dryriver writes: There are occasions where multiple big tech manufacturers all announce the exact same innovation at the same time -- e.g. 4K UHD TVs. Everybody in broadcasting and audiovisual content creation knew that 4K/8K UHD and high dynamic range (HDR) were coming years in advance, and that all the big TV and screen manufacturers were preparing 4K UHD HDR product lines because FHD was beginning to bore consumers. It came as no surprise when everybody had a 4K UHD product announcement and demo ready at the same time. Something very unusual happened this year at GDC 2018 however. Multiple graphics and GPU companies, like Microsoft, Nvidia, and AMD, as well as other game developers and game engine makers, all announced that real-time ray tracing is coming to their mass-market products, and by extension, to computer games, VR content and other realtime 3D applications.

Why is this odd? Because for many years any mention of 30+ FPS real-time ray tracing was thought to be utterly impossible with today's hardware technology. It was deemed far too computationally intensive for today's GPU technology and far too expensive for anything mass market. Gamers weren't screaming for the technology. Technologists didn't think it was doable at this point in time. Raster 3D graphics -- what we have in DirectX, OpenGL and game consoles today -- was very, very profitable and could easily have evolved further the way it has for another 7 to 8 years. And suddenly there it was: everybody announced at the same time that real-time ray tracing is not only technically possible, but also coming to your home gaming PC much sooner than anybody thought. Working tech demos were shown. What happened? How did real-time ray tracing, which only a few 3D graphics nerds and researchers in the field talked about until recently, suddenly become so technically possible, economically feasible, and so guaranteed-to-be-profitable that everybody announced this year that they are doing it?

An anonymous reader quotes a report from Quartz: Zuckerberg should have heeded what he heard from the late Steve Jobs eight years ago. Then, when the social network had a measly half-billion users, Jobs spoke at The Wall Street Journal's AllThingsD conference, where Zuckerberg was in the audience, waiting to be interviewed himself, and described what privacy meant. Journalist Walt Mossberg asked Jobs his thoughts on recent privacy issues around Facebook (which at the time was revamping its privacy controls after criticism it was forcing people to share data) and Google (which was literally recording private wifi information), and whether Silicon Valley looks at privacy differently than the rest of the world.

"Silicon Valley is not monolithic," Jobs responded, "We've always had a very different view of privacy than some of our colleagues in the Valley." Apple, for instance, does not leave it up to developers to decide whether to be dutiful about warning users that their apps are tracking their location data, instead forcing pop-ups on users to alert them that an app is tracking them, and to turn off that ability if they don't want. "We do a lot of things like that, to ensure that people know what these apps are doing," he added. It's a stance his successor, Tim Cook, still holds. Mossberg then asked Jobs if that applied to Apple's own apps in the cloud. Here's what Jobs said: "Privacy means people know what they're signing up for, in plain English, and repeatedly. I'm an optimist; I believe people are smart, and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you're going to do with their data." If the company had been more forthright about how developers could take data shared with them by Facebook users and sold to third parties, it may not have been in the mess it's in today. Additionally, TechCrunch reports that Zuckerberg was warned about app permissions in 2011 by European privacy campaigner and lawyer Max Schrems. "In August 2011, Schrems filed a complaint with the Irish Data Protection Commission exactly flagging the app permissions data sinkhole (Ireland being the focal point for the complaint because that's where Facebook's European HQ is based)."

"[T]his means that not the data subject but 'friends' of the data subject are consenting to the use of personal data," wrote Schrems in the 2011 complaint, fleshing out consent concerns with Facebook's friends' data API. "Since an average facebook user has 130 friends, it is very likely that only one of the user's friends is installing some kind of spam or phishing application and is consenting to the use of all data of the data subject. There are many applications that do not need to access the users' friends personal data (e.g. games, quizzes, apps that only post things on the user's page) but Facebook Ireland does not offer a more limited level of access than 'all the basic information of all friends.'" [...] "The data subject is not given an unambiguous consent to the processing of personal data by applications (no opt-in). Even if a data subject is aware of this entire process, the data subject cannot foresee which application of which developer will be using which personal data in the future. Any form of consent can therefore never be specific," he added. It took Facebook from September 2012 until May 2014 and May 2015 to implement changes and tighten app permissions.

Thousands of etcd servers "are spitting sensitive passwords and encrypted keys," reports Fossbytes: Security researcher Giovanni Collazo was able to harvest 8781 passwords, 650 AWS access keys, 23 secret keys, and 8 private keys. First, he ran a query on the hacker search engine Shodan that returned around 2300 servers running etcd database. Then, he ran a simple script that gave him the login credentials stored on these servers which can be used to gain access to CMSs, MySQL, and PostgreSQL databases, etc.

etcd is a database used by computing clusters to store and exchange passwords and configuration settings between servers and applications over the network. With the default settings, its programming interface can return administrative login credentials without any authentication upfront... All of the data he harvested from around 1500 servers is around 750MB in size... Collazo advises that anyone maintaining etcd servers should enable authentication, set up a firewall, and take other security measures.
Another security research independently verified the results, and reported that one MySQL database had the root password "1234".

An anonymous reader quotes Application Development Trends: Oracle announced the general availability of Java SE 10 (JDK 10) this week. This release, which comes barely six months after the release of Java SE 9, is the first in the new rapid release cadence Oracle announced late last year. The new release schedule, which the company is calling an "innovation cycle," calls for a feature release every six months, update releases every quarter, and a long-term support (LTS) release every three years. Java 10 is a feature release that obsoletes Java 9. The next LTS release will be Java 11, expected in September. The next LTS version after that will be Java 17, scheduled for release in September 2021...

The six-month feature release cadence is meant to reduce the latency between major releases, explained is Sharat Chander, director of Oracle's Java SE Product Management group, said in a blog post. "This release model takes inspiration from the release models used by other platforms and by various operating-system distributions addressing the modern application development landscape," Chander wrote. "The pace of innovation is happening at an ever-increasing rate and this new release model will allow developers to leverage new features in production as soon as possible. Modern application development expects simple open licensing and a predictable time-based cadence, and the new release model delivers on both."
This release finally adds var to the Java language (though its use is limited to local variables with initializers or declared in a for-loop). It's being added "to improve the developer experience by reducing the ceremony associated with writing Java code, while maintaining Java's commitment to static type safety, by allowing developers to elide the often-unnecessary manifest declaration of local variable type."

HotHardware writes: NVIDIA has been dabbling in real-time ray tracing for over a decade. However, the company just introduced NVIDIA RTX, which is its latest effort to deliver real-time ray tracing to game developers and content creators for implementation in actual game engines. Historically, the computational horsepower to perform real-time ray tracing has been too great to be practical in actual games, but NVIDIA hopes to change that with its new Volta GPU architecture and the help of Microsoft's new DirectX Raytracing (DXR) API enhancements. Ray tracing is a method by which images are enhanced by tracing rays or paths of light as they bounce in and around an object (or objects) in a scene. Under optimum conditions, ray tracing delivers photorealistic imagery with shadows that are correctly cast; water effects that show proper reflections and coloring; and scenes that are cast with realistic lighting effects. NVIDIA RTX is a combination of software (the company's Gameworks SDK, now with ray tracing support), and next generation GPU hardware. NVIDIA notes its Volta architecture has specific hardware support for real-time ray tracing, including offload via its Tensor core engines. To show what's possible with the technology, developers including Epic, 4A Games and Remedy Entertainment will be showcasing their own game engine demonstrations this week at the Game Developers Conference. NVIDIA expects the ramp to be slow at first, but believes eventually most game developers will adopt real-time ray tracing in the future.

Magic Leap just announced a preview of its software development kit and "creator portal," which will offer resources for people who want to build for its yet-unreleased Magic Leap One headset. You can now download a preview build of the Unreal or Unity engines, designed for what Magic Leap dubs "spatial computing." This is one of Magic Leap's juiciest announcements, marking one of the secretive company's first steps toward establishing itself as an open platform. It also may be a sign that the company is finally close to releasing hardware. The Verge reports: The creator portal touts a set of tutorials, a community for technical support, and a "Magic Leap Simulator" that will presumably help people preview apps before they get a headset. The Magic Leap One was announced late last year, and it's supposed to be released this year, but we still don't know details about the exact date or pricing. The portal says that a marketplace called "Magic Leap World" will launch soon.

An anonymous reader quotes a report from Gadgets Now: Amazon is hiring 1,147 people just for its Alexa business. To put this number in perspective, it has to be mentioned that this number is higher than what Google is hiring for technical and product roles across its Alphabet group of companies including YouTube and Waymo. According to a report published in Forbes, Amazon is hiring engineers, data scientists, developers, analysts, payment services professionals among others. The Forbes report cites information released by Citi Research in association with Jobs.com. It's clear that Amazon is betting big on the smartphone speaker market if the hiring numbers are to go by. It was the first major company to come with a smart speaker and has almost 70% market share in the U.S. Google has been making in-roads with Google Home devices but still has a lot of catching up to do. The Citi report further mentions that other notable areas where Amazon is hiring are devices, advertising and seller services. Amazon is looking at hiring a total of about 1,700 employees for other divisions.

A new copyright proposal in the EU would require code-sharing platforms like GitHub and SourceForge to monitor all content that users upload for potential copyright infringement. "The proposal is aimed at music and videos on streaming platforms, based on a theory of a 'value gap' between the profits those platforms make from uploaded works and what copyright holders of some uploaded works receive," reports The GitHub Blog. "However, the way it's written captures many other types of content, including code."

Upload filters, also known as "censorship machines," are some of the most controversial elements of the copyright proposal, raising a number of concerns including: -Privacy: Upload filters are a form of surveillance, effectively a "general monitoring obligation" prohibited by EU law
-Free speech: Requiring platforms to monitor content contradicts intermediary liability protections in EU law and creates incentives to remove content
-Ineffectiveness: Content detection tools are flawed (generate false positives, don't fit all kinds of content) and overly burdensome, especially for small and medium-sized businesses that might not be able to afford them or the resulting litigation Upload filters are especially concerning for software developers given that: -Software developers create copyrightable works -- their code -- and those who choose an open source license want to allow that code to be shared
-False positives (and negatives) are especially likely for software code because code often has many contributors and layers, often with different licensing for different components
-Requiring code-hosting platforms to scan and automatically remove content could drastically impact software developers when their dependencies are removed due to false positives The EU Parliament continues to introduce new proposals for Article 13 but these issues remain. MEP Julia Reda explains further in a recent proposal from Parliament.

Chicago-based MBM Company's jewelry brand Limoges Jewelry has accidentally leaked the personal information for over 1.3 million people. This includes addresses, zip-codes, e-mail addresses, and IP addresses. The Germany security firm Kromtech Security, which found the leak via an unsecured Amazon S3 storage bucket, also claims the database contained plaintext passwords. The Next Web reports: In a press release, Kromtech Security's head of communicationis, Bob Diachenko, said: "Passwords were stored in the plain text, which is great negligence [sic], taking into account the problem with many users re-using passwords for multiple accounts, including email accounts." The [MSSQL database] backup file was named "MBMWEB_backup_2018_01_13_003008_2864410.bak," which suggests the file was created on January 13, 2018. It's believed to contain current information about the company's customers. Records held in the database have dates reaching as far back as 2000. The latest records are from the start of this year. Other records held in the database include internal mailing lists, promo-codes, and item orders, which leads Kromtech to believe that this could be the primary customer database for the company. Diachenko says there's no evidence a malicious third-party has accessed the dump, but that "that does not mean that nobody [has] accessed the data."

When the American job market heats up, demand for technology talent boils, an anonymous reader writes citing a Bloomberg report. From the story: Nationally, the unemployment rate was 4.1 percent in January, and analysts project that it declined to 4 percent, the lowest since 2000, in Labor Department figures due Friday. For software developers, the unemployment rate was 1.9 percent in 2017, down from 4 percent in 2011. While companies are writing bigger checks, they are also adopting new strategies to find engineers for an economy where software is penetrating even mundane processes. Companies are focusing more on training, sourcing new talent through apprenticeships, and looking at atypical pools of candidates who have transferable skills.

"It is probably the most competitive market in the last 20 years that I have been doing this," said Desikan Madhavanur, chief development officer at Scottsdale, Arizona-based JDA Software, whose products help companies manage supply chains. "We have to compete better to get our fair share." What's happening in the market for software engineers may help illustrate why one of the tightest American labor markets in decades isn't leading to broader wage gains. While technology firms are looking at compensation, they are also finding ways to create the supply of workers themselves, which helps hold costs down.

Stack Overflow has released the results of its annual survey of 100,000 developers, revealing the most-popular, top-earning, and preferred programming languages. ArsTechnica: JavaScript remains the most widely used programming language among professional developers, making that six years at the top for the lingua franca of Web development. Other Web tech including HTML (#2 in the ranking), CSS (#3), and PHP (#9). Business-oriented languages were also in wide use, with SQL at #4, Java at #5, and C# at #8. Shell scripting made a surprising showing at #6 (having not shown up at all in past years, which suggests that the questions have changed year-to-year), Python appeared at #7, and systems programming stalwart C++ rounded out the top 10.

These aren't, however, the languages that developers necessarily want to use. Only three languages from the most-used top ten were in the most-loved list; Python (#3), JavaScript (#7), and C# (#8). For the third year running, that list was topped by Rust, the new systems programming language developed by Mozilla. Second on the list was Kotlin, which wasn't even in the top 20 last year. This new interest is likely due to Google's decision last year to bless the language as an official development language for Android. TypeScript, Microsoft's better JavaScript than JavaScript comes in at fourth, with Google's Go language coming in at fifth. Smalltalk, last year's second-most loved, is nowhere to be seen this time around. These languages may be well-liked, but it looks as if the big money is elsewhere. Globally, F# and OCaml are the top average earners, and in the US, Erlang, Scala, and OCaml are the ones to aim for. Visual Basic 6, Cobol, and CoffeeScript were the top three most-dreaded, which is news that will surprise nobody who is still maintaining Visual Basic 6 applications thousands of years after they were originally written.

Google and Ubisoft announced on Tuesday they have a new project intended to improve the performance of fast-paced, online multi-player video games. From a report: The search giant said it teamed with Ubisoft -- the publisher of popular video games like Assassin's Creed and Far Cry -- to create a gaming developer framework intended for coders that work on online video games. The project is called Agones, which is Greek for "contest" or "gathering," and it will be available in open-source, meaning developers can use it for free and also contribute to the underlying technology. Google pitches Agones as a more cutting-edge way for developers to build multi-player games that don't crash or stutter when thousands of video gamers play at the same time.

Each time people want to play their favorite first-person shooter or other computer resource-heavy online video game with others, the underlying infrastructure that powers the online video game must create a special gaming server that hosts the players. The Agones framework was designed to more efficiently distribute the computing resources necessary to support each online gaming match, thus reducing the complexity of creating each special server while helping coders better track how the computing resources are being used.

Microsoft languages seem to be hitting the right note with coders across ops, data science, and app development. From a report: JavaScript remains the most popular programming language, but two offerings from Microsoft are steadily gaining, according to developer-focused analyst firm RedMonk's first quarter 2018 ranking. RedMonk's rankings are based on pull requests in GitHub, as well as an approximate count of how many times a language is tagged on developer knowledge-sharing site Stack Overflow. Based on these figures, RedMonk analyst Stephen O'Grady reckons JavaScript is the most popular language today as it was last year. In fact, nothing has changed in RedMonk's top 10 list with the exception of Apple's Swift rising to join its predecessor, Objective C, in 10th place. The top 10 programming languages in descending order are JavaScript, Java, Python, C#, C++, CSS, Ruby, and C, with Swift and Objective-C in tenth.

TIOBE's top programming language index for March consists of many of the same top 10 languages though in a different order, with Java in top spot, followed by C, C++, Python, C#, Visual Basic .NET, PHP, JavaScript, Ruby, and SQL. These and other popularity rankings are meant to help developers see which skills they should be developing. Outside the RedMonk top 10, O'Grady highlights a few notable changes, including an apparent flattening-out in the rapid ascent of Google's back-end system language, Go.

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 65 for Windows, Mac, Linux, and Android. Additions in this release include Material Design changes and new developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. Chrome 65 comes with a few visual changes. The most obvious is related to Google's Material Design mantra. The extensions page has been completely revamped to follow it. Next up, Chrome 65 replaces the Email Page Location link in Chrome for Mac's File menu with a Share submenu. As you might expect, Mac users can use this submenu to share the URL of a current tab via installed macOS Share Extensions. Speaking of Macs, Chrome 65 is also the last release for OS X 10.9 users. Chrome 66 will require OS X 10.10 or later. Moving on to developer features, Chrome 65 includes the CSS Paint API, which allows developers to programmatically generate an image, and the Server Timing API, which allows web servers to provide performance timing information via HTTP headers.

erickhill shares a short documentary about Samia Halaby, an 81-year-old Commodore Amiga artist and programmer: Samia Halaby is a world renowned painter who purchased a Commodore Amiga 1000 in 1985 at the tender age of 50 years old. She taught herself the BASIC and C programming languages to create "kinetic paintings" with the Amiga and has been using the Amiga ever since. Samia has exhibited in prestigious venues such as The Guggenheim Museum, The British Museum, Lincoln Center, The Chicago Institute of Art, Arab World Institute, Mathaf: Arab Museum of Modern Art, Sakakini Art Center, and Ayyam Gallery just to name a few.

AI has a new task: helping to keep the bugs out of video games. From a report: At the recent Ubisoft Developer Conference in Montreal, the French gaming company unveiled a new AI assistant for its developers. Dubbed Commit Assistant, the goal of the AI system is to catch bugs before they're ever committed into code, saving developers time and reducing the number of flaws that make it into a game before release. "I think like many good ideas, it's like 'how come we didn't think about that before?'," says Yves Jacquier, who heads up La Forge, Ubisoft's R&D division in Montreal. His department partners with local universities including McGill and Concordia to collaborate on research intended to advance the field of artificial intelligence as a whole, not just within the industry.

La Forge fed Commit Assistant with roughly ten years' worth of code from across Ubisoft's software library, allowing it to learn where mistakes have historically been made, reference any corrections that were applied, and predict when a coder may be about to write a similar bug. "It's all about comparing the lines of code we've created in the past, the bugs that were created in them, and the bugs that were corrected, and finding a way to make links [between them] to provide us with a super-AI for programmers," explains Jacquier.

A 1.35 terabit-per-second DDoS attack hit GitHub all at once last Wednesday. "It was the most powerful distributed denial of service attack recorded to date -- and it used an increasingly popular DDoS method, no botnet required," reports Wired. From the report: GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centers to weed out and block malicious packets. After eight minutes, attackers relented and the assault dropped off. "We modeled our capacity based on fives times the biggest attack that the internet has ever seen," Josh Shaul, vice president of web security at Akamai told WIRED hours after the GitHub attack ended. "So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It's one thing to have the confidence. It's another thing to see it actually play out how you'd hope."

Akamai defended against the attack in a number of ways. In addition to Prolexic's general DDoS defense infrastructure, the firm had also recently implemented specific mitigations for a type of DDoS attack stemming from so-called memcached servers. These database caching systems work to speed networks and websites, but they aren't meant to be exposed on the public internet; anyone can query them, and they'll likewise respond to anyone. About 100,000 memcached servers, mostly owned by businesses and other institutions, currently sit exposed online with no authentication protection, meaning an attacker can access them, and send them a special command packet that the server will respond to with a much larger reply.

An anonymous reader quotes i-Programmer: The results are in for the vote on the new name for Java Enterprise Edition, and unsurprisingly the voters have chosen Jakarta EE. The renaming has to happen because Oracle refused to let the name Java be used. The vote was to choose between two options - 'Jakarta EE' and 'Enterprise Profile'. According to Mike Milinkovich, executive director at the Eclipse Foundation, almost 7,000 people voted, and over 64% voted in favour of Jakarta EE. The other finalist, "Enterprise Profile," came in at just 35.6% of the votes when voted ended last Friday.
"Other Java projects have also been renamed in Eclipse," notes SD Times. "Glassfish is now Eclipse Glassfish. The Java Community Process is now the Eclipse EE.next Working Group, and Oracle development management is now Eclipse Enterprise for Java Project Management Committee."

The top priority for developing talent is to train for soft skills, according to LinkedIn's 2018 Workplace Learning Report which surveyed more than 4,000 professionals. From a report: The report found that while automation is requiring workers to maintain technical fluency across roles, the rise of machine-led tasks makes it necessary for them to do what machines can't, which is to be adaptable, critical thinkers who can lead and communicate well.

theodp writes: It's exactly five years since Code.org launched with the video What Most Schools Don't Teach ," noted Code.org in a Monday blog post entitled Dedicating Our 5 year Anniversary to our Partners. "Since then, tens of millions of students have begun learning computer science, hundreds of thousands of schools have begun teaching CS, tens of thousands of teachers have attended workshops to introduce CS in their classrooms, hundreds of school districts have added CS to their curriculum, and forty U.S. states and 25 countries have announced policies and plans to support CS in schools [...] We should start by thanking our amazing donors, particularly Amazon [$10+ million], Facebook [$10+ million], Google [$3+ million], Infosys [$10+ million], and Microsoft [$10+ million]. Whether it's corporate funders, foundations, or individual donors, without your generous funding, we wouldn't exist [...] Changing education policies in forty states wouldn't be possible without the help of Microsoft, College Board, Amazon, and every partner in the Code.org Advocacy Coalition [...] We're particularly fortunate and proud to have had the vocal support of Bill Gates [$4+ million] and Mark Zuckerberg [$1+ million] since day one." Hey, it takes a corporate village to raise a CS-savvy child!