Aside from some out-of-tree experiments last year by one of Valve's developers on a RADV Vulkan HUD of similar nature to the popular Gallium HUD option, it turns out an Intel developer has recently been working on a Vulkan overlay layer to provide "Gallium HUD" inspired information. From a report: Lionel Landwerlin is the open-source Intel developer that has begun working on this Intel Vulkan driver "heads-up display" implemented as a Vulkan overlay layer. The code is intended to provide Vulkan swapchain information and various statistics of use to Vulkan driver developers and game developers. The code is under a merge request for Mesa but is considered experimental at this point. Particularly for multi-threaded Vulkan programs it may end up crashing in its current form.

Google is asking the Supreme Court to make the final call in its infamous dispute with Oracle. "Today, the company announced it has filed a petition with the Court, asking the justices to determine the boundaries of copyright law in code," reports The Verge. From the report: The case dates back to 2010, when Oracle first accused Google of improperly using elements of Oracle's Java programming language to build Android. Oracle said that Google's use of Java application programing interfaces was a violation of copyright law. Google has responded that APIs are too fundamental to programming to be copyrighted. The case has led to two jury trials, and several rulings have doled out wins and losses to both companies over the course of eight years. Last year, a favorable Oracle decision set Google up to potentially lose billions of dollars.

Google asked for a Supreme Court hearing on the case in 2014, but the Court rejected the request at the time. The company says new issues are now at play, and is asking the Court to decide whether software interfaces can be copyrighted, and whether using them to build something new constitutes fair use under the law. In its new petition to the Supreme Court, Google says the case is not only important to copyright law, but has "sheer practical importance," as it centers around two touchstones of computing: Google's Android and Oracle's Java. The Court's intervention could alter the future of software, the company argues.

An anonymous reader quotes a report from Engadget: Unionization isn't a new idea for the game development industry, but it is a particularly hot and contentious topic right now. A handful of events in 2018 thrust the unionization conversation to the forefront, including Rockstar boss Dan Houser's comments about developers working 100-hour weeks to finish Red Dead Redemption 2, and the tragic implosion and bitter residue of Telltale Games. Groups like Game Workers Unite have been pounding the pavement (physically and digitally) and gathering support for unionization across the globe, with a goal to "bring hope to and empower those suffering in this industry." In December, a UK chapter of Game Workers Unite became a legal trade union.

With all of this conversation swirling around studio life, the folks behind the Game Developers Conference added new questions to the seventh annual State of the Industry Survey, which included responses from nearly 4,000 developers. The questions were broad: should the games industry unionize, and will the games industry unionize? Forty-seven percent of respondents said yes, game developers should unionize, while 16 percent said no and 26 percent said maybe. However, developers weren't exactly hopeful about unionization efforts. Just 21 percent of respondents said they thought the industry would unionize, and 39 percent said maybe. Twenty-four percent said it simply wasn't going to happen. The survey also found that 44 percent of developers worked more than 40 hours per week on average. Just over 1 percent said they worked more than 110 hours in a week, while 6 percent reported working 76 to 80 hours, "suggesting that deadline-related crunch can go far beyond normal working hours," according to the survey.

An anonymous reader quotes a report from The Guardian: Science may never tell us what lies round the next corner, but researchers have come up with the nearest thing: a computer program that turns a normal digital camera into a periscope. In a demonstration of "computational periscopy" a U.S. team at Boston University showed they could see details of objects hidden from view by analyzing shadows they cast on a nearby wall. Vivek Goyal, an electrical engineer at the university, said that while the work had clear implications for surveillance he hoped it would lead to robots that could navigate better and boost the safety of driverless cars.

In the latest feat, Goyal and his team used a standard digital camera and a mid-range laptop. The researchers, writing in the journal Nature, describe how they pieced together hidden scenes by pointing the digital camera at the vague shadows they cast on a nearby wall. If the wall had been a mirror the task would have been easy, but a matt wall scatters light in all directions, so the reflected image is nothing but a blur. They found that when an object blocked part of the hidden scene, their algorithms could use the combination of light and shade at different points on the wall to reconstruct what lay round the corner. In tests, the program pieced together hidden images of video game characters -- including details such as their eyes and mouths -- along with colored strips and the letters "BU." The program takes about 48 seconds to work out a hidden scene from a digital image, but the researchers believe it could be sped up with a faster computer. Eventually, it may be fast enough to run on video footage.

Goyal also said "it is even conceivable for humans to be able to learn to see around corners with their own eyes; it does not require anything superhuman."

Thousands of women were systematically underpaid at Oracle, one of Silicon Valley's largest corporations, according to a new motion in a class-action complaint that details claims of pervasive wage discrimination. From a report: A motion filed in California on Friday said attorneys seek to represent more than 4,200 women and alleged that female employees were paid on average $13,000 less per year than men doing similar work. An analysis of payroll data found disparities with an "extraordinarily high degree of statistical significance," the complaint said. Women made 3.8% less in base salaries on average than men in the same job categories, 13.2% less in bonuses, and 33.1% less in stock value, it alleges.

The civil rights suit comes as the tech industries faces increased scrutiny of gender and racial discrimination, including sexual misconduct, unequal pay and biased workplaces. The case against Oracle, which is headquartered in Redwood Shores and provides cloud computing services to companies across the globe, resembles high-profile litigation against Google, which has also faced repeated claims of systematic wage discrimination.

Devon Zuegel, "a developer with a passion for governance and economics," recently became GitHub's open source product manager to "support maintainers in cultivating vital, productive communities" -- specifically open source software (OSS).

Thursday they put out a call for feedback from open source developers about their contribution hours, their projects, and especially their issues: As the OSS community has grown in scale and importance, the way we think about working together has to evolve, too. What works in a village or a town needs to evolve to serve a metropolis. Open source has grown from a small, academic sharing network to a giant, global web of dependencies. It now forms the backbone of the internet and technology in general. Just like any growing city, we have to coordinate the knowledge, infrastructure, and tools for the good of the whole community. OSS is an essential and special part of software development.

OSS has also been the heart of GitHub since the beginning. However, there is so much more we could do to support the people behind it. I have many ideas, but first I want to hear from you.
The essay argues OSS maintainers and contributors "don't have all the tools, support, and environment they need to succeed," including analytics, communication resources, recognition and "proportionate incentive to contribute time and money to creating and maintaining projects." (As well as deficiencies in both governance and mentorship.) And at the bottom of the blog post, there's a contact form.

"I want you to be part of the conversation and our roadmap. These challenges are nuanced, and they are unique to each project and community, so it's crucial that we have an open dialogue as we focus on helping you address them."

An anonymous reader summarizes the changes in Thursday's release of Rust 1.32.0 stable: "Quality of life" improvements include a new dbg macro to easily print values for debugging without having to use a println statement. For example, dbg!(x); prints the filename and line number, as well as the variable's name and value, to stderr (rather than to standard output). Making it even more useful, the macro also returns the value of what it's debugging -- even all the boolean values returned by each execution of an if-then statement.

Rust macros can now match literals of any type (string, numeric, char) -- and the 2018 edition of Rust also allows ? for matching zero or one repetitions of a pattern.

In addition, all integral numeric primitives now provide conversion functions to and from byte-arrays with specified endianness.

An anonymous reader quotes ZDNet: MongoDB is an open-source document NoSQL database with a problem. While very popular, cloud companies, such as Amazon Web Services (AWS), IBM Cloud, Scalegrid, and ObjectRocket has profited from it by offering it as a service while MongoDB Inc. hasn't been able to monetize it to the same degree. MongoDB's answer? Relicense the program under its new Server Side Public License (SSPL).

Open-source powerhouse Red Hat's reaction? Drop MongoDB from Red Hat Enterprise Linux 8. Red Hat's Technical and Community Outreach Program Manager Tom Callaway explained, in a note stating MongoDB is being removed from Fedora Linux, that "It is the belief of Fedora that the SSPL is intentionally crafted to be aggressively discriminatory towards a specific class of users." Debian Linux had already dropped MongoDB from its distribution....

The business point behind MongoDB's license change is to force cloud companies to use one of MongoDB's commercial cloud offerings. This hasn't worked either. AWS just launched DocumentDB, a database, which "is designed to be compatible with your existing MongoDB applications and tools," wrote AWS evangelist Jeff Barr.

An anonymous reader quotes a report from MIT Technology Review: Algorithms are increasingly being used to make ethical decisions. They are built to pursue a single mathematical goal, such as maximizing the number of soldiers' lives saved or minimizing the number of civilian deaths. When you start dealing with multiple, often competing, objectives or try to account for intangibles like "freedom" and "well-being," a satisfactory mathematical solution doesn't always exist. "We as humans want multiple incompatible things," says Peter Eckersley, the director of research for the Partnership on AI, who recently released a paper that explores this issue. "There are many high-stakes situations where it's actually inappropriate -- perhaps dangerous -- to program in a single objective function that tries to describe your ethics." These solutionless dilemmas aren't specific to algorithms. Ethicists have studied them for decades and refer to them as impossibility theorems. So when Eckersley first recognized their applications to artificial intelligence, he borrowed an idea directly from the field of ethics to propose a solution: what if we built uncertainty into our algorithms?

Eckersley puts forth two possible techniques to express this idea mathematically. He begins with the premise that algorithms are typically programmed with clear rules about human preferences. We'd have to tell it, for example, that we definitely prefer friendly soldiers over friendly civilians, and friendly civilians over enemy soldiers -- even if we weren't actually sure or didn't think that should always be the case. The algorithm's design leaves little room for uncertainty. The first technique, known as partial ordering, begins to introduce just the slightest bit of uncertainty. You could program the algorithm to prefer friendly soldiers over enemy soldiers and friendly civilians over enemy soldiers, but you wouldn't specify a preference between friendly soldiers and friendly civilians. In the second technique, known as uncertain ordering, you have several lists of absolute preferences, but each one has a probability attached to it. Three-quarters of the time you might prefer friendly soldiers over friendly civilians over enemy soldiers. A quarter of the time you might prefer friendly civilians over friendly soldiers over enemy soldiers. The algorithm could handle this uncertainty by computing multiple solutions and then giving humans a menu of options with their associated trade-offs, Eckersley says.

An anonymous reader quotes a report from Ars Technica: Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection -- they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks. The thinking behind the monitoring is that sensors in real end-user devices will record motion as people use them. By contrast, emulators used by security researchers -- and possibly Google employees screening apps submitted to Play -- are less likely to use sensors. Two Google Play apps recently caught dropping the Anubis banking malware on infected devices would activate the payload only when motion was detected first. Otherwise, the trojan would remain dormant.

Security firm Trend Micro found the motion-activated dropper in two apps -- BatterySaverMobi, which had about 5,000 downloads, and Currency Converter, which had an unknown number of downloads. Google removed them once it learned they were malicious. The motion detection wasn't the only clever feature of the malicious apps. Once one of the apps installed Anubis on a device, the dropper used requests and responses over Twitter and Telegram to locate the required command and control server. Once Anubis was installed, it used a built-in keylogger that can steal users' account credentials. The malware can also obtain credentials by taking screenshots of the infected users' screen.

A collection of almost 773 million unique email addresses and just under 22 million unique passwords were exposed on cloud service MEGA. Security researcher Troy Hunt said the collection of data, dubbed Collection #1, totaled over 12,000 separate files and more than 87GB of data. ZDNet reports: "What I can say is that my own personal data is in there and it's accurate; right email address and a password I used many years ago," Hunt wrote. "In short, if you're in this breach, one or more passwords you've previously used are floating around for others to see." Some passwords, including his own, have been "dehashed", that is converted back to plain text. Hunt said he gained the information after multiple people reached out to him with concerns over the data on MEGA, with the Collection #1 dump also being discussed on a hacking forum. "The post on the forum referenced 'a collection of 2000+ dehashed databases and Combos stored by topic' and provided a directory listing of 2,890 of the files," Hunt wrote. The collection has since been removed. You can visit Hunt's Have I Been Pwned service to see if you are affected by this breach.

In a bid to deliver better software experience on devices powered by 64-bit processors in the coming years, Google aims to shift Android towards a 64-bit app ecosystem. From a report: The company has now shed more light on the transition and has announced that developers will have to submit a 64-bit version of their Android apps starting August this year. This move will eventually culminate in a universal implementation of the 64-bit app policy that will be enforced in 2021, after which, Google will no longer host 32-bit apps on the Play Store accessed on a device based on 64-bit hardware. Google announced the move towards 64-bit apps in 2017, claiming that apps with 64-bit code offer significantly better performance. However, the search giant did not provide any details regarding the exceptions to the new rule or when the Play Store will cease to serve 32-bit apps. Google has now revealed that starting August 1 this year, developers must submit 64-bit versions of all new apps and app updates, alongside the old 32-bit versions prior to their publishing from the Play Store.

Federal prosecutors unveiled charges in an international stock-trading scheme that involved hacking into the Securities and Exchange Commission's EDGAR corporate filing system. "The scheme allegedly netted $4.1 million for fraudsters from the U.S., Russia and Ukraine," reports CNBC. "Using 157 corporate earnings announcements, the group was able to execute trades on material nonpublic information. Most of those filings were 'test filings,' which corporations upload to the SEC's website." From the report: The scheme involves seven individuals and operated from May to at least October 2016. Prosecutors said the traders were part of the same group that previously hacked into newswire services. Carpenito, in a press conference Tuesday, said the thefts included thousands of valuable, private business documents. "After hacking into the EDGAR system they stole drafts of [these] reports before the information was disseminated to the general public," he said.

Those documents included quarterly earnings, mergers and acquisitions plans and other sensitive news, and the criminals were able to view it before it was released as a public filing, thus affecting the individual companies' stock prices. The alleged hackers executed trades on the reports and also sold them to other illicit traders. One inside trader made $270,000 in a single day, according to Carpenito. The hackers used malicious software sent via email to SEC employees. Then, after planting the software on the SEC computers, they sent the information they were able to gather from the EDGAR system to servers in Lithuania, where they either used it or distributed the data to other criminals, Carpenito said.

The WordPress open-source content management system (CMS) will show warnings in its backend admin panel if the site runs on top of an outdated PHP version. From a report: The current plan is to have the warnings appear for sites using a PHP version prior to the 5.6.x branch (5.6 or lower). The warnings will contain a link to a WordPress support page with information on how site owners can update their server's underlying PHP version. In instances where site owners are running their WordPress portals on top of tightly-controlled web hosting environments, the web host has the option to change this link with a custom URL pointing at its own support site. [...] Around 66.7 percent of all Internet sites run an unsupported PHP version, according to W3Techs. Almost a quarter of all internet sites run on top of a WordPress CMS.

secwatcher quotes a report from Threatpost: Researchers hacked the Docker test platform called Play-with-Docker, allowing them to access data and manipulate any test Docker containers running on the host system. The proof-of-concept hack does not impact production Docker instances, according to CyberArk researchers that developed the proof-of-concept attack. "The team was able to escape the container and run code remotely right on the host, which has obvious security implications," wrote researchers in a technical write-up posted Monday.

Play-with-Docker is an open source free in-browser online playground designed to help developers learn how to use containers. While Play-with-Docker has the support of Docker, it was not created by nor is it maintained by the firm. The environment approximates having the Alpine Linux Virtual Machine in browser, allowing users to build and run Docker containers in various configurations. The vulnerability was reported to the developers of the platform on November 6. On January 7, the bug was patched. As for how many instances of Play-with-Docker may have been affected, "CyberArk estimated there were as many as 200 instances of containers running on the platform it analyzed," reports Threatpost. "It also estimates the domain receives 100,000 monthly site visitors."

Android Studio 3.3 is now available to download through stable channel, Google said Monday. The top new features of Android Studio 3.3 include a navigation editor, profiler tracking options, improvements on the build system, and lazy task configuration. However, the big focus with the new version was on "refinement and quality," the company said. Further reading: VentureBeat.

According to a report from HackenProof, a database containing resumes of over 200 million job seekers in China was exposed last month. "The leaked info included not just the name and working experience of people, but also their mobile phone number, email, marriage status, children, politics, height, weight, driver license, and literacy level as well," reports The Next Web. From the report: Bob Diachenko, Director of Cyber Risk Research at Hacken.io and bug bounty platform HackenProof, found an unprotected instance of MongoDB containing these resumes on December 28. Diachenko found the resumes in the open database search engines Shodan and BinaryEdge. The 854GB database didn't have any password protection and was open to anyone to read.

Diachenko wasn't able to identify who generated the database or who owned it, but a now-defunct GitHub code repository featured a code that used an identical data structure to the leaked database. The database contained scraped data from multiple Chinese classified websites like bj.58.com. However, in a blog post, the website's spokesperson denied the leak. Interestingly, the database was taken down as soon as Diachenko posted about the database on Twitter. Sadly, the MongoDB log showed at least a dozen IP addresses that read the instance before it went off the grid.

Python "is often described as being slow when it comes to performance... But is that truly the case?" writes Patrick Wohlschlegel, Arm's senior product manager for infrastructure and high-performance computing tools.

Slashdot reader igor.sfiligoi writes: Effectively profiling Python has always been a pain. Arm recently announced that their Arm Forge is now able to profile both Python and compiled code.
It's available for any hardware architecture, Wohlschlegel writes, adding that developers "typically assume that most of the execution time is spent in compiled, optimized C/C++ or Fortran libraries (e.g. NumPy) which are called from Python..."

"How confident are you that your application is not wasting your precious computing resources for the wrong reasons?"

Lucas Matney writes via TechCrunch: Improbable is taking a daring step after announcing earlier today that Unity had revoked its license to operate on the popular game development engine. The U.K.-based cloud gaming startup has inked a late-night press release with Unity rival Epic Games, which operates the Unreal Engine and is the creator of Fortnite, establishing a $25 million fund designed to help game developers move to "more open engines." This is pretty bold on Improbable's part and seems to suggest that Unity didn't give them a call after Improbable published a blog post that signed off with, "You [Unity] are an incredibly important company and one bad day doesn't take away from all you've given us. Let's fix this for our community, you know our number."

Unity, for its part, claims that they gave Improbable ample notice that they were in violation of their Terms of Service and that the two had been deep in a "partnership" agreement that obviously fell short. The termination of Improbable's Unity license essentially cut them off from a huge portion of indie developers who build their stuff on Unity. Epic Games CEO Tim Sweeney was quick to jump on the news earlier today, rebuking Unity's actions. "Epic Games' partnership with Improbable, and the integration of Improbable's cloud-based development platform SpatialOS, is based on shared values, and a shared belief in how companies should work together to support mutual customers in a straightforward, no-surprises way," the blog post reads.

An anonymous reader quotes a report from ZDNet: Amazon Web Services (AWS) has announced a fully-managed document database service, building the Amazon DocumentDB (with MongoDB compatibility) to support existing MongoDB workloads. The cloud giant said developers can use the same MongoDB application code, drivers, and tools as they currently do to run, manage, and scale workloads on Amazon DocumentDB. Amazon DocumentDB uses an SSD-based storage layer, with 6x replication across three separate Availability Zones. This means that Amazon DocumentDB can failover from a primary to a replica within 30 seconds, and supports MongoDB replica set emulation so applications can handle failover quickly. Each MongoDB database contains a set of collections -- similar to a relational database table -- with each collection containing a set of documents in BSON format. Amazon DocumentDB is compatible with version 3.6 of MongoDB and storage can be scaled from 10 GB up to 64 TB in increments of 10 GB. The new offering implements the MongoDB 3.6 API that allows customers to use their existing MongoDB drivers and tools with Amazon DocumentDB. In a separate report, TechCrunch's Frederic Lardinois says AWS is "giving open source the middle finger" by "taking the best open-source projects and re-using and re-branding them without always giving back to those communities."

"The wrinkle here is that MongoDB was one of the first companies that aimed to put a stop to this by re-licensing its open-source tools under a new license that explicitly stated that companies that wanted to do this had to buy a commercial license," Frederic writes. "Since then, others have followed."

"Imitation is the sincerest form of flattery, so it's not surprising that Amazon would try to capitalize on the popularity and momentum of MongoDB's document model," MongoDB CEO and president Dev Ittycheria told us. "However, developers are technically savvy enough to distinguish between the real thing and a poor imitation. MongoDB will continue to outperform any impersonations in the market."