowhere to surround any woman with a good idea. She feels as if she never has any free time.

I spent a few days with her in April, accompanied by her entire operation (eight people total). I attended her “Rachael Ray” appearance, where she was pitted against the show’s in-house organizer, Peter Walsh, in what must have been the modern talk show’s least fair fight ever. Kondo was asked about her philosophies, and she relayed her answers through her interpreter, but when Walsh countered by explaining why an organizing solution Kondo offered was nice but didn’t quite work in the United States, his response was never translated back to Kondo, so how was she supposed to refute it? She stood to the side, smiling and nodding as he proceeded. Had she been told what Walsh was saying, she would say to him what she said to me, that yes, America is a little different from Japan, but ultimately it’s all the same. We’re all the same in that we’re enticed into the false illusion of happiness through material purchase.

Kondo does not feel threatened by different philosophies of organization. “I think his method is pretty great too,” she told me later. She leaves room for something that people don’t often give her credit for: that the KonMari method might not be your speed. “I think it’s good to have different types of organizing methods,” she continued, “because my method might not spark joy with some people, but his method might.” In Japan, there are at least 30 organizing associations, whereas in the United States we have just one major group, the National Association of Professional Organizers (NAPO). Kondo herself has never heard of NAPO, though she did tell me that she knows that the profession exists in the United States. “I haven’t had a chance to talk to anyone in particular, but what I’ve heard is that thanks to my book and organizing method, now the organizing industry in general kind of bloomed and got a spotlight on it,” she said, though I cannot imagine who told her this. “They kind of thanked me for how my book or method changed the course of the organizing industry in America.”

The women (and maybe three or four men) of NAPO would beg to differ. More than 600 of them descended on Atlanta for NAPO’s annual meeting in May. They refer to this gathering only as Conference, no article, the way that insiders call the C.I.A just C.I.A. I went along, too, in order to better understand the state of stuff in America, and to study Kondo’s competition.

When you receive your Conference lanyard, you can add sticky ribbons to it that say anything from your level of participation in NAPO (chapter president, former board member, golden circle, NAPO Cares, etc.) to where you’re from (a choice of the 41 states represented) to what your state of mind is (Diva, Lazy, High Maintenance, Happy to Be Here, Really?, Caution: Might Burst Into Show Tunes!). Once you are completely categorized, you can enjoy Conference.

At Conference, I met women who organize basements. I met women who organize digital clutter. I met women who organize photos. I met women who categorized themselves as “solopreneurs,” which, what’s that now? I met a woman who organizes thoughts, and please don’t move onto the next sentence until you’ve truly absorbed that: I met a woman who charges $100 per hour for the organization of thoughts. I heard the word “detritus” pronounced three different ways. I met a woman in camouflage (though the invitation begged us to confine ourselves to our native business-casual), who carried a clipboard and called herself Major Mom, and instead of an organizer she calls herself a liberator, like in Falluja.

I went to a seminar on closets and pantries that I hoped would be, I don’t know, more spiritual than it was, or at the very least address the problem of the cans of beans I keep buying and not using — why do I keep buying them? Why am I not using them? Beans are a superfood, after all, and cheap, too. I like beans. But the woman droned on and on and on about shelving units and the pesky corner cabinets, how they misuse valuable space, but luckily there is a drawer or something that could help you fill that space, too, because negative space inside a cabinet is a crime no organizer worth her drawer dividers should find herself guilty of.

Conference was different from the KonMari events that I attended. Whereas Kondo does not believe that you need to buy anything in order to organize and that storage systems provide only the illusion of tidiness, the women of Conference traded recon on timesaving apps, label makers, the best kind of Sharpie, the best tool they own (“supersticky notes,” “drawer dividers”) and the best practices regarding clients who wouldn’t offer their organization goals in a timely manner. I heard about the crises in the industry: that clients who printed out Pinterest pages and said, “I want that,” had unrealistic expectations; that the baby boomers are downsizing for the first time; that there is a rising generation that isn’t interested in inheriting their parents’ old junk.

While NAPO members don’t share any standardized method for organizing — the group offers certification classes, but each woman I spoke with has her own approach — they are fairly unified in their disdain for this Japanese interloper. They have waged a war through their fuming blog posts and their generally disgusted conversations, saying that she is a product only of good marketing, that she’s not doing anything different from what they’ve been doing since she was in diapers. They don’t like that there’s a prescribed order for tidying; they think you have to yield to what your client wants done and has time for. They don’t like the once-in-a-lifetime tidying marathon, which on average is completed in six months; sometimes organizing is a many years effort or an ongoing one. They don’t like that she hasn’t really addressed what to do with all your kids’ stuff and how to handle them. They don’t like that you have to get rid of all of your papers, which is actually a misnomer: Kondo just says you should limit them because they’re incapable of sparking joy, and you should confine them to three folders: needs immediate attention, must be kept for now, must be kept forever.

At the opening-night cocktails/trade show, I stood in front of the booth of a man advertising his cleaning service, which can tidy up crime scenes as well as hoarders’ homes, and I asked some women eating spring rolls what they had against Kondo. The nice ones, struggling for something that wasn’t overtly bitchy to say, said they appreciated that the popularity of her book has brought attention to their industry, which still lobbies to be recognized by the government as an official occupation. (Until that happens, the NAPO women will have to continue calling themselves “interior designers” or “personal assistants”; they would prefer “productivity consultants.”) But they also feel as if they’ve been doing this for years, that “she just has one hell of a marketing machine, but she’s doing nothing that’s so different from us,” at least three of them said to me.

Yet each organizer I spoke with said that she had the same fundamental plan that Kondo did, that the client should purge (they cry “purge” for what Kondo gently calls “discarding”) what is no longer needed or wanted; somehow the extra step of thanking the object or folding it a little differently enrages them. This rage hides behind the notion that things are different here in America, that our lives are more complicated and our stuff is more burdensome and our decisions are harder to make.

“It’s a book if you’re a 20-something Japanese girl and you live at home and you still have a bunch of your Hello Kitty toys and stuff,” another NAPO member told me, which, while not the only thing a professional organizer told me that was tinged with an aggressive xenophobia and racism, it is the only one that can run in a New York Times article.

They even hate Kondo’s verbiage. The word she uses, “tidying,” is annoying and arcane to them. “Tidying is what you do before your mother-in-law comes over,” said one woman, while her two friends nodded. In addition, what Kondo offers is limited. Ellen Faye, the president of NAPO, told me the night before: “You know, I have a client who got me the book, who said, ‘Here, Ellen, read the book.’ I did page through it. I think her first book is kind of like the grapefruit diet; that there’s nothing wrong with just eating grapefruit. It’s not going to get it all done. I mean grapefruit’s great for losing weight, and what she says is great for bringing order to your life, but it’s not the whole picture. It’s just a narrow slice.”

Ultimately, the women of NAPO said that Kondo’s methods were too draconian and that the clients they knew couldn’t live in Kondo’s world. They had jobs and children, and they needed baby steps and hand-holding and maintenance plans. They needed someone to do for them what they couldn’t naturally do for themselves.

At the lounge, which included space for mindful coloring, I suggested to the organizers present that maybe the most potent difference between Kondo and the NAPO women is that the NAPO women seek to make a client’s life good by organizing their stuff; Kondo, on the other hand, leads with her spiritual mission, to change their lives through magic. With her rigid once-in-a-lifetime tidying marathon directive (no baby steps, no “slow and steady wins the race”), she is a little like the grapefruit diet: simple and extreme and incredibly hard, the way Americans like our renewal plans.

A woman who was coloring heard my theory and rolled her eyes. Her name was Heather Ahern, an organizer in Massachusetts for nearly 13 years, and she deals mostly with a clientele who were surviving something hard: divorce, death, loss — when, for example, their loved ones have no idea how to access any of their online accounts and delete them. “Do you know how many dead people are on LinkedIn?” she asked me. (The correct answer to this is not: I don’t know, all of them?) “For some of my clients, just making it better is O.K.,” she said. “They don’t want a perfect house. There is no perfect house.” But Kondo would agree with that.

“I guess it’s the process,” Ahern said of what bothers her most about Kondo. Ahern’s philosophy is about process as much as about results. “I see that my clients are just too fragile to do that,” she said. We got up to go back to our rooms to briefly abandon our business-­casual for formal in preparation for the Black and White Ball, where the NAPO women would cut loose as much as their personalities would allow them by doing karaoke to Eminem and dancing to “Baby Got Back.”

Jenny Ning was self-conscious about being one of Kondo’s only employees who had not yet finished tidying(!). What could Kondo possibly think of an employee representing KonMari Inc. to her American base not having her own house in order? We’d been through a lot together, Ning and I. Kondo needed an interpreter to speak with me, so I spent a lot of my reporting time outside our interviews with Ning. We attended the events and meetings, clueless in our non-Japanese-speaking, and I watched as she negotiated decisions about the certification program, which will cost around $1,500 for a three-day session, and a newsletter they were toying with.

Last year, when Kondo visited San Francisco, she came to Ning’s studio apartment, and Ning said she felt very ashamed when Kondo opened her closet. Kondo would visit San Francisco again to introduce the consultancy and maybe even before, and Ning told me she wanted to tidy and to show Kondo the progress. I asked if I could come along and maybe help Ning complete her tidying.

When Ning was little, she loved to collect things: stamps, stickers, pencils. She was never overwhelmed by her stuff. She thinks of her childhood bedroom as “very happy.” But as she grew into adulthood, she kept buying clothing: far too much of it.

She went to work in finance, but she found the work empty and meaningless. She would come home and find herself overwhelmed by her stuff. So she began searching for “minimalism” on the internet almost constantly, happening on Pinterest pages of beautiful, empty bathrooms and kitchens, and she began to imagine that it was her stuff that was weighing her down. She read philosophy blogs about materialism and the accumulation of objects. “They just all talked about feeling lighter,” she said, with one leg folded under her and another on the floor as she sat on her bed, which no longer sparks joy and which she would sell in the coming weeks. Ning wanted that lightness.

And here, at this moment in the story, Ning began to cry. “I never knew how to get here from there,” she said. Ning looked around her apartment, which is spare. She loves it here now, but that seemed impossible just a couple of years ago.

She found Kondo’s book, and she felt better immediately, just having read it. She began tidying, and immediately she lost three pounds. She had been trying to lose weight forever, and then suddenly, without effort, three pounds, just gone.

One day, she was texting a friend, saying that she thought she could live her ideal life if only she could work as Kondo’s assistant. It happened that Kondo was in San Francisco and, even better, she was speaking across the street from Ning’s finance job. After the talk, Ning tried to speak with Kondo, but she walked away with only a KonMari business card from one of Kondo’s associates. She didn’t hear anything initially when she wrote to the address.

Undeterred, she quit her job and arranged a trip to Japan. There, she finally talked to associates of Kondo’s who told her of their plans to expand into the United States. Could Ning help? Could she! Ning worked free for KonMari Inc. for five months, before landing a salaried position. She donated the suits that she wore to her finance job and hung up all of her yoga clothing in her closet, even though, technically, KonMari does not endorse hanging leisure wear, but that is all she wears now, and all I’ve seen her wear, from the yoga class we did together to the professional events we attended.

Ning has thrown away her collections. She has gone to her family’s home in San Diego and thrown away whatever was left there too. She wiped her tears and leaned in and told me, like a secret, that she has kept one collection: the stickers. She asked me if I wanted to see her album. She pulled it out from under her bed, pages and pages of Snoopy stickers and stickers of frogs and cupcakes and bunnies in raincoats playing in puddles and Easter baskets. She smiled down at them and touched a few while I thumbed through the pages. She asked if I wanted to watch her KonMari her pantry, and I said yes, of course I did. I sat next to her shelf full of books with names like “Secrets of Self-Healing” and “Move Your Stuff, Change Your Life” and “How to Be Idle” and “The Art of Serenity.” We threw away expired gum and some Chinese healing herbs whose purpose Ning could no longer remember.

A week later I was on another assignment, still using the same notebook from the Kondo story. As I flipped through it, passing through the pages of my notes from my time with Ning, I noticed that a tiny blue butterfly sticker had escaped her collection and landed on a page. When I saw the sticker, I froze and put my finger on it. I had had a sticker album, too. It had stickers that smelled like candy canes and purple. It had bubbly heart stickers and star stickers and Mork & Mindy stickers and Peanuts stickers, too.

I went abroad for a year to Israel after high school. While I was there, the boiler in my house in Brooklyn exploded and a soot fire destroyed all our possessions. “Everyone is O.K., but there was a fire,” my father said when I called. What happened after I got off the phone still confounds me: I returned to my dorm room, and when my roommate asked me how things were at home, I told her they were fine, and we went to sleep. In the middle of the night, I woke my roommate up, telling her that my house burned down. She told me it was a dream, and I kept telling her I had just forgotten to tell her. She didn’t believe me for days.

I never saw my sticker album again. I never saw anything again. After the place was cleared out, my mother was able to save a few photo albums, because they were closed when the soot invaded the basement and covered and ruined all the surfaces. When I look at the pictures, I don’t ever notice how young or cute my sisters and I were. I look in the background for the items that lie in the incidental path of my mother’s Canon. I try to remember what they smelled like or why we owned them or where we put them. I try to think of what my life would have been like if I’d returned home to what I left behind, the way my friends were able to return to their homes to what they’d left behind and keep returning, after they finished college and after they got married and after they had kids. I try to think of who I’d be if I weren’t in the habit of looking at my home before I left it each day and mentally preparing myself for the possibility that nothing I owned would be there when I got home that night. I try to know what feelings my lost objects, which I forget more and more as the years pass, would evoke if I could hold them in my hands, KonMari style, like a new kitten. Some would bring joy and some would not, but I’m not someone who thinks that joy is the only valid emotion. I try to remember what I no longer can because, in terms of my possessions, it is as if I was born on my 19th birthday.

The reason I bring this up is to tell you that you could not have any stuff at all, much less too much stuff, and still be totally messed up about it. The reason I tell you this is so that you know that that tiny butterfly sticker has been the same burden to me as any hoarder’s yield. Nostalgia is a beast, and that is either a good reason to KonMari your life, or a terrible one, depending on how you want to live.

The last time I saw Marie Kondo, we were in a hotel room in Midtown, a different one, and still the only visible objects in it were that metal suitcase and her husband’s laptop. But one item had been removed from the suitcase: a spray bottle that she keeps around. She sprays it into the air and the scent signals to her that she is finished working for the day, that her obligations, which seem endless lately, are done. I told her that, to my observation, a company trying to grow the way hers was trying to grow seemed at odds with the personality of someone who required such extreme measures for peace in the first place. “I do feel overwhelmed,” she told me, and she gave me one note of a quiet laugh. People demand a lot of her, not really understanding that you don’t go into a business like tidying if you’re able to handle a normal influx of activity and material. The world really likes her for her quirks. They make for good headlines and they certainly sell books, but nobody seems to be able to truly accept and accommodate them.

I think the NAPO women have Kondo wrong. She is not one of them, intent on competing for their market share. She is not part of a breed of alpha-organizer “solopreneurs” bent on dominating the world, despite her hashtag. She has more in common with her clients. But when it comes to stuff, we are all the same. Once we’ve divided all the drawers and eliminated that which does not bring us joy and categorized ourselves within an inch of our lives, we’ll find that the person lying beneath all the stuff was still just plain old us. We are all a mess, even when we’re done tidying. At least Kondo knows it. “I was always more comfortable talking to objects than people,” she told me. At that moment, I could tell that if she had her way, I would leave the hotel room and she would spray her spray and be left alone, so she could ask the empty room if she could clean it.

Sacramento is setting its eyes on the latest resource it can tax in California — drinking water.

For the first time in California’s history, lawmakers are proposing a 95-cent per month tax on your water bill. Senate Bill 623 would establish a new water connection tax, fertilizer tax and milk tax to raise about $200 million for a new “Safe and Affordable Water” fund.

While we all can all agree that all Californians should have access to safe and clean drinking water, there are ample general fund resources and many federal grants available to pay for those costs. The answer is to this problem is not imposing a new $200 million annual water tax.

Supporters of SB623 will argue that this legislation will help those who are poor, disadvantaged, and reside in rural areas. It does not. If you are a private groundwater well owner, you will not be eligible under this bill to apply for state or federal funding to address any contaminants in your water. Adding a tax on drinking water will only make clean and safe water less affordable for all Californians.

According to the California Tax Foundation, since the beginning of this year Sacramento lawmakers have introduced more than 90 bills that would cost taxpayers more than $370 billion annually in higher taxes and fees. Now these lawmakers want to add another tax but this time on your drinking water. Will there be anything that is not taxed in California?

Winston Churchill once said, “I contend that for a nation to try to tax itself into prosperity is like a man standing in a bucket and trying to lift himself up by the handle.” And I agree, continuously taxing Californians is not the answer.

When SB623 was presented in the Environmental Safety and Toxics Material Committee, I wanted to support it. It was a feel-good bill that was trying to find a solution for getting more clean drinking water in California and it didn’t have any burdensome tax language. It was my hope that the bill would improve once it left the Appropriations Committee. But in the end, I was wrong. The solution they came up with was to add more than one tax to help fund the program.

California is the fifth largest economy in the world, with a $183 billion state budget and $125 billion general fund that is intended to fund essential government services such as education, health and public safety. The taxpayers of our state have already provided the necessary funding for our Legislature to solve any challenge that impacts our communities.

This year alone, lawmakers have spent tens of millions of dollars on pet projects with no statewide benefits. Shouldn’t the Legislature instead be spending general fund dollars on ensuring all Californian’s have access to safe and clean drinking water?

Passage of SB623 will require a two-thirds vote of each house of the Legislature as it is a tax increase. That is why I am asking you to stand with me and contact your state representative to let them know we are taxed enough already and there are other options available to fund more access to clean drinking water.

Assemblyman Phillip Chen, R-Brea, represents the 55th Assembly District, which encompasses parts of Los Angeles, Orange and San Bernardino counties.

Many software engineers who develop software as a hobby often have side projects. The sad thing is, those software engineers often have the tendency to over-engineer their side projects, put all of their effort into mundane and, let’s be honest, pointless tasks and burn out before they’ve even finished their MVP.

Now, I don’t want to sound like a broken record, so I’m not going to preach ‘ship often’ to you, but I’m hoping that by reading this post you’ll be able to see the mistakes I used to make (and stop yourself from making them!).

So, you have a great idea and a view of how you’re going to go about completing it. Logically, you will try to put together some sort of plan of approach. However, focus too much on this initial plan and you risk falling down the ‘project management’ rabbit hole: writing user stories, creating backlogs and finding tools for a project that you haven’t even started, let alone need copious amounts of rigid management for.

Solution: don’t try and project manage a non-existent project. Note down ideas and rough timelines – that’s it. If you start predicting what you’ll be doing in 2 months on the project, you’re not in Kansas anymore Dorothy.

You’re so hyped for this project and confident that it will succeed that you start thinking about the future: “how will I scale my application for the millions of users it will have?” “How do I ensure I have multi zoned redundancy?” “How do I keep 100% uptime? ”

“I know: I’ll create a triple zoned redundant architecture with pub/sub database replication, a 32 node Kubernetes cluster and private networking across all regions – that way, I can handle anything!”

Now, reading that – you might think it sounds ridiculous – and you’d be right. Scale the numbers down though and it will probably sound familiar. So many people are guilty of over-architecting their application’s infrastructure before they even have that application in a state for it to be deployed!

Solution: Develop your project. Then, put it on the bare minimum architecture that it can run on (be that a 512MB instance from DigitalOcean or a medium instance on AWS). As you get more users, monitor, and modify the infrastructure appropriately to account for load and redundancy.

The majority of software engineers seem to be under the illusion that potential customers care about the stack they are running. They don’t. A customer will not know or care if you are using Ruby, Go, PHP or any other language as long as what you have written is performant and is fit for purpose (which all modern languages are).

Solution: Write in a language that  suits the task at hand and one that you are comfortable/experienced with.

Bootstrap? Too basic. Materialize? Too fat. Foundation? Nah. Better create my own.

A made up statement, but relatively common nevertheless. I have many-a-time started a new project, thought the statement previously and set out writing my own framework. By the time I had completed it, I no longer had any desire to work on the project I had thought of in the first place.

Solution: Use frameworks and customise them – only refactor/build your own when absolutely neccessary (and when you have appropriate metrics).

Similar to the way you can easily over-architect your infrastructure, it’s extremely easy to over-architect your continuous delivery practices before you have anything to deliver! Jenkins, Drone, Travis are all great tools – but you shouldn’t spend time configuring them until you have a working MVP.

Solution: Build your project first – then worry about continuous delivery.

It’s easy to believe you’re doing the best for your project by doing the above things but you aren’t. The best thing you can do for your project is to market, market, market, and then do a bit of development.

Edit: as many people on HackerNews are pointing out, this article focuses more on side-projects that people wish to use to generate income or turn into successful lifestyle businesses. If you’re working on something personal (with no plan to monetise it in the short term) or just for fun, then as long as you’re happy doing it – who cares!

The Quantum Threat

Most of today's cryptography is designed to be secure against an adversary with enormous amounts of computational power. This means estimating how much work certain computations (such as factoring a number, or finding a discrete logarithm) require, and choosing cryptographic parameters based on our best estimate of how much work would be required to break the system.

If it were possible to build a large-scale quantum computer, many of the problems whose difficulty we rely on for security would no longer be difficult to solve. While it remains unknown whether large-scale quantum computers are possible (see this article for a good overview), it's a sufficient risk that there's wide interest in developing quantum-resistant (or post-quantum) cryptography: cryptography that works on ordinary computers we have today, but which is secure against a possible quantum computer.

At Cloudflare, our biggest use of cryptography is TLS, which we use both for serving our customers' websites (all Cloudflare sites get free HTTPS), as well as for internal inter-datacenter communication on our backend.

In the TLS context, we want to create a secure connection between a client and a server. There are basically three cryptographic problems here:

1. Authenticity: the server needs to prove to the client that it is the real server (and optionally, the client can prove to the server that it's the real client);

2. Key agreement: the server and client need to agree, over an insecure connection, on a temporary shared secret known only to them;

3. Symmetric encryption: the server and client need to use their shared secret to encrypt the data they want to send over a secure connection.

Authenticity protects against active attackers, but because quantum computers aren't yet believed to exist, the main risk is a retroactive attack: for instance, a nation-state adversary (let's say, "NSA" for short) could record encrypted traffic, wait to build a quantum computer, and try to decrypt past traffic. Moreover, quantum algorithms seem to give only a small speedup against symmetric encryption, so the "key" problem to solve is #2, quantum-resistant key agreement.

This is an active area of research, both in the design of new cryptosystems and in their implementation and deployment. For instance, last year, Google concluded an experiment using a lattice-based key exchange in Chrome. Lattice-based cryptosystems are an extremely promising family of quantum-resistant algorithms. Their security relies on well-studied computational problems, and they are computationally efficient. However, they have large key sizes and can require extra communication (which can necessitate additional round-trips in protocols like TLS).

Another family of cryptosystems are supersingular isogeny systems, in particular supersingular isogeny Diffie-Hellman (SIDH). In contrast to lattice-based systems, they rely on more exotic computational problems and are much more computationally expensive. However, they have much smaller key sizes and do not require extra communication: SIDH fits perfectly into TLS 1.3's key agreement mechanism.

TLS 1.3 is the latest version of the TLS protocol. This summer, I've been working at Cloudflare on an experiment for a quantum-resistant version of TLS 1.3 using a hybrid key agreement combining X25519 and supersingular isogeny Diffie-Hellman (SIDH). To achieve this, I implemented a TLS 1.3 client in Go (as part of Cloudflare's tls-tris), implemented SIDH in Go for the amd64 architecture, and combined the SIDH implementation with the TLS 1.3 key agreement mechanism to perform a quantum-resistant TLS 1.3 handshake. This extends previous work by Microsoft Research on a SIDH-based key exchange for TLS 1.2, discussed below.

Diffie-Hellman key agreement in TLS 1.3

In the most recent version of TLS, TLS 1.3, the key agreement mechanism (part 2) is cleanly separated from the authentication mechanism (part 1). TLS 1.3 does key agreement using Diffie-Hellman, usually with an elliptic curve group. Before diving into the quantum-resistant version, let's review how Diffie-Hellman (DH) works, and how it works in the context of TLS 1.3.

In Diffie-Hellman, we have two parties, Alice and Bob, wishing to establish a shared secret. They fix an abelian groupG of prime order p, written additively, as well as a generator P of G (the basepoint). Alice then selects a uniformly random integer a in the range [0,p]. This determines a multiplication-by-a map, usually denoted [a] : G -> G. Alice computes the [a]P, the image of the basepoint under her map, and sends it to Bob. Similarly, Bob chooses a random integer b in the range [0,p], determining the map [b], computes [b]P, and sends it to Alice. Alice and Bob then agree on a shared secret [ab]P, which Alice computes as [a]([b]P) and Bob computes as [b]([a]P):

(Here I'm describing the process in terms of maps, in order to show similarity with SIDH later).

In the TLS 1.3 context, this works as follows. A client initiates a connection by sending a TLS ClientHello message, which contains (among other data) a list of DH groups supported by the client, as well as "keyshares" (i.e., the [a]P values) for some (or all) of these groups.

The server selects one of the DH groups supported by both the server and the client. In the happy case, the server selects a group the client provided a keyshare for, and sends back a ServerHello message containing the server's keyshare. From this point on, all handshake messages between the client and server, such as certificates, extensions, etc., are encrypted using a "handshake secret" derived from the keyshares. (In the unhappy case, where the client did not provide an acceptable keyshare, the server asks the client to retry, forcing an extra round-trip).

Application data is later encrypted with a key derived from the handshake secret, as well as other data, so the security of the application data depends on the security of the key agreement. However, all existing DH groups in TLS are vulnerable to quantum algorithms.

Supersingular-isogeny Diffie-Hellman

SIDH, proposed in 2011 by Luca De Feo and David Jao, is a relatively recent proposal for using elliptic curves to build a quantum-resistant Diffie-Hellman scheme.

Roughly speaking, rather than working within a single elliptic curve group, SIDH works within a family of related, "isogenous" elliptic curves.

An isogeny is a map phi : E_1 -> E_2 of elliptic curves which sends the identity element of the source curve E_1 to the identity of the target curve E_2. It turns out that for every isogeny phi: E_1 -> E_2, there's a dual isogeny psi: E_2 -> E_1, so we can say that two curves are isogenous if they're linked by an isogeny.

Now we can consider an isogeny graph, whose edges are isogenies and whose vertices are elliptic curves. Instead of choosing secret multiplication-by-n maps to move around inside one elliptic curve, Alice and Bob choose secret isogenies to move around inside a family of isogenous curves (i.e., they choose a random path through the isogeny graph), and the security of the system is related to the difficulty of computing isogenies between arbitrary curves.

The resulting diagram is slightly more complicated, but structurally similar to the one above:

What exactly is going on here? The starting curve E_0, as well as the points P_A, Q_A, P_B, Q_B, are system parameters.

An isogeny is uniquely determined by its kernel (the subgroup of points on the source curve which the isogeny maps to the identity point of the target curve). To choose an secret isogeny phi_A, Alice chooses secret scalars m_A, n_A, which determine a secret point [m_A]P_A + [n_A]Q_A, which generates the kernel subgroup <[m_A]P_A + [n_A]Q_A> and hence determines her secret isogeny phi_A. Alice evaluates phi_A at the points P_B, Q_B, and sends E_A, phi_A(P_B), phi_A(Q_B) to Bob, who does the same steps with A and B swapped.

Next, Alice uses E_B, phi_B(P_A), phi_B(Q_A) to construct an isogeny phi'_A with kernel <[m_A]phi_B(P_A) + [n_A]phi_B(Q_A)>, while Bob uses E_A, phi_A(P_B), phi_A(Q_B) to construct an isogeny phi'_B with kernel <[m_B]phi_A(P_B) + [n_B]phi_A(Q_B)>.

Now phi'_A maps to the curve E_AB, while phi'_B maps to the curve E_BA. The curves E_AB and E_BA are isomorphic. Since elliptic curves are classified by a number called the j-invariant, j(E_AB) = j(E_BA), and this is the shared secret between Alice and Bob.

A detailed technical explanation of this process can be found in the expansion to the SIDH paper by Luca De Feo, David Jao, and Jérôme Plût (the diagram above is Figure 1 of that paper), and an explanation in terms of rocket ships traveling through supersingular space-time can be found in this article by Luca De Feo. Alternately, there's a recording here of Deirdre Connolly's talk at the February 2017 Cloudflare Crypto Meetup.

In 2016, Craig Costello, Patrick Longa, and Michael Naehrig, at Microsoft Research, published a paper on efficient algorithms for SIDH, applying optimization techniques from high-speed ECC to the original SIDH proposal.

They also published a constant-time, optimized implementation written in C and assembly, and a patch to OpenSSL to create SIDH ciphersuites for TLS 1.2. My Go implementation builds on their work (both algorithms and code), as discussed below.

SIDH key agreement in Go TLS

The SIDH implementation in the p751sidh package has two parts: an outer p751sidh package containing SIDH functionality, and an inner p751toolbox package providing low-level functionality.

Because SIDH is implemented in terms of operations in a large finite field, the performance of the field arithmetic is critical to the performance of the protocol. Unfortunately, this requires writing assembly, because writing high-performance arithmetic is not possible in Go — it's simply not a design goal of the language. (There are a few reasons, most notably that there's no way to directly compute the (128-bit) product of 64-bit integers.)

The code is partially derived from the Microsoft Research implementation mentioned above. In particular, the field arithmetic is ported from the MSR assembly, and the implementation strategy follows their paper. (I experimented with a prototype implementation of field arithmetic using AVX2 and unsaturated limbs, but decided not to use it, since it got similar performance at the cost of less portability and more power use).

The assembly code for the lowest level field arithmetic is oriented around pointers to fixed-size buffers; this is wrapped in a Go API modeled after the big.Int API. To test that the code behaves correctly, I used Go's testing/quick package to write property-based tests, which generate random field elements and compare the results of various operations against the same operations using big.Int.

Curve and isogeny functions are implemented using the Go API, and the outer-level SIDH functions achieve comparable performance as compared to the MSR implementation. In rough benchmarks, the Go implementation appears to be within 2-6% of the MSR implementation. The entire implementation is constant-time.

Concretely, on a T460s, Skylake i7-6600U @2.6GHz¹, key generation and shared secret computations take 11-13ms. Note that unlike classic Diffie-Hellman, Alice and Bob's computations are slightly different, so they have different timings.

BenchmarkAliceKeyGen                      11,709,778 ns/op  
BenchmarkBobKeyGen                        13,073,380 ns/op  
BenchmarkSharedSecretAlice                11,256,985 ns/op  
BenchmarkSharedSecretBob                  12,984,817 ns/op  

This is much more computationally expensive than a conventional ECDH key agreement, or a lattice-based key agreement. However, from the point of view of latency, this might not be so bad. For example, 12 milliseconds is the round-trip distance between Paris and Amsterdam, and so a key agreement requiring extra communication could easily take longer, even if the computations were less expensive.

Because SIDH is still new and unproven, the TLS integration performs a hybrid key exchange: it sends both an X25519 keyshare and an SIDH keyshare, performs both X25519 and SIDH shared secret computations, and feeds both shared secrets into the TLS key derivation mechanism. This ensures that even if SIDH turns out to be broken, the key agreement is at least as secure as X25519.

The TLS component is implemented as part of tls-tris, Cloudflare's fork of Go's crypto/tls package, which has a partial implementation of TLS 1.3, Draft 18. Because tris didn't support client functionality, I implemented a basic TLS 1.3 client before working on SIDH.

The hybrid key exchange is specified using the group identifier 0xFE24. The 0xFE places it in the private-use reserved codeblock 0xFE00..0xFEFF, since standardizing SIDH would be premature at this time; the number 24 was chosen due to its deep mathematicalsignificance and connection to moonshine.

The entire SIDH integration takes less than 100 lines of code.

Misassembly hazards in Go assembly

The Microsoft Research SIDH implementation provides x64 assembly for field arithmetic, but Go's assembler uses a bespoke syntax derived from Plan 9, so reusing their assembly meant porting it to Go assembly.

When I first did this, the code produced incorrect results, even though all the instructions should have been exactly the same. I was eventually able to find the problem by dissassembling the generated Go binary, and comparing to the original assembly.

The original assembly was roughly of the form

  ...
  sbb    r10, rax
  movq   rax, 0
  sbb    rax, 0
  ...

The sbb dst, src instruction is "subtract with borrow"; this instruction reads the carry flag CF and sets dst = dst - (src + CF), CF = 1 if dst < src+CF. So, this code is supposed to set the rax register to 0 if the first subtraction did not underflow, and to 1111...11 if it did. (This value is used later in the computation as a mask). However, writing

  ...
  SBBQ    AX, R10
  MOVQ    $0, AX
  SBBQ    $0, AX
  ...

does not have the same result. The reason is that the Go assembler misassembles the MOVQ $0, AX instruction to xor eax, eax. This instruction has a shorter encoding. Unfortunately, it also has different behaviour: it clears the carry flag, breaking the program.

The reason this happens is that MOV in Go assembly is declared to be a "pseudoinstruction", which does not necessarily correspond to a literal mov instruction. Unfortunately, there's no specification of which instructions are pseudoinstructions, and what their behaviour is — MOV in Go assembly is defined to clobber flags, but this isn't documented outside of compiler internals.

To work around this issue, we can drop literal bytes into the instruction stream. In this case, we write

  #define ZERO_AX_WITHOUT_CLOBBERING_FLAGS BYTE   $0xB8; BYTE $0; BYTE $0; BYTE $0; BYTE $0;
  ...
  SBBQ    AX, R10
  ZERO_AX_WITHOUT_CLOBBERING_FLAGS
  SBBQ    $0, AX

to insert the bytes encoding the mov eax, 0 instruction, which leaves the carry flag intact.

Source Code

This implementation is still experimental, and should not be used in production without review. The computational cost of SIDH may keep it from being practical for short-lived client connections (at least in the near term). However, it may be suitable for long-lived connections, such as inter-datacenter connections, where the cost of the handshake is amortized over the length of the connection.

To find out more, the SIDH implementation can be found on GitHub as the p751sidh package. The TLS integration can be found on my hdevalence/sidh branch of tls-tris.

Thanks to Craig Costello, Diego Aranha, Deirdre Connolly, Nick Sullivan, Watson Ladd, Filippo Valsorda, and George Tankersley for their advice, comments, and discussions.

Saul Loeb/AFP/Getty

US President Donald Trump makes his priorities clear during a rally in West Virginia.

When the US National Academies of Science, Engineering, and Medicine (NASEM) speaks, the government usually listens. Last year, US government agencies spent US$216 million to commission NASEM expertise on issues from the scientific workforce to military implications of synthetic biology. Most NASEM reports are filled with caveats and make for dry reading. But occasionally, they pull no punches. A memorable 2009 report on the state of forensic science, for instance, concluded that almost every forensic method used in law enforcement is seriously flawed and that their use risks putting innocent people in jail. Given the academies’ stature, it’s hard for the government to brush off its hired commission when faced with such language.

Such concerns seem to weigh on the US Department of the Interior (DOI), which in 2016 commissioned a $1-million study of the potential health risks of surface coal mining on communities in West Virginia. Some evidence suggests that people who live near surface-mining operations — also known as mountaintop removal — have an unusually high rate of lung cancer and birth defects, which could be attributed to air and water pollution.

Launching the study — now halfway through its two-year term — was itself an achievement, given the political nature of the topic. Although much is known about the risks of coal mining to miners, little research has been done on its health impacts on local communities, not least because of attempts by the coal industry to hinder such work. Mining companies and trade organizations have sued for access to the e-mails of academics researching mountaintop removal, and have fought to keep peer-reviewed studies from being used in court. The National Mining Association questioned the value of the NASEM study when it was announced.

On 18 August, three days before the NASEM committee working on the study was due to meet in a Kentucky mining town, the DOI ordered a stop to the study, with immediate effect. The agency says it is reviewing spending on all projects that cost more than $100,000. “The Trump administration is dedicated to responsibly using taxpayer dollars in a way that advances the department’s mission and fulfils the roles mandated by Congress,” DOI spokeswoman Heather Swift said in a statement to Nature. She did not respond to questions about which other projects are under review. 

This is the first time that the administration of President Donald Trump has cancelled a NASEM study that has already started — a move that has rarely happened in the past, according to the academies.

In its statement about the cancellation, the NASEM said that its investigators “stand ready” to resume as soon as the DOI completes its review. But they’re likely to be waiting a long time. The Trump administration has made no secret of its fondness for the US coal industry, which employs around 76,000 people. (By comparison, around 1.2 million people live in counties where mountaintop removal takes place.) The DOI’s assertion that the decision is a budgetary one is suspect, especially given that the study has already spent a good amount of its budget.

It seems, instead, that the government would rather quash the review than risk it producing results that cast aspersions on the coal industry. This is par for the course for the DOI, whose head, Ryan Zinke, plans to downsize national parks in favour of resource extraction, and which has also suspended meetings with its independent advisory councils on issues concerning public lands.

With the near-daily news about the Trump administration weakening climate and environmental protections, it is easy to become fatigued. Yet the move to pre-empt the prestigious and independent NASEM is particularly concerning. It raises questions about what other studies could be cancelled if the government fears their results. It is another blow for science and for academic freedom.

In September, Stripe is supporting the development of Hypothesis, an open-source testing library for Python created by David MacIver. Hypothesis is the only project we’ve found that provides effective tooling for testing code for machine learning, a domain in which testing and correctness are notoriously difficult.

Instead of unit tests, Hypothesis lets you define certain properties of your functions that should hold true for every input. A property is a statement like “My sorting function should return a sorted list given any input list.” Every time the tests run, Hypothesis attempts to prove your properties wrong by feeding in thousands of automatically generated example inputs. If any of your properties break, Hypothesis returns the smallest possible example of failing input.

Here’s an example of a Hypothesis test:

from hypothesis import given
import hypothesis.strategies as st

@given(st.lists(st.integers()))
def test_reversing_twice_gives_same_list(xs):
    # This will generate lists of arbitrary length (usually between
    # 0 and 100 elements) whose elements are integers.
    ys = list(xs)
    ys.reverse()
    ys.reverse()
    assert xs == ys

This style of testing is a perfect match for machine learning workflows. We use machine learning to make products like Radar, which helps hundreds of thousands of Stripe users fight fraud at a global scale, more effective. Testing machine learning code is especially critical when your systems can have material consequences for users. Every day, we train many models on large datasets, but unit tests alone can’t capture all of the complexity of the possible input data. For the past few months we’ve been using Hypothesis to generate input data for our tests of the models behind Radar.

While working with Hypothesis, we found that support for property-based testing with Pandas and NumPy wasn’t built out. We’re excited to support the project in making concrete progress towards integrating with these two foundational, commonly-used libraries in Python’s ML toolkit.

We plan to use Hypothesis more broadly at Stripe and hope that the project’s development over the next few months also helps other companies reliably integrate machine learning into more products.

At Stripe, we regularly contribute to open-source projects and rely on open-source software for developing many different parts of our stack. We have a particularly strong interest in areas where the right tooling can provide outsized leverage to the larger developer community. If you’re working on such a project, we’d love to hear from you!