On Tuesday, the creator of Wii U emulator Cemu announced a major 2.0 version release, introducing Linux builds for the first time and open sourcing eight years of work.

In 2017, Wii U emulator Cemu made history by pulling in thousands of dollars per month on Patreon to help fund development. Cemu's high profile Patreon, which was briefly earning $25,000 at its peak, raised questions about the ethics of emulation, particularly when money is involved, and when a project is "closed source" instead of open source, meaning their source code isn't publicly available. Closed source emulator development isn't inherently wrong, but it can be controversialone of the key ways the emulation community protects itself from lawsuits is by keeping its source code public, so litigious companies like Nintendo can study it and confirm that none of its proprietary code is used in the reverse-engineering process.

Dolphin emulator developer Pierre Bourdon broke it down for me back in 2017. "You can save a lot of time if you cheat and look at proprietary documentation (console SDKs, leaks, etc.) while trying to understand how a console works," he said. "This is in general frowned upon in many emulation projects: it puts the whole project at the risk of a lawsuit. It's one of the things where we have no doubts about the legality: it's clearly illegal. With open source projects the development process is usually very open."

Despite some worries in the community that Cemu would attract legal scrutiny thanks to its closed source code, lucrative Patreon and 4K Breath of the Wild videos, Nintendo never came knocking. And now worries that Cemu's source code could be lost if developer exzap ever disappeared are moot, too. The project in its entirety is available on Github, including Linux builds for the new 2.0 release.

Cemu's move to open source marks the end of the most prominent fan-made closed source emulator in existence. It's a great day for the continued preservation of Nintendo's games long into the future, considering the company's own emulation efforts are often disappointingly bad.

Exzap notes that the Linux support is "still very rough around the edges," but hopes that changes quickly as other emulator developers familiarize themselves with Cemu and begin to chip in on the project. Cemu previously only ran on Windows, but its Linux support now opens the door to easy installation on the Steam Deck, my favorite emulation system. It won't be easy to get going on the Deck until Cemu adds flatpak support for one-click installation, but that's already being discussed on the Github.

Cemu's creator used the 2.0 announcement to talk a bit about the emulator's historythey've been the sole developer for much of its run, and said that in the last couple years the project has been especially draining.

"Whenever I tell myself to make time for other things, I end up feeling guilty because my self-inflicted sense of responsibility drives me to always prioritize Cemu over my own interests. This year was especially intense because I single-handedly ported Cemu to Linux while also trying to deliver somewhat constant feature and bug fix updates," they wrote. "In the end, opening up development seems like the logical decision. It has always been the long-term plan anyway. With Cemu being open-source, the hope is that new contributors will pick up where I left off."

Exzap will still be contributing, but hopes having more developers will help with some significant features, like pausing and restarting emulation and improving performance on older hardware.

"I have been working on Cemu for almost 8 years now, watching the project grow from an experiment that seemed infeasible, to something that, at its peak, was used by more than a million people," exzap wrote on Tuesday. "Even today, when the Wii U has been mostly forgotten, we still get a quarter million downloads each month. There are still so many people enjoying Wii U games with Cemu and I will be eternally grateful that I got the chance to impact so many people's life in a positive way, even if just a tiny bit."

Link:

Here's why Wii U emulator Cemu going open source is a big deal for emulationand for the Steam Deck - PC Gamer

A researcher has conducted an analysis to see how major companies could track user activity through their mobile in-app browsers, and released a free and open source tool that allows anyone to check what code is being injected by such browsers.

Some mobile applications use built-in browsers to allow users to quickly access third-party websites. Other apps include a browser to load their own resources, which may be needed to perform various activities. However, these internal browsers could also pose security and privacy risks.

Researcher Felix Krause published a blog post earlier this month claiming that the iOS apps of Instagram and Facebook could monitor everything a user does on an external website opened through the applications internal browser. This claim was based on the JavaScript code the applications inject into the website displayed by the in-app browser.

Later tests showed that TikTok also injects JavaScript code that modifies the content of the third-party websites opened through the social media app. TikTok appears to monitor all keyboard inputs and screen taps, potentially allowing the company to collect passwords and other sensitive information entered via the built-in browser.

Meta said the code is being injected as part of an App Tracking Transparency (ATT) mechanism that helps the company respect users privacy choices. TikTok confirmed that the keylogging code exists, but said its not actually being used.

However, Krause says his analysis highlights the potential security and privacy risks associated with JavaScript code getting injected by in-app browsers into third-party websites. That is why last week he released a free and open source tool that anyone can use to check what code is being executed through these in-app browsers.

The online tool, named InAppBrowser, displays the JavaScript code that is injected when the website inappbrowser.com is opened with an in-app browser. It also provides information on what each command does.

While the tool can provide some useful information, Krause pointed out that it cannot detect all the JavaScript executed by the browser and it also does not provide any information on the tracking mechanisms implemented using native code. In addition, some applications can hide their JavaScript activities, including by using Apples WKContentWorld object, which is designed to separate the app from the webpages and scripts it executes.

On the other hand, the researcher noted, Just because an app injects JavaScript into external websites, doesnt mean the app is doing anything malicious. There is no way for us to know the full details on what kind of data each in-app browser collects, or how or if the data is being transferred or used.

Users who are concerned about the potential risks should always open websites in their phones browser rather than the in-app browser. Popular apps often provide the Open in browser option for this task, or users could simply copy and paste the URL.

Krause also noted that some iOS apps follow Apples recommendation and use Safari or the Safari view controller for accessing external websites, and this prevents them from injecting their own code.

The InAppBrowser source code is available on GitHub. The app can work for both Android and iOS applications.

Related: Apple to Tighten App Privacy, Remove Apps That Don't Comply

Related: Google Details New Privacy and Security Policies for Android Apps

Related: Google Introduces 'Privacy Sandbox' for Ads on Android

Read the original here:

New Open Source Tool Shows Code Injected Into Websites by In-App Browsers - SecurityWeek

You would think organizations would want to know when ex-employees have access to the crown jewels.

No one wants to end up in the news like Twitter did due to lack of access controls for repositories that contain source code just as they are locked in a battle of wits and a highly publicized lawsuit about an acquisition gone awry.

The software supply chain has become one of the biggest attack vectors. Attackers will find any means to access the repositories where source code is stored. Additionally, software today is often built via a combination of internally developed code, open source code or third-party developed code. All this code generally resides in git repositories.

These repositories also contain Infrastructure as code and git configuration rules to make it easier for developers to move their code down the CI/CD development pipeline. Individuals with unauthorized access to these repositories may not be seeking to pilfer code. They may be after something far more sinister.

While everyone is concerned about source code being stolen by individuals with unauthorized access, the real danger is that the code can divulge a blueprint of the application architecture. Where critical information is stored and what other resources are being leveraged. This information can be used to mount devastating asynchronous attacks that result in the exfiltration of large volumes of PII or cause debilitating operational disruptions.

In an article published by Wired magazine on August 23, 2022, the author notes, Al Sutton, cofounder and chief technology officer of Snapp Automotive, was a Twitter staff software engineer from August 2020 to February 2021.

The article also carried a tweet from Al Sutton himself which stated, An aspect Ive not seen discussed much about my long-past-leaving membership of the Twitter GitHub group, is that it left me with access to the private and public membership list of the group which could have been used as a social engineering starter list (33 public, 267 private).

The Wired article further mentions that Twitter never removed him from the employee GitHub group that can submit software changes to code the company manages on the development platform. Sutton had access to private repositories for 18 months after being let go from the company.

Access to repositories by developers and operations teams is a key tenet to developing a more comprehensive view of code security. In order to understand risk from code, BluBracket believes that enterprise teams must seek answers to three key questions:

What high risk content is present in your code?

Who has access to your code?

Where is your code going?

It is clear from above that unmonitored access to code repos can lead to both external and insider threat. Malicious code can be introduced into repositories and become a threat to the organizations most critical assets.

In addition to identifying exposed secrets like passwords, credentials and API tokens in source code, BluBracket enforces policies for trusted access to repositories. BluBracket also monitors developer access to repositories with built-in support for single sign-on (SSO) and multi-factor authentication (MFA).

BluBrackets solutions help developer and application security teams Identify who has access to what, calling out the best-practice configuration of everything from git hooks to branch protection rules helps guide teams to continuous improvement and ongoing operational security. When teams know they can automatically and continuously audit access, theyre both more productive because they can more easily grant access, and more secure because they have tools to revoke access when employees roles change, they leave or are terminated.

For more information on the BluBracket code security solution, please visit https://blubracket.com/products/enterprise-edition/

To get started for free with BluBracket please visit https://blubracket.com/contact/get-started/

*** This is a Security Bloggers Network syndicated blog from BluBracket: Code Security & Secret Detection authored by Pan Kamal. Read the original post at: https://blubracket.com/how-unauthorized-access-to-git-became-a-big-headache-for-twitter/

Read the original post:

How unauthorized access to Git became a big headache for Twitter - Security Boulevard

Dylan Field, co-founder and CEO of Figma, speaks at the startup's Config conference in San Francisco on May 10, 2022.

Figma

Microsoft and Adobe have been friendly bedfellows for decades. Microsoft's dominant PC operating system has been the gateway for Adobe to reach millions of business users with its design software.

The companies' CEOs even attended the same high school in India, and both moved to the U.S. in the 1980s for graduate school in computer science. They share a common bond over the successful transition from desktop software to the cloud.

But inside Microsoft, an emerging challenge to Adobe is catching fire and raising questions about the future of one of the tech industry's most intimate relationships.

Figma, a San Francisco-based startup that celebrated its 10th anniversary in August, is being used by tens of thousands of employees inside Microsoft and, for many, is at the heart of their daily work. The number of users has steadily increased in recent years, though neither company will say how many of them are editors with paid accounts.

The cloud-based design software came in the door in 2016, when Microsoft acquired mobile app development platform Xamarin and brought in a 350-person team that, months after the deal closed, would become Figma power users. The product has since become so central to how Microsoft's designers do their jobs that Jon Friedman, corporate vice president of design and research, said Figma is "like air and water for us." It's also used by engineers, marketers and data scientists across Microsoft.

"Figma's become, I would say, sort of the No. 1 common tool we use to collaborate across all of the design community in the community and beyond," said Friedman, who's worked at Microsoft for over 18 years. It's "really great at helping us collaborate at scale, and at global scale. I can collaborate with teams we have in India, China, Europe, Israel and Africa."

Venture investors have been all in on the growth.

In June 2021, during the heyday of mega financings, Figma was valued at $10 billion in a funding round that included participation from Morgan Stanley's Counterpoint Global. That was before the 2022 market plunge sent many cloud stocks down by more than half and largely halted pre-IPO rounds.

Figma hasn't announced plans for a stock market debut, and shareholders aren't pressing for one anytime soon, in large part because the market for new offerings has dried up this year.

The company, backed by the likes of Index Ventures, Greylock Partners and Kleiner Perkins, now has the size and growth trajectory to land solidly on the radar of public investors. Annualized recurring revenue has more than doubled in consecutive years and is poised to top $400 million in 2022, according to people with knowledge of the company's financials who asked not to be named because the numbers are confidential. Figma's workforce has swelled to 800.

While Microsoft has served as a growth driver for Figma, spending millions a year on its deployment, the company's software has also taken off at Google, Oracle and Salesforce, where it started small and grew organically as fans touted it to their colleagues. Other customers include Airbnb, Dropbox, Herman Miller, Stripe and Twitter.

After Figma founder and CEO Dylan Field tweeted earlier this month about the company turning 10 years old, he received flattering responses from Salesforce co-CEO Bret Taylor and Atlassian co-CEO Mike Cannon-Brookes. Taylor started his response with, "I [heart emoji] Figma."

For Figma, getting traction inside big companies, particularly within Microsoft, has required going head-to-head with Adobe's competing XD program, and winning its fair share of deals. That doesn't mean the market has completely flipped, or that Adobe is being fully supplanted.

"We're still heavy on Adobe Illustrator, Photoshop and XD," Friedman said.

Adobe and Microsoft have worked together for more than two decades. In addition to Adobe gaining ubiquity by distributing across Windows machines, the two companies have been syncing their products in desktop, cloud and mobile computing, with over 50 integrations listed on Microsoft's website.

Penetrating that alliance has not always been smooth for Figma. In 2016, Microsoft acquired Sunrise, a startup with a popular calendar app. The Sunrise team relied on Figma and continued to use it after the deal closed.

Sunrise co-founder Jeremy Le Van said his employees were among the lucky ones at Microsoft. He said some Microsoft staffers weren't able to use Figma because of the business relationship with Adobe and were stuck using products such as Photoshop and XD. Despite executive resistance in certain departments, some designers snuck out of the Adobe ecosystem to use Figma anyway, said Le Van, who stayed on as a design director at Microsoft until 2018.

Friedman said he wasn't aware of examples of Figma being shut out. "We have a great relationship with Adobe as well and love their products for many use cases at Microsoft," he said.

The same year of the Sunrise deal, Adobe said it would make Microsoft's Azure its preferred cloud for Creative Cloud, as well as the Marketing Cloud and Document Cloud. To mark the occasion, Microsoft CEO Satya Nadella and Adobe CEO Shantanu Narayen, who both went to high school at India's Hyderabad Public School, appeared at Microsoft's Ignite conference for IT professionals under a banner declaring that Adobe loves Azure.

Figma's collaborative capabilities are central to its popularity. Multiple editors of a document can see one another working in real time, and non-editors can view designs and leave comments. Companies pay for Figma based on the number of editors they have for their files.

"Any designer, product manager or engineer can jump in and see the design system at play in any particular product," Friedman said.

Last week, Figma released a version of its service that people can use in Microsoft's Teams communication app, removing the need to open a browser tab.

"We both wanted it," said Field, who started Figma after scoring a Thiel Fellowship, which came with a $100,000 grant from venture investor Peter Thiel on the condition that he drop out of college (Brown University) and pursue a new project.

The Teams integration is a tool that benefits any user of Microsoft products, not just employees. Adobe, which offers Teams apps for Acrobat and Creative Cloud, knows all about the power of tying into the Microsoft ecosystem. It's been a big part of the company's success in its 40-year run up to almost $17 billion in annual revenue.

Figma had to start small. Like many organizations, Microsoft began using it for free. Today, a customer can pay Figma each month based on the number of people who make changes to files, while a more limited version of the service is available at no cost.

In 2017, a year after the Xamarin acquisition, Field hosted Friedman at his company's San Francisco headquarters. Field says he remembers asking Friedman why Microsoft didn't want to keep using the free version of Figma.

"'Look, we're all worried you're going to die as a company," Field recalled Friedman telling him. "We can't spread it inside Microsoft as a company even though we like it, because you're not charging."

It wasn't just about keeping Figma alive. As a big-spending customer, Microsoft was in position to start asking for more features.

A workspace inside Building 21 at the Microsoft campus in Redmond, Washington, on March 3, 2022. Microsoft Corp. has begun calling employees back to its headquarters in recent weeks, but its return-to-office strategy hinges on hybrid work.

Chona Kasinger | Bloomberg | Getty Images

Field said Microsoft's feedback led to several improvements. For example, Figma engineers worked to make it easier to move from screen to screen in a single Figma file. The company also added support for input from Xbox game controllers and made prototype previews work faster on mobile devices.

Ultimately, Microsoft's requests helped Figma develop its top-tier enterprise plan, Field said, adding to the free version and paid monthly premium packages that range from $12 to $45 per editor per month. The enterprise package runs at $75 per editor and includes dedicated account managers and advanced password management.

Vclav Vanura remembers when things were very different.

Vanura was a senior designer at Xamarin, whose software helped companies build Android and iOS apps with Microsoft's C# programming language.

When Figma announced its launch in late 2015, Vanura was impressed with the company's idea for shared design component libraries. He signed up for a preview release and received access in the summer of 2016. He encouraged his colleagues to jump on board, starting with David Siegel, Xamarin's head of design.

Vanura and Siegel encountered snags while sharing files from design competitor Sketch. After one Xamarin employee uploaded a file to a Dropbox folder, their teammates sometimes struggled to get it running on their computers, either because they didn't have the right fonts installed or because they had different versions of the software.

Unlike Sketch, which was only available on MacOS, Figma was on the browser. That meant fewer sharing issues. You grant others access by copying a link or entering their email addresses, just like in Google Docs. But performance was a problem.

Vanura made complex designs in Figma, causing the software to slow down, freeze and crash. The Xamarin workers sent Vanura's files to Figma engineers, who made Figma speedier and more stable.

In 2017, Vanura flew from the Czech Republic, where he lives, to Seattle, and then made the short trek to Microsoft's headquarters in Redmond. He took the opportunity to show Figma to his team, many of whom were accustomed to working in Photoshop and Illustrator.

"It was amazing. It was like watching Formula 1," Vanura said. "There were so many mouse pointers on the screen, and everybody designed something, even if it meant they were pasting GIFs or drawing rectangles. All of them were so blown away. I think that was the moment these people figured out this was a huge time saver."

Siegel, who had become Microsoft's head of design for developer services, wanted to get the word out more broadly that Microsoft was evolving and wasn't stuck to its old isolated ways. In 2018, he posted a manifesto of sorts online.

"We use PCs, Macs, Figma, Sketch, GitHub, JavaScript, ZEIT, and other modern tools to design, prototype, and build the future of software development," Siegel wrote on Xamarin's website. There was a link to a Figma file that Microsoft employees could open.

The website reached the front page of Hacker News, a discussion board for software developers.

"This is some incredible self-awareness," one commenter wrote.

Soon after, Benedikt Lehnert, a Microsoft product design director, told Friedman that the company needed everyone on the same program, whether it was Figma or XD. Microsoft chose Figma, Lehnert said.

Scott Belsky, chief product officer and executive vice president for Creative Cloud at Adobe and then a venture partner at Benchmark, speaks onstage at the TechCrunch Disrupt conference in San Francisco on Sept. 13, 2016.

Steve Jennings | TechCrunch | Getty Images

Vanura said that at Microsoft, "Figma spread across the company so fast that I don't think Adobe was even able to catch up."

Figma isn't shy about going up against an industry heavyweight. On its website, Figma says, "Dont sync to the cloud with Adobe XD. Work in the cloud withFigma." It asserts that designers are moving away from Adobe's Creative Cloud bundle, the product that accounts for 59% of Adobe's revenue.

in 2020, Adobe added Figma to the list of competitors it publishes in its annual report.

Analysts have raised questions about Figma to Adobe executives on at least three occasions this year. Alex Zukin of Wolfe Research asked during a January fireside chat with Adobe executives Scott Belsky and David Wadhwani if Figma was taking market share.

Belsky, Adobe's product chief and executive vice president for Creative Cloud, didn't answer the question directly. But he acknowledged that venture capitalists have been funneling money into the space.

"ItisexcitingthatVCsseethesamethingwe're seeing," Belsky said. "Five-plus years ago, you didn't see any material dollarsgoingintothecreativetools.Ithinknoweveryoneseesthat."

Belsky said Adobe can take advantage of an opportunity to bring Creative Cloud to the web, which it's done for Illustrator and Photoshop but not XD, a product that was launched in preview in 2016.

An Adobe spokesperson declined to talk about plans for a web version of XD, and said the company will talk about plans for Creative Cloud at its Max conference in October.

"We do not see an impact to the Photoshop business resulting from players in the product design category," the spokesperson said. "We developed and have evolved Adobe XD to address the needs of our core design customers, who are designing marketing experiences for screens, rather than the distinct category of product design and development."

Still, the pressure on Adobe is intensifying.

In the past three months, Figma's app for iOS devices has consistently ranked above Adobe XD in the graphics and design section of Apple's App Store, according to figures from Data.ai, formerly known as App Annie.

Wells Fargo analyst Michael Turrin said Figma has potential to expand.

"What Figma is trying to create is more of a broader platform that could become more of a system of record within this market, and that's why I think this could become more important," he said.

Figma isn't the only upstart in the space making waves. An open-source alternative called Penpot, which can automatically generate the underlying source code for designs people make in the software, is also gaining momentum.

Microsoft employees are using Penpot and have contributed to it, said Pablo Ruiz-Muzquiz, who co-founded the project. Of the people who test Penpot, almost 20% are coming from Figma, he said.

Penpot's code lives on GitHub, which Microsoft owns, under an open-source license, allowing people to download the code, modify it and run it on their own servers. That's not true of Figma, which keeps its own source code private.

But Figma is evolving. One job description suggests Figma is considering a significant update to its iPad app that would provide a space to make new designs and not just view or share them.

And Figma has been busy expanding its executive ranks. In June, the company promoted Praveer Melwani, its head of business operations and finance, to the finance chief position. The next month, former Deutsche Bank and Goldman Sachs executive Kate DeLeo joined Figma as vice president of investor relations and business operations.

As the company marches toward an eventual introduction to Wall Street, getting more out of its relationship with Microsoft presents an opportunity for growth. Expanding the number of ways Figma gets used is one avenue.

"It works great as a presentation tool," Friedman said.

Figma probably won't ever replace Microsoft's homegrown PowerPoint software or Adobe's PDF format, but Field said his product boasts distinct advantages. For one, Figma avoids the problem of the non-stop back-and-forth emailing of a presentation by letting people simply share a link. A Microsoft spokesperson said PowerPoint users can also use links to send documents.

"I'd be surprised if there's no salespeople at Microsoft that use it. My guess is there's some," Field said, regarding Figma. "Is it significant? No, probably not."

Not yet, anyway.

WATCH: Adobe CEO reacts to Q1 earnings: Our fundamentals continue to be extremely strong

See the article here:

Microsoft employees love Figma, and it's testing the company's cozy relationship with Adobe - CNBC

This site may earn affiliate commissions from the links on this page. Terms of use.

Google added support for 64-bit Android apps back in 2014 with the launch of Android 5.0 Lollipop, but it has continued to offer tacit support for 32-bit apps ever since. The end of the 32-bit era may be coming soon, though. Hints in the Android 13 source code show that Googles upcoming Pixel Tablet may be the first Android hardware to specifically disallow 32-bit apps, and the next version of Android may do the same.

At the dawn of the smartphone era, the apps on Android, iOS, and dearly departed platforms like webOS were all 32-bit. We didnt even have 64-bit hardware support on smartphones until the ARM v8 architecture arrived in 2011. Slowly but surely, developers have moved to 64-bit apps, leaving some 32-bit software in the dust. There are still plenty of these abandoned apps lurking in the Play Store, but maybe not for long.

Android is an open-source project, so the release of Android 13 earlier this week also came with a big dump of code. Hidden inside are a few commits that may reveal Googles app plans. One comment mentions a device called Tangor, which is the code name for Googles upcoming Pixel Tablet. Move tangor to 64-bit only, it reads. If indicative of the final device, this would make it the first known Android device to disallow loading 32-bit apps.

Another commit talks about ARM v9 CPU cores, which are the latest revision in chips like the Snapdragon 8 Gen 1. The code discusses a test to verify devices only execute 64-bit code, but this only applies to Android U. If Google continues with the pattern it has used so far, that means Android 14 could drop support for 32-bit apps entirely when it launches in about a year.

A 64-bit app is more efficient and improves memory usage, which is why both Android and iOS have worked so hard to prod developers to make the change. Apple dropped 32-bit support entirely several years ago, and now it looks like Google is doing the same. And not a moment too soon.

The move to eliminate 32-bit apps should not come as a surprise. The latest high-end smartphone processors, like the Snapdragon 8 Gen 1, only have three CPU cores that are even capable of executing 32-bit apps. Apps developed in Java or Kotlin for Android are already 64-bit, and Google started to require native 32-bit apps to include a 64-bit package in 2019. Thus, the only apps in the Play Store that are only 32-bit are those that havent been updated in several years. Perhaps not coincidentally, Google recently announced plans to hide old, abandoned apps in the Play Store.

Now read:

View original post here:

Android 13 Source Code Hints at 64-bit Only Apps Starting in 2023 - ExtremeTech

Why DreamWorks' releasing MoonRay under the Apache open source license is akin to Panavision giving away Millennium DXLs along with the blueprints.

Back in the 90s, when someone mentioned RenderMan most would think of a rendering engine from Pixar. In reality however, RenderMan wasn't actually a rendering engine at all, but rather an open standard for rendering engines; Pixar's version was called PhotoRealistic RenderMan (PRMan).

The heart of the RenderMan standard was a scene description language and a shader language. Being open, anyone developing a rendering engine could write a parser for both, and anyone developing a 3D animation system could implement an exporter for them.

Open source software is a very different beast. One of the most famous open source applications on the internet is Blender3D. Anyone can download the source code for Blender, including the well loved Cycles rendering engine. Some studios have even taken advantage of Blender's open source nature to customize it for their own in-house production pipelines.

Because of the license that Blender is released under, in spite of having huge amounts of funding from companies like Epic, Ubisoft, and Bethesda, the application is still completely open source. The pace of Blender improvements now rivals that of DaVinci Resolve, yet the source code remains freely available.

Pixar has developed a new standard for 3D animation systems to share data called USD: Universal Scene Description. Along with that are the Open Shading Language (OSL) and ILM's MaterialX specification. Part of the specification includes what is termed a USD Hydra Delegate, which is a much simpler idea than it sounds like; it's essentially a plug-in interface for a rendering engine.

SideFX Software got on board with USD early and has a mature, production ready implementation of it now in Solaris, which is a Houdini workspace designed for scene assembly, look development, lighting, and rendering. Since Solaris is based on USD, it can render to any Hydra Delegate. From the user's point of view, switching renderers requires no more effort than dropping down an appropriate node in the Solaris environment.

Houdini has two production rendering engines now. One is the older, CPU only Mantra which is well respected for image quality, features, and robustness. It does not however use GPU compute, so it falls well short of most of its contemporaries in the speed department thanks to the meteoric rise of GPU computing power in recent years. The second option now available is Karma, which is faster than Mantra but more importantly includes an XPU option which uses both the CPU and GPU compute. Karma is also a USD Hydra delegate with (beta) support for MaterialX shaders.

For SIGGRAPH 2022, a few of Intel's developers implemented a prototype USD Hydra delegate using Intel's open source Embree rendering system. Being a Hydra delegate, it sits in Solaris just like Karma does, allowing Intel an opportunity to tease us with the might of its next generation GPU.

Because USD is an open standard, a certain well known and well loved open source 3D animation system supports it also: Blender. AMD has implemented full USD Hydra delegate support as one of the features of ProRender for Blender.

Dreamworks is well known for its stylized animation, but the studio also does photorealistic visual effects for film, commercials, and TV. Rather than relying on a 3rd party production renderer, DreamWorks developed its own in house.

Called MoonRay, DreamWorks in house renderer is a state of the art distributed path tracer. It supports the usual laundry list of features like Cryptomatte, and deep output, a flexible and extensible suite of layerable shaders, light filters, volumetric rendering, and light filters.

While the rendering features by themselves don't set MoonRay apart from the likes of Arnold, V-Ray, Redshift, and even Cycles, there are a few areas where MoonRay is leading the pack.

First is its XPU mode. One of the challenges that render engine developers face is that CPUs and GPUs handle math slightly differently. While in a purely integer world there would be no differences, that's not the case in floating point; it's entirely possible to have two different processors execute exactly the same instructions and end up with different results. Because there are standards for floating point arithmetic defined by the IEEE, the nature of floating point arithmetic makes it nearly impossible for every compute architecture to deliver identical results. The differences are not large by any means, they're typically limited to the last few decimal points in each operand, but over the course of several iterations they can add up. If every node is the same, there's nothing to worry about, but if the GPU is running 200 iterations of a shader and the CPU is running the other 200, then the two sets of resulting pixels can look different enough to manifest as a rendering glitch.

Because of this, most of the GPU accelerated rendering systems on the market currently use either the CPU or the GPU, and rarely both. In most cases both means render on the CPU and then use the GPU for output filters like noise reduction, so that the issue of differences in rounding affect the entire image, and in a way that is consistent throughout an image sequence.

SideFX and Isotropix are working on XPU renderers that can use both the CPU and the GPU to render an image with pixel perfect accuracy, so that there will be no difference between pixels rendered on the GPU vs pixels rendered on the CPU.

DreamWorks is already there with MoonRay; its XPU mode is able to use the GPU as a supplemental compute node, instead of only as a stage in the rendering process.

This is actually a bigger deal than it sounds at first, because GPU rendering actually performs pretty poorly unless the entire scene and all of its textures is able to reside in the GPU's memory. Being able to efficiently load balance the rendering effort across the CPU and GPU is a big deal for performance, because it lets the renderer boost performance by using the GPU but without being limited by GPU memory.

MoonRay's other banner feature set is also performance oriented. It's vectorized from the bottom up, and has been from the start of development. MoonRay uses Intel's Embree for ray tracing, and DreamWork's own vectorized ray integrator and shading and texturing engines.

The other side of MoonRay's performance feature set is its cloud based distributed rendering framework called Arras. The Arras SDK is designed to simplify connecting to a renderfarm, and also to integrate MoonRay with a client application. The MoonRay demos show examples of artists interactively working in Houdini connected to a 32-node MoonRay cluster that uses the system GPU for denoising, and the result is a blazing fast interactive viewport render, a tremendous boon for look development.

Another feature of MoonRay is that it supports the Hydra Render Delegate standard, so out of the box artists with applications like Houdini and Katana will be able to use MoonRay as an interactive as well as production rendering engine.

Since DreamWorks is releasing MoonRay under the Apache open source license and the USD Hydra specification is open, expect to see MoonRay pretty much everywhere in the near future.

Choosing a render engine for an animation project is akin to choosing a camera for a film project, such as Eevee for realtime, interactive work which makes it great for look development and Cycles for final rendering to take advantage of the physically based ray traced output.

In that analogy, DreamWorks' releasing MoonRay under the Apache open source license is akin to Panavision giving away Millennium DXLs, along with the blueprints.

DreamWorks uses MoonRay in Linux, so the Windows and OSX ports are currently in limited beta. There are some application developers already working on integrating MoonRay into their software as well.

Since it's in beta testing, DreamWorks doesn't have a time table for releasing MoonRay to the public yet, but it's a good bet that it's going to become very popular very quickly when it launches and raises the bar for third party rendering engines.

Excerpt from:

SIGGRAPH 2022: A tale of USD, Hydra, and the sheer power of Dreamworks MoonRay - RedShark News

@Anonymous123s new nick

> something feels wrong with them

Starting out with a strong argument, I see.

> the code has become basically a mini-os

Well yeah, Chrome OS is a thing. That being said, all current browser codebases are the size of operating systems.

> a monopoly also

Where did Safari and Firefox go all of a sudden?

> and there are way too many things going on with Javascript

Both good and bad, the web would be a worse and way less interactive place without JS. Without JS, we would be stuck with the web of 1995.

> security issues

As you said yourself, the codebase has the size of an operating system, so no surprises there.

> bugs etc constantly getting patched

which is a good thing.

> too popular

Thats not a thing. People use what they want to use. Too bad for you that its not Deplatformingfox.

> Some people actually believe that chromium browsers have the best security

Its not a matter of belief, bud. Belief belongs to the realm of religion.

That Chromium has strong sandboxing and real site isolation is not belief, it is fact, verifiable via the open source code.

> Firefox, gets nowhere near the security issues of browsers like Chrome

Yeah, because its not a valuable target with 3% market share. Not because it is well-engineered (which it isnt, its garbage).

> Firefox, gets nowhere near the security issues of browsers like Chrome, Edge, Brave and Vivaldi.

Because nobody uses it.

> What browser is safer to use? Firefox is!

LOL, nope. You cant have it both ways. You claim Firefox is secure based on its irrelevancy (which is a shoddy argument in itself, but hey, lets ride with it), but when more people start using it, it will become a more attractive target of hackers, invalidating the irrelevancy factor.

> Firefox is the only FOSS browser maintained by well paid developers

Evidently false. Chromium is open source. So is WebKit. And Deplatformingfoxs devs are actually paid by Google.

> Google chrome is a proprietary browser where an ad tech company bloats the code.

So what? Chrome is just a closed source variant of Chromium, which is open source. And ad tech? Where do you think Mozzarellas money comes from? Did I miss the part where Mozzarella publicly came out against ads?

> No thanks. Firefox is much safer.

Nice ad. Want a job in the ad tech industry?

Quality of gHacks posts went downhill ever since they said bye bye to fact-based arguments for the most part.

Read more:

Websites may write to the clipboard in Chrome without user permission - Ghacks