An anonymous reader writes: A couple of years ago, Microsoft and Epic Games executives were mad at each other. Epic Games CEO Tim Sweeney called out Microsoft because he saw it making moves to close off the Windows 10 store and hurt the openness of the PC. Sweeney spoke up because he foresaw the arrival of new computing platforms like augmented reality and virtual reality, and he wanted those platforms to remain open. And now Sweeney has changed his tune, throwing Epic Games' support behind Microsoft's HoloLens 2 Development Edition, which will begin selling for $3,500 later this year.

He did that because Microsoft did a turnabout and approached HoloLens 2 as an open platform. And Epic Games will launch Unreal Engine 4 support for the hardware by the end of May. In an interview this week with GamesBeat, Sweeney said the companies had largely solved their differences with it comes to making choices in support of openness. "Epic loves Microsoft," he said. "Epic hearts Microsoft."

An anonymous reader writes: Hundreds of developers have had had Git source code repositories wiped and replaced with a ransom demand. The hacker removes all source code and recent commits from vitcims' Git repositories, and leaves a ransom note behind that asks for a payment of 0.1 Bitcoin (~$570). The hacker claims all source code has been downloaded and stored on one of their servers, and gives the victim ten days to pay the ransom; otherwise, they'll make the code public.

Hundreds of users have had code repositories wiped and replaced with ransom notes. The coordinated attack has hit Git repositories stored across multiple platforms, such as GitHub, GitLab,and Bitbucket. Some users who fell victim to this hacker have admitted to using weak passwords for their GitHub, GitLab, and Bitbucket accounts, and forgetting to remove access tokens for old apps they haven't used for months --both of which are very common ways in which online accounts usually get compromised. Several users also tried to pin the issue on the hacker using an exploit in SourceTree, a Git GUI app for Mac and Windows made by Atlassian; however, there is no evidence to support this theory, for the time being.

The next time you're streaming on Netflix, you can thank popular programming language Python and the developers who use it for much of the experience. From a report: According to Python developers at Netflix, the language is used through the "full content lifecycle", from security tools, to its recommendation algorithms, and its proprietary content distribution network (CDN) Open Connect, which ensures that content is streamed from network devices that are as close as possible to end users. Ahead of the Python Software Foundation's PyCon conference next week in Cleveland, the streaming giant has been detailing how it uses the open-source language.

To not a lot of surprise compared to the world of proprietary graphics drivers on Windows where once the support is retired the driver releases stop, old open-source Linux OpenGL drivers are found to be better maintained. From a report: Blender developers working on shipping Blender 2.80 this July as the big update to this open-source 3D modeling software today rolled out the Linux GPU requirements for this next release. The requirements themselves aren't too surprising and cover NVIDIA GPUs released in the last ten years, AMD GCN for best support, and Intel Haswell graphics or newer. In the case of NVIDIA graphics they tend to do a good job maintaining their legacy driver branches. With the AMD Radeon and Intel graphics, Blender developers acknowledge older hardware may work better on Linux.

Hackers have broken into an internet infrastructure firm that provides services to dozens of the world's largest and most valuable companies, including Oracle, Volkswagen, Airbus, and many more as part of an extortion attempt, Motherboard reported Tuesday. From the report: The attackers have also threatened to release data from all of those companies, according to a website seemingly set up by the hackers to distribute the stolen material. Citycomp, the impacted Germany-based firm, provides servers, storage, and other computer equipment to large companies, according to the company's website. Michael Bartsch, executive director of Deutor Cyber Security Solutions, a firm Citycomp said was authorized to speak about the case, confirmed the breach to Motherboard in an email Tuesday. "Citycomp has been hacked and blackmailed and the attack is ongoing," Bartsch wrote. "We have to be careful as the whole case is under police investigation and the attacker is trying all tricks."

Apple has issued a rare public statement following a report by the New York Times on Saturday that alleged Apple was cracking down on apps that its Screen Time feature emulates. From a report: The Times story says that over the past year, Apple has removed or restricted at least 11 of the 17 apps that offer Screen Time-like features. Screen Time is a feature on iOS 12 and later that allows a user to see how much time they spend on their iPhone, what apps they use the most, and the ability for the user or parents of the users to set limitations on the apps. While it's true that Apple has removed some of the apps from the App Store since the company introduced its Screen Time software, the company's senior vice president of worldwide marketing, Phil Schiller, said the Times did not publish the full reason Apple gave them as to why some of the competing apps were pulled. From Apple's response: Over the last year, we became aware that several of these parental control apps were using a highly invasive technology called Mobile Device Management, or MDM. MDM gives a third party control and access over a device and its most sensitive information including user location, app use, email accounts, camera permissions, and browsing history. We started exploring this use of MDM by non-enterprise developers back in early 2017 and updated our guidelines based on that work in mid-2017.

MDM does have legitimate uses. Businesses will sometimes install MDM on enterprise devices to keep better control over proprietary data and hardware. But it is incredibly risky -- and a clear violation of App Store policies -- for a private, consumer-focused app business to install MDM control over a customer's device. Beyond the control that the app itself can exert over the user's device, research has shown that MDM profiles could be used by hackers to gain access for malicious purposes.

An anonymous reader quotes TechCrunch: Automotive emissions, nuclear power plants, airplanes, application platforms, and electrical grids all share one thing in common: they are very complex, highly coupled systems... Engineers have matched some of this growing complexity with more sophisticated tools, mostly derived from greater computing power and better modeling. But there are limits to how far the technical tools can help here given our limits of organizational behavior about complexity in these systems. Even if engineers are (potentially) acquiring more sophisticated tools, management itself most definitely is not.... One pattern that binds all of these engineering disasters together is that they all had whistleblowers who were aware of the looming danger before it happened. Someone, somewhere knew what was about to transpire, and couldn't hit the red button to stop the line...

Engineering managers probably have the most challenging role, since they both need to sell upwards and downwards within an organization in order to maintain safety standards. The pattern that I have gleaned from reading many reports on disasters over the years indicates that most safety breakdowns start right here. The eng manager starts to prioritize business concerns from their leadership over the safety of their own product. Resistance of these pecuniary impulses is not enough -- safety has to be the watchword for everyone...

Finally, for individual contributors and employees, the key is to always be observant, to be thinking about safety and security while conducting engineering work, and to bring up any concerns early and often. Safety requires tenacity. And if the organization you are working for is sufficiently corrupt, then frankly, it might be incumbent on you to pull that proverbial red button and whistleblow to stop the madness.... [T]he demise of the ethical engineer doesn't have to be a fait accompli.

dryriver writes: A lot of people seem to believe that computers somehow need polygons, NURBS surfaces, voxels or point clouds "to be able to define and render 3D models to the screen at all." This isn't really true. All a computer needs to light, shade, and display a 3D model is to know the answer to the question "is there a surface point at coordinate XYZ or not." Many different mathematical structures or descriptors can be dreamed up that can tell a computer whether there is indeed a 3D model surface point at coordinate XYZ or behind a given screen pixel XY. Polygons/triangles are a very old approach to 3D graphics that was primarily designed not to overstress the very limited CPU and RAM resources of the first computers capable of displaying raster 3D graphics. The brains who invented the technique back in the late 1960s probably figured that by the 1990s at the latest, their method would be replaced by something better and more clever. Yet here we are in 2019 buying pricey Nvidia, AMD, and other GPUs that are primarily polygon/triangle accelerators.

Why is this? Creating good-looking polygon models is still a slow, difficult, iterative and money intensive task in 2019. A good chunk of the $60 you pay for an AAA PC or console game is the sheer amount of time, manpower and effort required to make everything in a 15-hour-long game experience using unwieldy triangles and polygons. So why still use polygons at all? Why not dream up a completely new "there is a surface point here" technique that makes good 3D models easier to create and may render much, much faster than polygons/triangles on modern hardware to boot? Why use a 50-year-old approach to 3D graphics when new, better approaches can be pioneered?

Google is banning app developer DO Global and removing their apps from the Google Play Store after it discovered the company was committing ad fraud. "As of today, 46 apps from DO Global, which is partly owned by internet giant Baidu, are gone from the Play store," reports BuzzFeed. "BuzzFeed News also found that DO Global apps no longer offer ad inventory for purchase via Google's AdMob network, suggesting the ban has also been extended to the internet giant's ad products." From the report: Prior to the app removals, DO Global had roughly 100 apps in the Play store with over 600 million installs. Their removal from the Play store marks one of the biggest bans, if not the biggest, Google has ever instituted against an app developer. DO Global was a subsidiary of Baidu until it was spun out last summer; Baidu retains a 34% stake. BuzzFeed News reported last week that at least six apps from DO included code that made them fraudulently click on ads even when a user was not using the app. The apps were also listed in the Play store under the generic developer names "Pic Tools Group" and "Photo Artist Studio," hosted their privacy policies on Tumblr, and did not disclose they were owned by DO. It's a violation of Play store policy to conceal ownership information, and to commit ad fraud. The ad fraud was detected by Check Point security, which responded to a request from BuzzFeed News to examine apps uncovered during its investigation.

Google removed those six apps, and claimed its internal systems had also flagged most of them for removal. Another 40 DO apps disappeared from the Play store this week, including 20 using the Do Global Games developer name, and 14 listed under Applecheer Studio. The apps listed different addresses and contact information in the store, making it difficult for the average user to see they were all owned by the same major developer.

UCLA professor Yang Yang's lab chock-full of coffee drinkers spent several years searching for a stability-enhancing additive to turn famously unstable perovskite PV cells into a useful product. Then, on a lark, Yang's graduate student Rui Wang suggested they try adding caffeine to the mix. To the team's surprise, caffeine produced longer lasting and more powerful solar cells. IEEE Spectrum reports: The work, completed with collaborators at Hong Kong-based PV firm Solargiga Energy Holdings and two Chinese universities, appears today in energy research journal Joule. Caffeine's calming effect starts during the creation of perovskite crystals. "Without caffeine, the crystallization process will just take 2 seconds, but with caffeine it will take 1 to 2 minutes," says Yang. The more deliberate growth process yields a perovskite material with larger grains of defect-free crystal. They are more stable mechanically and better at moving the charges created from incoming photons.

Caffeine also stabilizes perovskite PV cells during operation because each caffeine molecule can bind to two lead atoms at the boundaries of the crystal grains. This dual molecular lock ties the grains together and, Yang believes, hinders the movement of ions that threaten to reshape the crystal into a weaker pattern. The lab's best caffeine-treated cell captures incoming light with an efficiency of 19.8 percent, up from 17 percent for untreated cells, and retains 86 percent of its output after operating for 1,300 grueling hours at 85C. That's remarkable endurance compared with that of the lab's untreated cells, whose output plummeted by 40 percent after just 175 hours. Still, Yang says they need materials that hold it together through at least one to two years of accelerated testing to provide confidence that they can pump out power for several decades on a rooftop.

thegarbz writes: Epic games is no stranger to controversy recently. The Fortnight developer late last year launched its own games store in direct competition with Steam. Unlike Steam, however, Epic only claims a 12% fee for hosting a game on their store vs Steam's 30%. What has angered many is not the competition but rather Epic's strategy of nabbing up last minute Epic store exclusives sometimes right before launch even after customers already pre-ordered the game on other platforms. Last night Epic CEO Tim Sweeney tweeted that he will end exclusive agreements if Steam price matched the Epic store. From Kotaku: "If Steam committed to a permanent 88% revenue share for all developers and publishers without major strings attached," Sweeney wrote, "Epic would hastily organize a retreat from exclusives (while honoring our partner commitments) and consider putting our own games on Steam." thegarbz adds: While initially this looks like Epic is playing a good guy, there are many reasons to be skeptical. As covered previously Sweeney has aspirations for Epic to become the next Google or Facebook and it is unlikely that the practice of drawing people to your platform through exclusive agreements would be dropped, especially if Steam drops prices to increase competition. More likely the CEO is attempting to improve his company's image in a gaming community which has seen every Epic store exclusive game review bombed across other platforms, positively in the case of Metro Exodus, and negatively in the case of games like Borderlands 2, the squeal of which will be an Epic store exclusive.

An anonymous reader shares a report: Elastic isn't the only open source cloud tool company currently looking over its shoulder at AWS. In 2018 alone, at least eight firms have made similar "rule changes" designed to ward off what they see as unfair competition from a company intent on cannibalizing their services. In his blog post, Adrian Cockcroft, VP of cloud architecture strategy at Amazon Web Services (AWS), argued that by making part of its product suite proprietary, Elastic was betraying the core principles of the open source community. "Customers must be able to trust that open source projects stay open," Cockcroft wrote. "When important open source projects that AWS and our customers depend on begin restricting access, changing licensing terms, or intermingling open source and proprietary software, we will invest to sustain the open source project and community."

AWS's announcement did not attract the immediate attention of the Democratic presidential candidates or the growing cadre of antitrust activists who have recently set their sights on Amazon. But in the world of open source and free software, where picayune changes in arcane language can spark the internet equivalent of the Hundred Years War, the release of AWS's Open Distro for Elasticsearch launched a heated debate. [...] Sharone Zitzman, a respected commentator on open source software and the head of developer relations at AppsFlyer, an app development company, called Amazon's move a "hostile takeover" of Elastic's business. Steven O'Grady, co-founder of the software industry analyst firm RedMonk, cited it as an example of the "existential threat" that open source companies like Elastic believe a handful of cloud computing giants could pose.

Databricks, the company founded by the original developers of the Apache Spark big data analytics engine, today announced that it has open-sourced Delta Lake, a storage layer that makes it easier to ensure data integrity as new data flows into an enterprise's data lake by bringing ACID transactions to these vast data repositories. TechCrunch reports: Delta Lake, which has long been a proprietary part of Databrick's offering, is already in production use by companies like Viacom, Edmunds, Riot Games and McGraw Hill. The tool provides the ability to enforce specific schemas (which can be changed as necessary), to create snapshots and to ingest streaming data or backfill the lake as a batch job. Delta Lake also uses the Spark engine to handle the metadata of the data lake (which by itself is often a big data problem). Over time, Databricks also plans to add an audit trail, among other things.

What's important to note here is that Delta lake runs on top of existing data lakes and is compatible with the Apache spark APIs. The company is still looking at how the project will be governed in the future. "We are still exploring different models of open source project governance, but the GitHub model is well understood and presents a good trade-off between the ability to accept contributions and governance overhead," said Ali Ghodsi, co-founder and CEO at Databricks. "One thing we know for sure is we want to foster a vibrant community, as we see this as a critical piece of technology for increasing data reliability on data lakes. This is why we chose to go with a permissive open source license model: Apache License v2, same license that Apache Spark uses." To invite this community, Databricks plans to take outside contributions, just like the Spark project.

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 74 for Windows, Mac, Linux, Android, and iOS. The release includes support for a reduced motion media query, private class fields, feature policy improvements, and more developer features. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome.

Motion sickness in the browser is a real thing. Android provides an accessibility option to reduce motion whenever possible, as shown above in the âoeremove animationsâ setting. Chrome is now taking that a step further so websites can limit motion sickness when viewing parallax scrolling, zooming, and other motion effects. Chrome 74 introduces prefers-reduced-motion (part of Media Queries Level 5) that allows websites to honor when an operating system is set to limit motion effects. This might not seem like a big deal today, but it could be very useful if websites start abusing motion effects. Check out the full changelog for more information on this release.

Alex Gaynor is a software engineer at Mozilla working on Firefox, after previously serving as a director of both the Python Software Foundation and the Django Software Foundation.

In a new blog post today, he argues that memory unsafe languages, "principally C and C++," induce an exceptional number of security vulnerabilities, and that the industry needs to migrate to memory-safe languages like Rust and Swift by default. One of the responses I frequently receive is that the problem isn't C and C++ themselves, developers are simply holding them wrong. In particular, I often receive defenses of C++ of the form, "C++ is safe if you don't use any of the functionality inherited from C" or similarly that if you use modern C++ types and idioms you will be immune from the memory corruption vulnerabilities that plague other projects. I would like to credit C++'s smart pointer types, because they do significantly help. Unfortunately, my experience working on large C++ projects which use modern idioms is that these are not nearly sufficient to stop the flood of vulnerabilities...

Modern C++ idioms introduce many changes which have the potential to improve security: smart pointers better express expected lifetimes, std::span ensures you always have a correct length handy, std::variant provides a safer abstraction for unions. However modern C++ also introduces some incredible new sources of vulnerabilities: lambda capture use-after-free, uninitialized-value optionals, and un-bounds-checked span.

My professional experience writing relatively modern C++, and auditing Rust code (including Rust code that makes significant use of unsafe) is that the safety of modern C++ is simply no match for memory safe by default languages like Rust and Swift (or Python and JavaScript, though I find it rare in life to have a program that makes sense to write in either Python or C++). There are significant challenges to migrating existing, large, C and C++ codebases to a different language -- no one can deny this. Nonetheless, the question simply must be how we can accomplish it, rather than if we should try.
The post highlights what he describes as "completely modern C++ idioms which produce vulnerabilities" -- including an example of dangling pointers "despite our meticulous use of smart pointers throughout..."

"Even with the most modern C++ idioms available, the evidence is clear that, at scale, it's simply not possible to hold C++ right."

"Red Hat is taking over maintenance responsibilities for OpenJDK 8 and OpenJDK 11 from Oracle," reports InfoWorld: Red Hat will now oversee bug fixes and security patches for the two older releases, which serve as the basis for two long-term support releases of Java. Red Hat's updates will feed into releases of Java from Oracle, Red Hat, and other providers... Previously, Red Hat led the OpenJDK 6 and OpenJDK 7 projects. Red Hat is not taking over OpenJDK 9 or OpenJDK 10, which were short-term releases with a six-month support window.

"At the first annual charity event conducted by Puget Sound Programming Python on April 2, four legendary language creators came together to discuss the past and future of language design," reports PacktPub.

- Guido van Rossum, the creator of Python
- James Gosling, the founder, and lead designer behind the Java programming language
- Anders Hejlsberg, the original author of Turbo Pascal who has also worked on the development of C# and TypeScript
- Larry Wall, the creator of Perl

You can watch the video here -- the speaker introductions start about 50 minutes into the video-- or read PacktPub's summary of the event: Guido van Rossum said designing a programming language is very similar to the way JK Rowling writes her books, the Harry Potter series... He says JK Rowling is a genius in the way that some details that she mentioned in her first Harry Potter book ended up playing an important plot point in part six and seven... When designing a language we start with committing to certain details like the keywords we want to use, the style of coding we want to follow, etc. But, whatever we decide on we are stuck with them and in the future, we need to find new ways to use those details, just like Rowling...

When James Gosling was asked how Java came into existence and what were the design principles he abided by, he simply said, "it didn't come out of like a personal passion project or something. It was actually from trying to build a prototype.... It started out as kind of doing better C and then it got out of control that the rest of the project really ended up just providing the context." In the end, the only thing out of that project survived was Java...

Larry Wall wanted to create a language that was more like a natural language. Explaining through an example, he said, "Instead of putting people in a university campus and deciding where they go we're just gonna see where people want to walk and then put shortcuts in all those places." A basic principle behind creating Perl was to provide APIs to everything. It was aimed to be both a good text processing language linguistically but also a glue language....

Similar to the views of Guido van Rossum, Anders Hejlsberg adds that any decision that you make when designing a language you have to live with it. When designing a language you need to be very careful about reasoning over what "not" to introduce in the language.
There was also some discussion of types -- Gosling believes they help improve performance, while Hejlsberg said types are also useful when building coding tools. "It turns out that you can actually be more productive by adding types if you do it in a non-intrusive manner and if you work hard on doing good type inference and so forth." In fact, Hejlsberg told the audience that the TypeScript project was inspired by massive "write-only" JavaScript code bases, while a semantic understanding (including a type system) makes refactoring easier.

Guido van Rossum acknowledged that TypeScript "is actually incredibly useful and so we're adding a very similar idea to Python. We are adding it in a slightly different way because we have a different context.... I've learned a painful lesson, that for small programs dynamic typing is great. For large programs, you have to have a more disciplined approach. And it helps if the language actually gives you that discipline, rather than telling you, 'Well, you can do whatever you want.'"

In the video Larry Wall says the Perl 6 team had also noticed the limitations of loose typing, and added a robust type system to Perl 6 to "help with programming in the large."

This was the first annual benefit for CSforALL, a group promoting high-quality computer science classes at every grade level.

Slashdot reader omfglearntoplay shared this article from IEEE's Spectrum. In "How the Boeing 737 Max Disaster Looks to a Software Developer," pilot (and software executive) Gregory Travis argues Boeing tried to avoid costly hardware changes to their 737s with a flawed software fix -- specifically, the Maneuvering Characteristics Augmentation System (or MCAS): It is astounding that no one who wrote the MCAS software for the 737 Max seems even to have raised the possibility of using multiple inputs, including the opposite angle-of-attack sensor, in the computer's determination of an impending stall. As a lifetime member of the software development fraternity, I don't know what toxic combination of inexperience, hubris, or lack of cultural understanding led to this mistake. But I do know that it's indicative of a much deeper problem. The people who wrote the code for the original MCAS system were obviously terribly far out of their league and did not know it.

So Boeing produced a dynamically unstable airframe, the 737 Max. That is big strike No. 1. Boeing then tried to mask the 737's dynamic instability with a software system. Big strike No. 2. Finally, the software relied on systems known for their propensity to fail (angle-of-attack indicators) and did not appear to include even rudimentary provisions to cross-check the outputs of the angle-of-attack sensor against other sensors, or even the other angle-of-attack sensor. Big strike No. 3... None of the above should have passed muster. None of the above should have passed the "OK" pencil of the most junior engineering staff... That's not a big strike. That's a political, social, economic, and technical sin...

The 737 Max saga teaches us not only about the limits of technology and the risks of complexity, it teaches us about our real priorities. Today, safety doesn't come first -- money comes first, and safety's only utility in that regard is in helping to keep the money coming. The problem is getting worse because our devices are increasingly dominated by something that's all too easy to manipulate: software.... I believe the relative ease -- not to mention the lack of tangible cost -- of software updates has created a cultural laziness within the software engineering community. Moreover, because more and more of the hardware that we create is monitored and controlled by software, that cultural laziness is now creeping into hardware engineering -- like building airliners. Less thought is now given to getting a design correct and simple up front because it's so easy to fix what you didn't get right later.
The article also points out that "not letting the pilot regain control by pulling back on the column was an explicit design decision. Because if the pilots could pull up the nose when MCAS said it should go down, why have MCAS at all?

"MCAS is implemented in the flight management computer, even at times when the autopilot is turned off, when the pilots think they are flying the plane."

Rogers Cadenhead (Slashdot reader #4,482) writes: Joe Armstrong, the computer scientist best known as one of the creators of the Erlang programming language, died Saturday. Erlang Solutions founder Francesco Cesarini shared the news on Twitter and said, "His work has laid the foundation which will be used by generations to come. RIP @joeerl, thank you for inspiring us all."

Erlang was created by Armstrong, Robert Virding and Mike Williams at the Ericsson telecom company in 1986 and became open source 12 years later. It is known for functional programming, immutable data, code hot-swapping and systems that require insanely high levels of availability.
In another Tweet, Cesarini asks people to share their own memories of Armstrong -- " funny, enlightening or plain silly." And Ulf Wiger, who describes himself as an Erlang old-timer, remembered giving a talk about how to avoid projects dominated by mediocrity. "I used Joe as an example of a 'brilliant developer, but hard to fit into a regular project.'"

Joe had replied, "I am very EASY to fit into regular projects! It's just that so few projects are regular..."

Microsoft has introduced a new open source programming language called Bosque that aspires to be simple and easy to understand by embracing algebraic operations and shunning techniques that create complexity. From a report: Bosque was inspired by the syntax and types of TypeScript and the semantics of ML and Node/JavaScript. It's the brainchild of Microsoft computer scientist Mark Marron, who describes the language as an effort to move beyond the structured programming model that became popular in the 1970s. The structured programming paradigm, in which flow control is managed with loops, conditionals, and subroutines, became popular after a 1968 paper titled "Go To Statement Considered Harmful" by computer scientist Edsger Dijkstra. Marron believes we can do better by getting rid of sources of complexity like loops, mutable state, and reference equality. The result is Bosque, which represents a programming paradigm that Marron, in a paper he wrote, calls "regularized programming."