An anonymous reader quotes a report from Gamasutra: In the wake of Activision Blizzard's massive layoff wave, a move that was announced in the same call as the company's record quarter, the union federation AFL-CIO has published an open letter to game developers urging members of the industry to organize. The AFL-CIO itself is the largest labor organization in the United States and counts 55 individual unions (and more than 12.5 million workers) among its affiliates. The letter, readable in full on Kotaku, calls out many of the issues that have prompted conversations about unionization in just recent years like excessive crunch, toxic work conditions, inadequate pay, and job instability. The industry, points out AFL-CIO's secretary-treasurer Liz Shuler, boasted sales 3.6 times greater than those of the film industry in 2018, yet much of that financial success isn't felt by the developers working on the games that generate those billions. "Executives are always quick to brag about your work. It's the talk of every industry corner office and boardroom. They pay tribute to the games that capture our imaginations and seem to defy economic gravity. They talk up the latest innovations in virtual reality and celebrate record-smashing releases, as your creations reach unparalleled new heights," says Shuler.

"My question is this: what have you gotten in return? They get rich. They get notoriety. They get to be crowned visionaries and regarded as pioneers. What do you get? Outrageous hours and inadequate paychecks. Stressful, toxic work conditions that push you to your physical and mental limits. The fear that asking for better means risking your dream job. [...] Change will happen when you gain leverage by joining together in a strong union. And, it will happen when you use your collective voice to bargain for a fair share of the wealth you create every day. No matter where you work, bosses will only offer fair treatment when you stand together and demand it."

After years of fighting the idea, Sony announced last September it is finally bringing "cross-platform gameplay, progression, and commerce" to the PlayStation Network, with Fortnite as the first example. Months later, the company's efforts have yet to gain wide traction and now we may have identified the bottleneck: Sony. Several major third-party developers have accused the company of standing in the way of letting the PS4 versions of their games play nicely with other platforms. ArsTechnica reports: "We just launched Wargroove with crossplay between PC, Switch, and Xbox," Chucklefish CEO Finn "Tiy" Brice wrote on the ResetEra forums. "We made many requests for crossplay (both through our [Sony] account manager and directly with higher-ups) all the way up until release month. We were told in no uncertain terms that it was not going to happen." Brice's comments came days after new Hi-Rez Studios CEO Stew Chisam tweeted at Sony that the studio was "ready to go when you are" for cross-play on Smite, Paladins, and Realm Royale. "It's time to stop playing favorites and tear down the crossplay/progression wall for everyone," he said.

In a follow-up tweet, Chisam explained that Xbox/Switch cross-play has led to a direct improvement in the Paladins online user experience, including reduced wait times, more balanced matchmaking, and fewer "bad" matches overall. Brice's comments in particular come in direct response (and contradiction) to a recent Game Informer interview in which Sony Interactive Entertainment chairman Shawn Layden said that cross-play was open to pretty much any PS4 developer that wants it.

In a year-in-review announcement today, Google said Play Store app rejections went up 55% last year after the OS maker tightened up its app review process. From a report: Similarly, stats for app suspensions also went up, by more than 66%, according to Google, which the company credited to its continued investment in "automated protections and human review processes that play critical roles in identifying and enforcing on bad apps." One of the most significant roles in the automated systems cited by Google in identifying malware is the Google Play Protect service, which is currently included by default with the official Play Store app. Google said this service now scans over 50 billion apps per day, and even goes as far as downloading and scanning every Android app it finds on the internet.

[...] Play Store's automated systems are now getting better and better at detecting threats, so much so that Google is now seeing clear patterns. "We find that over 80% of severe policy violations are conducted by repeat offenders and abusive developer networks," Ahn said. "When malicious developers are banned, they often create new accounts or buy developer accounts on the black market in order to come back to Google Play."

An anonymous reader shares an excerpt from an Ars Technica report: Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's own features to protect the bad code. As well as making malware in general harder to examine, bad actors could use this protection to, for example, write ransomware applications that never disclose their encryption keys in readable memory, making it substantially harder to recover from attacks. The research, performed at Graz University of Technology by Michael Schwarz, Samuel Weiser, and Daniel Gruss (one of the researchers behind last year's Spectre attack), uses a feature that Intel introduced with its Skylake processors called SGX ("Software Guard eXtensions"). SGX enables programs to carve out enclaves where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). The contents of an enclave are transparently encrypted every time they're written to RAM and decrypted upon being read. The processor governs access to the enclave memory: any attempt to access the enclave's memory from code outside the enclave is blocked; the decryption and encryption only occurs for the code within the enclave.

SGX has been promoted as a solution to a range of security concerns when a developer wants to protect code, data, or both, from prying eyes. For example, an SGX enclave running on a cloud platform could be used to run custom proprietary algorithms, such that even the cloud provider cannot determine what the algorithms are doing. On a client computer, the SGX enclave could be used in a similar way to enforce DRM (digital rights management) restrictions; the decryption process and decryption keys that the DRM used could be held within the enclave, making them unreadable to the rest of the system. There are biometric products on the market that use SGX enclaves for processing the biometric data and securely storing it such that it can't be tampered with. SGX has been designed for this particular threat model: the enclave is trusted and contains something sensitive, but everything else (the application, the operating system, and even the hypervisor) is potentially hostile. While there have been attacks on this threat model (for example, improperly written SGX enclaves can be vulnerable to timing attacks or Meltdown-style attacks), it appears to be robust as long as certain best practices are followed.

Video game publisher Ubisoft is working with Mozilla to develop an AI coding assistant called Clever-Commit, head of Ubisoft La Forge Yves Jacquier announced during DICE Summit 2019 on Tuesday. From a report: Clever-Commit reportedly helps programmers evaluate whether or not a code change will introduce a new bug by learning from past bugs and fixes. The prototype, called Commit-Assistant, was tested using data collected during game development, Ubisoft said, and it's already contributing to some major AAA titles. The publisher is also working on integrating it into other brands. "Working with Mozilla on Clever-Commit allows us to support other programming languages and increase the overall performances of the technology. Using this tech in our games and Firefox will allow developers to be more productive as they can spend more time creating the next feature rather than fixing bugs. Ultimately, this will allow us to create even better experiences for our gamers and increase the frequency of our game updates," said Mathieu Nayrolles, technical architect, data scientist, and member of the Technological Group at Ubisoft Montreal.

IBM announced on Tuesday that some of its Watson AI services will now work on rival cloud computing providers as it seeks to win over customers that want greater flexibility in how they store and analyze data. From a report: The announcement builds on IBM's moves to position its services as compatible with nearly any form of computer infrastructure a customer wants to operate. Other efforts include a pending acquisition of open-source software company Red Hat for $34 billion. With the change, companies will be able to use Watson AI tools such as Watson Assistant, which can help them develop conversational services such as a virtual customer service agent, in mobile apps hosted on Amazon and Microsoft as well as IBM servers.

An anonymous reader quotes a report from TechCrunch: Google today announced the general availability of a new API for Google Docs that will allow developers to automate many of the tasks that users typically do manually in the company's online office suite. The API has been in developer preview since last April's Google Cloud Next 2018 and is now available to all developers. As Google notes, the REST API was designed to help developers build workflow automation services for their users, build content management services and create documents in bulk. Using the API, developers can also set up processes that manipulate documents after the fact to update them, and the API also features the ability to insert, delete, move, merge and format text, insert inline images and work with lists, among other things.

The canonical use case here is invoicing, where you need to regularly create similar documents with ever-changing order numbers and line items based on information from third-party systems (or maybe even just a Google Sheet). Google also notes that the API's import/export abilities allow you to use Docs for internal content management systems.

Over 20,000 programmers from more than 150 different countries provided answers for the second annual Python Developers Survey (conducted by the Python Software Foundation and JeBrains).

An anonymous reader submitted this condensed version of their results: 84% of Python users in our survey use Python as their main language...up 5 percentage points from 79% in 2017. But half of all Python users in the survey also use JavaScript, and 47% more say they use HTML/CSS. Reported use of Bash/Shell has also grown from 36% in 2017 to 45% in 2018. [Later 93% of respondents said that their activities included Software testing/Writing automated tests.] Python users who report that they also use Go and SQL have both increased by 2 percentage points, while many other languages (including C/C++, Java, and C#) have decreased their share...

When asked "What do you use Python for?" data analysis has become more popular than Web development, growing from 50% in 2017 to 58% in 2018. Machine learning also grew by 7 percentage points. These types of development are experiencing faster growth than Web development, which has only increased by 2 percentage points when compared to the previous year...

Almost two-thirds of respondents selected Linux as their development environment OS. Most people are using free or open source databases such as PostgreSQL, MySQL, or SQLite... Twenty-something was the prevalent age range among our respondents, with almost a third being in their thirties. [31% more were between the ages of 30 and 39.]

An anonymous reader quotes a report from TechCrunch: Apple is telling app developers to remove or properly disclose their use of analytics code that allows them to record how a user interacts with their iPhone apps -- or face removal from the app store, TechCrunch can confirm. In an email, an Apple spokesperson said: "Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity." "We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary," the spokesperson added.

It follows an investigation by TechCrunch that revealed major companies, like Expedia, Hollister and Hotels.com, were using a third-party analytics tool to record every tap and swipe inside the app. We found that none of the apps we tested asked the user for permission, and none of the companies said in their privacy policies that they were recording a user's app activity. Even though sensitive data is supposed to be masked, some data -- like passport numbers and credit card numbers -- was leaking.

Maximiliano Firtman: Chrome 72 for Android shipped the long-awaited Trusted Web Activity feature, which means we can now distribute PWAs in the Google Play Store! I played with the feature for a while, digging into the APIs and here you have a summary of what's going on, what to expect and how to use it today. Chrome 72 for Android is now shipping from the Play Store to all users and this version included Trusted Web Activity (TWA), that in a nutshell is a way to open Chrome in standalone mode (without any toolbar or Chrome UI) within the scope of our own native Android package. Let me start saying that the publishing process is not straightforward as it should be (such as "enter your URL" in the Play Console and it's done). It's also not a way to use the currently available WebAPK and publish it in the store. It's a Java API that communicates through services with Chrome and seem to be in the early stages, so there is a lot of manual work to do yet today.

Homebrew, a popular package manager for macOS, has released version 2.0 with official support for Linux and Windows 10 (with Windows Subsystem Linux). Cross-platform setup scripts just got a whole lot easier. Other highlights: Homebrew does not run on OS X Mountain Lion (10.8) and below. For 10.4 - 10.6 support, see Tigerbrew. This has allowed us to remove large amounts of legacy code.
Homebrew does not migrate old, pre-1.0.0 installations from the Homebrew/legacy-homebrew (formerly Homebrew/homebrew repository. This has allowed us to delete legacy code that dealt with migrations from old versions.
Homebrew does not have any formulae with options in Homebrew/homebrew-core. Options will still be supported and encouraged by third-party taps. This change allows us to better focus on delivering binary packages rather than options. Formulae with options had to be built from source, could not be tested on our CI system and provided a disproportionate support burden on our volunteer maintainers.

This week HackerRank reported Java is now only the second most popular programming language, finally dropping behind JavaScript in the year 2018.

Now long-time Slashdot reader shanen asks about the rumors that Java is dead -- or is it?

Can you convince me that Java isn't as dead as it seems? It's just playing dead and will spring to life?
This week one Java news site argued that Java-based Minecraft has in fact "spawned a new generation of Java developers," citing an interview with Red Hat's JBoss Middleware CTO. (And he adds that "It's still the dominant programming language in the enterprise, so whether you're building enterprise clients, services or something in between, Java likely features in there somewhere.") Yet the original submission drew some interesting comments:

• "The licensing scheme for Java kills it..."

• "Java programs still are 'the alien on your desktop'. They suck in many ways. Users have learned to avoid them and install 'real programs' instead..."

But what do Slashdot's readers think? Leave your own answers in the comments.

How dead is Java?

An AI-enhanced tool that suggests code snippets for Python developers in real time just raised $17 million in VC funding to expand its R&D team "with a focus on accelerating developer productivity."

An anonymous reader quotes VentureBeat: "Our mission is to bring the latest advancements in AI and machine learning (ML) to make writing code fluid, effortless, and more enjoyable," explained [founder Adam] Smith. "Developers using Kite can focus their productive energy toward solving the next big technical challenges, instead of searching the web for code examples illustrating mundane and frequently repeated code patterns...."

Instead of relying on the cloud to run its AI engine, Kite now runs locally on a user's computer, letting developers use it offline and without having to upload any code. (Kite still trains its machine learning models with thousands of publicly available code sources from highly rated developers.) Furthermore, running locally allows Kite to fully operate with lower latencies... In addition to ditching the cloud, the new version of Kite brings a feature the team calls Line-of-Code Completions. Until now, Kite's machine learning models could only suggest the next "token" in a line of code. Line-of-Code Completions can complete entire function calls with a single keystroke... The team boasts that Kite is "the only developer product on the market to offer such advanced completions."
"Today, Kite is used by more than 30,000 Python developers worldwide," reports VentureBeat, adding it locally-based ML plugin is available for top Python IDEs including Visual Studio Code, Atom, Sublime Text, PyCharm, IntelliJ, and Vim.

Kite's investors include the CEO of GitHub, as well as the founders of Dropbox, Paypal, and Twitch.tv, and the company hopes to eventually support more languages, starting with either Java, JavaScript, or Go.

A Dutch security researcher says he found credentials for the Russian government's backdoor account for accessing servers of businesses operating in Russia, ZDNet reports: The researcher says that after his initial finding, he later found the same "admin@kremlin.ru" account on over 2,000 other MongoDB databases that had been left exposed online, all belonging to local and foreign businesses operating in Russia. Examples include databases belonging to local banks, financial institutions, big telcos, and even Disney Russia.... "The first time I saw these credentials was in the user table of a Russian Lotto website," Victor Gevers told ZDNet in an interview Monday. "I had to do some digging to understand that the Kremlin requires remote access to systems that handle financial transactions....

"All the systems this password was on were already fully accessible to anyone," Gevers said. "The MongoDB databases were deployed with default settings. So anyone without authentication had CRUD [Create, Read, Update and Delete] access."
"It took a lot of time and also many attempts to contact and warn the Kremlin about this issue," the researcher added -- specifically, three years, five months and 15 days. The Kremlin reused the same credentials "everywhere," reports IT News, "leaving a large number of businesses open to access from the internet."

Long-time Slashdot reader Bismillah calls it "an illustration of the dangers of giving governments backdoors into systems and networks."

An anonymous reader quotes a report from TechCrunch: India's largest bank has secured an unprotected server that allowed anyone to access financial information on millions of its customers, like bank balances and recent transactions. The server, hosted in a regional Mumbai-based data center, stored two months of data from SBI Quick, a text message and call-based system used to request basic information about their bank accounts by customers of the government-owned State Bank of India (SBI), the largest bank in the country and a highly ranked company in the Fortune 500. But the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers' information.

The passwordless database allowed us to see all of the text messages going to customers in real time, including their phone numbers, bank balances and recent transactions. The database also contained the customer's partial bank account number. Some would say when a check had been cashed, and many of the bank's sent messages included a link to download SBI's YONO app for internet banking. The bank sent out close to three million text messages on Monday alone. The database also had daily archives of millions of text messages each, going back to December, allowing anyone with access a detailed view into millions of customers' finances. SBI claims more than 500 million customers across the globe with 740 million accounts.

secwatcher shares a report from Threatpost: A gamut of kids' GPS-tracking watches are exposing sensitive data involving 35,000 children -- including their location, in real time. Researchers from Pen Test Partners specifically took a look at the Gator portfolio of watches from TechSixtyFour. The Gator line had been in the spotlight in 2017 for having a raft of vulnerabilities, called out by the Norwegian Consumers Council in its WatchOut research. "A year on, we decided to have a look at the Gator watch again to see how their security had improved," said Vangelis Stykas, in a Tuesday posting. "Guess what: a train wreck. Anyone could access the entire database, including real-time child location, name, parents' details etc. Not just Gator watches either -- the same back end covered multiple brands and tens of thousands of watches." "At issue was an easy-to-exploit, severe privilege-escalation vulnerability: The system failed to validate that the user had the appropriate permission to take admin control," reports Threatpost. "An attacker with access to the watch's credentials simply needed to change the user level parameter in the backend to an admin designation, which would provide access to all account information and all watch information."

Facebook is not the only one abusing Apple's system for distributing employee-only apps to sidestep the App Store and collect extensive data on users. Google has been running an app called Screenwise Meter, which bears a strong resemblance to the app distributed by Facebook Research that has now been barred by Apple, TechCrunch reported Wednesday. From the report: In its app, Google invites users aged 18 and up (or 13 if part of a family group) to download the app by way of a special code and registration process using an Enterprise Certificate. That's the same type of policy violation that led Apple to shut down Facebook's similar Research VPN iOS app, which had the knock-on effect of also disabling usage of Facebook's legitimate employee-only apps -- which run on the same Facebook Enterprise Certificate -- and making Facebook look very iffy in the process. It needs to be pointed out that Google's app is relatively transparent about what it does and who runs it.

Following Mozilla's footsteps, Google has released Chrome 72 for Windows, Mac, and Linux. From a report: The release includes code injection blocking and new developer features. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers often must make an effort to stay on top of everything available -- as well as what has been deprecated or removed -- most notably, Chrome 72 removes support for Chromecast setup on a computer. To set up a Chromecast, you'll now need to use a mobile device.

As this isn't a major release, there aren't many new features to cover. Chrome 72 for Windows, however, blocks code injections, reducing crashes caused by third-party software. The initiative to block code injections in Chrome started last year, with warnings letting users know that Chrome was fighting back. Those warnings are now gone, and Chrome blocks code injections full stop. Further reading: All the Chromium-based browsers.

An anonymous reader writes: Today, HackerRank released the 2019 edition of its annual Developer Skills Report (PDF), surveying over 71,000 software developers from more than 100 countries. Every single industry requires software developers, meaning competition for technical talent is fierce. The idea here is to help everyone from CEOs and executives to hiring managers and recruiters understand the developers they're pursuing. We've put together a quick video to summarize the results. HackerRank asked developers which programming languages they knew and which ones they wanted to learn. Seventy-three percent of developers said they knew JavaScript in 2018, up from 66 percent in 2017. JavaScript was 2018's most well-known language, compared to Java in 2017.

According to a report from Reason magazine, Twitter users who comment the "learn to code" advice at journalists who just lost their jobs might be treated as "abusive behavior," which is a violation of the social media site's terms of service. The rumor comes from Jon Levine, Media Editor at The Wrap. From the report: The Wrap's Jon Levine said representatives for the social media company had backed away from the position they related to him earlier, which was that the phrase "learn to code" itself constituted abusive behavior. The new position seems to be that "learn to code" is not de facto harassment, but could be considered harassment if tweeted aggressively as part of campaign to intimidate a specific user, in accordance with Twitter's somewhat vague abusive behavior policy. In an email to Reason, a Twitter spokesperson said: "Twitter is responding to a targeted harassment campaign against specific individuals -- a policy that's long been against the Twitter Rules."

Last week, journalists from BuzzFeed, HuffPost, Yahoo, AOL, and others, were let go. BuzzFeed founder and CEO, Jonah Peretti, said the company "would reduce headcount by 15%, or about 250 jobs, to around 1,100 employees globally," reports The Guardian. "At the same time, Verizon said it would trim 7% of headcount, about 800 people, from its media unit, which includes HuffPost, Yahoo and AOL. The job losses followed sales or cuts at Mic, Refinery29 and elsewhere."