GitHub Getting Acquired by Microsoft

Microsoft, today:

Microsoft Corp. on Monday announced it has reached an agreement to acquire GitHub, the world’s leading software development platform where more than 28 million developers learn, share and collaborate to create the future. Together, the two companies will empower developers to achieve more at every stage of the development lifecycle, accelerate enterprise use of GitHub, and bring Microsoft’s developer tools and services to new audiences.

Yours truly, 3 years ago when Google’s Google Code code hosting service shut down:

This is your continued reminder that Google, and start-ups funded by VC money, are not a safe place to store your work. Own your shit before GitHub starts inserting malware into downloads or sells out in some original and disruptive way. Get a domain, some shared hosting, maybe a Linux or BSD VPS if you’re rich. With git it is easy enough to move a project if you have cloned the project locally and have established a web presence that people can check for updates. At the very least, don’t make the GitHub page the public-facing home for your project.

This kind of bullshit is why ioquake3.org exists and is the front-door for that project. Github has some great collaboration tools in their web front-end, and I’d guess there are developers out there that don’t even understand yet that there are other options for Git hosting.

It’s a burden that hosting is expensive, but these kinds of sell-outs happen all the time, that’s why you have to give your project a real homepage and not rely on a third-party that doesn’t have a sustainable business model.

I don’t know yet if we’re going to move ioquake3’s code off of Github, but at least people will still be able to find the project if we decide to do so.

Apple’s “Fuck You” to Mac Game Developers & Players

This wasn’t in the keynote, but Apple had some bad news buried in the “What’s New in macOS” section of their developer site for anyone who makes games or other software with the OpenGL graphics API :

Deprecations and Removed APIs
Periodically, Apple adds deprecation macros to APIs to indicate that those APIs should no longer be used in active development. When a deprecation occurs, it’s not an immediate end of life for the specified API. Instead, it is the beginning of a grace period for transitioning from that API and to newer and more modern replacements. Deprecated APIs typically remain present and usable in the system for a reasonable time past the release in which they were deprecated. However, active development on them ceases, and the APIs receive only minor changes to accommodate security patches or to fix other critical bugs. Deprecated APIs may be removed entirely from a future version of the operating system.

As a developer, avoid using deprecated APIs in your code as soon as possible. At a minimum, new code you write should never use deprecated APIs. And if your existing code uses deprecated APIs, update that code as soon as possible.

Deprecation of OpenGL and OpenCL
Apps built using OpenGL and OpenCL will continue to run in macOS 10.14, but these legacy technologies are deprecated in macOS 10.14. Games and graphics-intensive apps that use OpenGL should now adopt Metal. Similarly, apps that use OpenCL for computational tasks should now adopt Metal and Metal Performance Shaders.

Metal is designed from the ground up to provide the best access to the modern GPUs on iOS, macOS, and tvOS devices. Metal avoids the overhead inherent in legacy technologies and exposes the latest graphics processing functionality. Unified support for graphics and compute in Metal lets your apps efficiently utilize the latest rendering techniques. For information about developing apps and games using Metal, see the developer documentation for Metal, Metal Performance Shaders, and MetalKit. For information about migrating OpenGL code to Metal, see Mixing Metal and OpenGL Rendering in a View.

Apple is already requiring that apps get updated to be 64-bit, or they’ll stop working in a future update.

As much as I loathe John Carmack today, and it certainly didn’t help that he decided to write this on Facebook, he recently wrote about how he persuaded Steve Jobs to support OpenGL on the Mac:

I was brought in to talk about the needs of games in general, but I made it my mission to get Apple to adopt OpenGL as their 3D graphics API. I had a lot of arguments with Steve.

Part of his method, at least with me, was to deride contemporary options and dare me to tell him differently. They might be pragmatic, but couldn’t actually be good. “I have Pixar. We will make something [an API] that is actually good.”

It was often frustrating, because he could talk, with complete confidence, about things he was just plain wrong about, like the price of memory for video cards and the amount of system bandwidth exploitable by the AltiVec extensions.

But when I knew what I was talking about, I would stand my ground against anyone.

When Steve did make up his mind, he was decisive about it. Dictates were made, companies were acquired, keynotes were scheduled, and the reality distortion field kicked in, making everything else that was previously considered into obviously terrible ideas.

I consider this one of the biggest indirect impacts on the industry that I have had. OpenGL never seriously threatened D3D on PC, but it was critical at Apple, and that meant that it remained enough of a going concern to be the clear choice when mobile devices started getting GPUs. While long in the tooth now, it was so much better than what we would have gotten if half a dozen SoC vendors rolled their own API back at the dawn of the mobile age.

While OpenGL isn’t going away immediately in macOS Mojave, when it is finally gone there will be many fewer games on macOS, it has been the only portable graphics API available for developers to bring their games to Linux and macOS, as well as other platforms, for decades.

Without OpenGL on macOS the Mac and Linux will both suffer, as will new platforms. They’ll have a harder time getting games and other software when bigger platforms are locked to vendor-specific APIs like Metal instead of cross-platform ones like Vulkan and OpenGL.

If I had to guess, I would hope that Valve will ship an intermediary layer to translate OpenGL calls for games on Steam, and hopefully they will make this software available for everyone else. There are already some other projects to translate OpenGL to platform-specific calls but it’s not going to be easy for games to support them. It’d be better if these projects had something to handle the translation on-the-fly. It’s also entirely possible that Valve will just give up on older games supporting modern versions of macOS after Apple fully deprecates OpenGL.

I don’t envy anyone trying to support old software and write good OpenGL drivers like Apple has (even when they don’t update their OpenGL support for years), but the deprecation of OpenGL is a real “Fuck You” to game developers and players unlike any other. Games getting updated from 32-bit to 64-bit, as well as going through the process of having any kind of graphics portability layer added on top, seems unlikely. Thousands of games are going to be lost to time when OpenGL dies off. Competition with popular hardware and software platforms will be even more difficult. I understand the desire to get rid of technical debt, but this is bad.

Homebrew Users: Run brew cleanup & Get Your Gigs Back

If you use a macOS machine for development, or even just to get some bonus commands that you wish the system came with, then you probably use Homebrew as your command-line package manager.

Perhaps you’re like me, you’ve been using it for years and didn’t realize that it has left gigabytes of detritus on your local drive, I certainly didn’t until someone in the homebrew IRC channel mentioned the brew cleanup command, and now I have 21.3 gigs of disk back.

Bruce Dawson’s Xbox 360 Prefetch Bug

Bruce Dawson once worked for Microsoft where he found a bug in the Xbox 360 that he was reminded of by the Spectre and Meltdown exploits:

A game developer who was using this function reported weird crashes – heap corruption crashes, but the heap structures in the memory dumps looked normal. After staring at the crash dumps for awhile I realized what a mistake I had made.

Keep reading.

Typosquatting Package Managers

Fascinating attack on unmoderated package managers for programming libraries (via former TimeDoctor contributor, Vogon)  that would work just as well on unmoderated app stores:

In the second part of 2015 and the early months of 2016, I worked on my bachelors thesis. In this thesis, I tried to attack programming language package managers such as Pythons PyPi, NodeJS Npmsjs.com and Rubys rubygems.org. The attack does not exploit a new technical vulnerability, it rather tries to trick people into installing packages that they not intended to run on their systems

[…]

So basically we create a fake package that has a similar name as a famous package on PyPi, Npmjs.com or rubygems.org. For example we could upload a package named reqeusts instead of the famous requests module.

It ends up being very successful:

In two empirical phases, exactly 45334 HTTP requests by 17289 unique hosts (distinct IP addresses) were gathered. This means that 17289 distinct hosts executed the program above and sent the data to the webserver which was analyzed in the thesis. The number of HTTP requests is for various reasons higher than the number of distinct IP addresses. The main reason is that pip executes the setup.py file twice on installation. Don’t ask me why.