Slashdot Mirror

According to Politico, Twitter CEO Jack Dorsey was "bounced" from Wednesday's meeting between tech executives and President-elect Donald Trump in retribution for refusing during the campaign to allow an emoji version of the hashtag #CrookedHillary. Trump's adviser Sean Spicer denied the report, saying "the conference table was only so big." Politico reports: Twitter was one of the few major U.S. tech companies not represented at Wednesday afternoon's Trump Tower meeting attended by, among others, Apple's Tim Cook, Amazon's Jeff Bezos, Facebook's Sheryl Sandberg, and Tesla's Elon Musk -- an omission all the more striking because of Trump's heavy dependence on the Twitter platform. Trump's campaign also made a $5 million deal with Twitter before the election, in which the campaign committed "to spending a certain amount on advertising and in exchange receive discounts, perks, and custom solutions," the campaign's director of digital advertising and fund raising, Gary Coby, wrote in a Medium post last month. So the campaign objected when the company refused to allow the anti-Clinton emoji. Coby wrote that Dorsey personally intervened to block the Trump operation from deploying the emoji, which would have shown, in various renderings, small bags of money being given away or stolen. That emoji would have been offered to users as a replacement for the hashtag #CrookedHillary, a preferred Trump insult for his Democratic opponent. Spicer also objected to the company's refusal, telling the Washington Examiner in October that "while Twitter claims to be a venue that promotes the free exchange of ideas, it's clear that it's leadership's left wing ideology literally trumps that." POLITICO's source said Spicer, who's also the Republican National Committee spokesman, was the one who made the call to refuse an invitation to Dorsey or other Twitter executives to Wednesday's meeting.

An anonymous reader quotes a report from Motherboard: The Shadow Brokers -- a hacker or group of hackers that stole computer exploits from the National Security Agency -- has been quiet for some time. After their auction and crowd-funded approach for selling the exploits met a lukewarm reception, the group seemingly stopped posting new messages in October. But a newly uncovered website, which includes a file apparently signed with The Shadow Brokers' cryptographic key, suggests the group is trying to sell hacking tools directly to buyers one by one, and a cache of files appears to include more information on specific exploits. On Wednesday, someone calling themselves Boceffus Cleetus published a Medium post called "Are the Shadow Brokers selling NSA tools on ZeroNet?" Cleetus, who has an American flag with swastikas as their profile picture, also tweeted the post from a Twitter account created this month. The site includes a long list of supposed items for sale, with names like ENVOYTOMATO, EGGBASKET, and YELLOWSPIRIT. Each is sorted into a type, such as "implant," "trojan," and "exploit," and comes with a price tag between 1 and 100 bitcoins ($780 -- $78,000). Customers can purchase the whole lot for 1000 bitcoins ($780,000). The site also lets visitors download a selection of screenshots and files related to each item. Along with those is a file signed with a PGP key with an identical fingerprint to that linked to the original Shadow Brokers dump of exploits from August. This newly uncovered file was apparently signed on 1 September; a different date to any of The Shadow Brokers' previously signed messages.

Everyone's suggesting gifts to teach the next generation of geeks about science, technology, engineering, and math. Slashdot reader theodp writes: In "My Guide to Holiday Gifts," Melinda Gates presents "a STEM gift guide" [which] pales by comparison to Amazon's "STEM picks". Back in 2009, Slashdot discussed science gifts for kids. So, how about a 2016 update?
I've always wanted to ask what geeky gifts Slashdot's readers remember from when they were kids. (And what geeky gifts do you still bitterly wish some enlightened person would've given you?) But more importantly, what modern-day tech toys can best encourage the budding young geeks of today? Leave your best answers in the comments. What's the best geeky gift for children?

An anonymous reader writes: This week saw the first proof of concept for Node.js API (or NAPI for short), "making module maintainers' lives easier by defining a stable module API that is independent from changes in [Google's JavaScript engine] V8 and allowing modules to run against newer versions of Node.js without recompilation." Their announcement cites both the efforts of the Node.js API working group and of ChakraCore, the core part of the Chakra Javascript engine that powers Microsoft Edge.

And there was also a second announcement -- that the Node.js build system "will start producing nightly node-chakracore builds, enabling Node.js to be used with the ChakraCore JavaScript engine. "These initial efforts are stepping stones to make Node.js VM-neutral, which would allow more opportunities for Node.js in IoT and mobile use cases as well as a variety of different systems."
One IBM runtime developer called it "a concrete step toward the strategic end goal of VM neutrality," and the Node.js Foundation believes that the API will ultimately result in "more modules to choose from, and more stability with modules without the need to continually upgrade."

Reader Bruha writes: After examining results in Pennsylvania, Michigan, and Wisconsin computer scientists have discovered Clinton averaged 7% worse in counties with e voting machines vs. counties with only paper or optical scan ballots.From a CNN report:The computer scientists believe they have found evidence that vote totals in the three states could have been manipulated or hacked and presented their findings to top Clinton aides on a call last Thursday. The scientists, among them J. Alex Halderman, the director of the University of Michigan Center for Computer Security and Society, told the Clinton campaign they believe there is a questionable trend of Clinton performing worse in counties that relied on electronic voting machines compared to paper ballots and optical scanners, according to the source. The group informed John Podesta, Clinton's campaign chairman, and Marc Elias, the campaign's general counsel, that Clinton received 7% fewer votes in counties that relied on electronic voting machines, which the group said could have been hacked.Halderman wrote more about it on Medium today in an article titled, "Want to Know if the Election was Hacked? Look at the Ballots"

Update: Green party candidate Jill Stein is asking for donations to fund a recount of her own in Michigan, Pennsylvania, and Wisconsin, which are the states key to Hillary Clinton's surprising loss. Stein says she must raise $2.5 million by Friday 4 pm central time to proceed.

Editor's note: the story has been updated and moved up on the front page.

Zack Whittaker, reporting for ZDNet: One of the largest distributed denial-of-service attacks happened this week and almost nobody noticed. Since the cyberattack on Dyn two weeks ago, the internet has been on edge, fearing another massive attack that would throw millions off the face of the web. The attack was said to be upwards of 1.1 Tbps -- more than double the attack a few weeks earlier on security reporter Brian Krebs' website, which was about 620 Gbps in size, said to be one of the largest at the time. The attack was made possible by the Mirai botnet, an open-source botnet that anyone can use, which harnesses the power of insecure Internet of Things devices. This week, another Mirai botnet, known as Botnet 14, began targeting a small, little-known African country Liberia, sending it almost entirely offline each time. Security researcher Kevin Beaumont, who was one of the first to notice the attacks and wrote about what he found, said that the attack was one of the largest capacity botnets ever seen. One transit provider said the attacks were over 500 Gbps in size. Beaumont said that given the volume of traffic, it "appears to be the owned by the actor which attacked Dyn." An attack of that size is enough to flatten even a large network -- or as was seen this week, a small country. Update: 11/03 19:37 GMT: The title of the story (same as the ZDNet's story) was updated to mention the name of the country. The summary was updated to reflect the same, as well.

An anonymous reader writes: "Wow, dude I did not even know we were fighting," Wix CEO Avishai Abrahami posted on the company's blog Saturday -- responding to Wordpress creator Matt Mullenweg, who on Friday accused Wix of stealing their code. "The claim is that the Wix mobile apps distribute GPL code and aren't themselves GPL, so they violate the license," Mullenweg wrote.

Abrahami argued that "Everything we improved there or modified, we submitted back as open source," adding "we will release the app you saw as well... " Mullenweg responded "It appears you and [lead engineer] Tal might share a misunderstanding of how the GPL works," ultimately adding "software licensing can be tricky and many people make honest mistakes."
Wix had also argued they're giving back to the open source community by listing 224 public projects on their GitHub page. "Thank you for the offer to use them," Mullenweg responded. "If we do, we'll make sure to follow the license you've put on the code very carefully."

Ukrainian activists have compromised 2,337 messages in the Microsoft Outlook accounts of two assistants to a top aide of Vladimir Putin. An anonymous Slashdot reader quotes NBC News: A Ukrainian group calling itself Cyber Hunta has released more than a gigabyte of emails and other material from the office of one of Vladimir Putin's top aides, Vladislav Surkov, that show Russia's fingerprints all over the separatist movement in Ukraine. While the Kremlin has denied the relationship between Moscow and the separatists, the emails show in great detail how Russia controlled virtually every detail of the separatist effort in the Russian-speaking regions of Ukraine, which has torn the country apart and led to a Russian takeover of Crimea...

"This is a serious hack," said Maks Czuperski, head of the Digital Forensic Research Lab of the Atlantic Council, which has searched through the email dump and placed selected emails online. "We have seen so much happen to the United States, other countries at the hands of Russia," said Czuperski. "Not so much to Russia. It was only a question of time that some of the anonymous guys like Cyber Hunta would come to strike them back."
A senior U.S. intelligence official told NBC News that the U.S. "had no role" in the breach -- but when asked if the material was authentic, replied there was "nothing to indicate otherwise."

An anonymous reader writes: "I didn't even know they gave out prizes," said a Brooklyn College CS professor, remembering how he'd learned that a demo of the Picat programming language won a $10,000 grand prize last month at the NYC Media Lab Summit. Professor Neng-Fa Zhou created Picat with programmer Jonathan Fruhman, and along with graduate student Jie Mei they'd created a demo titled "The Picat Language and its Application to Games and AI Problems" to showcase the language's ability to solve combinatorial search problems, "including a common interface with CP, SAT, and MIP solvers."

Mie tells the Brooklyn College newspaper that Picat "is a multi-paradigm programming language aimed for general-purpose applications, which means theoretically it can be used for everything in life," and Zhou says he wants to continue making the language more useful in a variety of settings. "I want this to be successful, but not only academically... When you build something, you want people to use it. And this language has become a sensation in our community; other people have started using it."

Soon after it was announced that Project Include, a community for building meaningful, enduring diversity and inclusion into tech companies, would no longer work with Y Combinator startups, Facebook CEO Mark Zuckerberg defended Thiel's status as a Facebook board member in a message to employees. "We can't create a culture that says it cares about diversity and then excludes almost half the country because they back a political candidate," Zuckerberg wrote. "There are many reasons a person might support Trump that do not involve racism, sexism, xenophobia, or accepting sexual assault." The Verge reports: A screenshot of the memo was posted to Hacker News yesterday, and it later surfaced on Boing Boing. A Facebook spokesman confirmed the authenticity of the five-paragraph memo to The Verge. It appears to have been posted on Facebook for Work, the enterprise version of Facebook that the company recently made available to other companies. Thiel's endorsement of Trump has put those CEOs in a difficult position. On one hand he is a close adviser; on the other, his support for an erratic, racist demagogue has outraged many of their employees and partners. Like Y Combinator's Sam Altman before him, Zuckerberg defended the company's ties to Thiel by saying that the company has a moral obligation to consider a variety of viewpoints, no matter how abhorrent. "We care deeply about diversity," Zuckerberg wrote. "That's easy to do when it means standing up for ideas you agree with. It's a lot harder when it means standing up for the rights of people with different viewpoints to say what they care about. That's even more important." Of course, as the designer Jason Putorti wrote on Medium this week, Thiel already has an outsized capacity to stand up for ideas he agrees with: he spent $1.25 million to promote them. Zuckerberg's memo reads as if he is defending Thiel's right to post on Facebook. In fact, the question is whether someone who promotes opposition to gender and racial equality should be allowed to serve as a steward for a company whose stated mission is to connect the world.

Peter Thiel's support for U.S. Republican presidential candidate Donald Trump has given Silicon Valley a headache. This past weekend, Thiel donated $1.25 million to his campaign, which is driving away partners from Thiel's Silicon Valley accelerator, Y Combinator. Today, Project Include, a community for building meaningful, enduring diversity and inclusion into tech companies, said that it would no longer work with Y Combinator startups. "Thiel's actions are in direct conflict with our values at Project Include," the group's co-founder, Ellen Pao, wrote in a Medium post. "Because of this continued connection to YC, we are compelled to break off our relationship with YC." The Verge reports: Founded in 2005, Y Combinator has incubated some of the biggest tech companies of the past decade, including Airbnb, Dropbox, and Stripe. It faced a barrage of criticism over the weekend for refusing to dissociate itself from Thiel, who took an advisory role with the organization in 2015. In a series of tweets, YC's president stood by Thiel. "Cutting off opposing viewpoints leads to extremism and will not get us the country we want," Sam Altman wrote. "Diversity of opinion is painful but critical to the health of a democratic society. We can't start purging people for political support." In her post, Pao rejected the idea that Thiel's donation could be dismissed as political speech. "We agree that people shouldn't be fired for their political views, but this isn't a disagreement on tax policy, this is advocating hatred and violence," she wrote. "Giving more power to someone whose ascension and behavior strike fear into so many people is unacceptable. His attacks on black, Mexican, Asian, Muslim, and Jewish people, on women, and on others are more than just political speech; fueled by hate and encouraging violence, they make each of us feel unsafe."

That group auctioning the NSA's hacking tools is "very upset" no one's bidding on them. An anonymous Slashdot reader quotes Motherboard: "TheShadowBrokers" authored another bizarre rant expressing their annoyance at the seeming lack of interest in ponying up bitcoins to release their full set of stolen files. "Peoples is having interest in free files ... But people is no interest in #EQGRP_Auction," the mysterious hacker group complained in a ranting post on Medium, which seems to be purposely written in Borat-style broken English. "TheShadowBrokers is thinking this is information communication problem."

The message also blindly lashes out at hackers, foreign intelligence services, and basically anyone else who hasn't bid on the files... At the time of this writing, TheShadowBrokers have only received bids for a total of 1.76 bitcoins -- or about $1,082 -- far below the group's asking price of $1 million.
At least five transactions came from a prankster who was trying to Rickroll the group with bitcoin addresses containing the words "Never Gonna Give You Up."

An anonymous reader quotes a report from Motherboard: Jacob Ajit is 17 and he just hacked his way to getting free phone data, presumably so that he can do whatever it is that teens do online these days without alerting his parents with overage fees. According to a Medium post Ajit posted on Wednesday, he made his discovery while playing around with a prepaid T-Mobile phone with no service. The phone was still able to connect to the network, although it would only take him to a T-Mobile portal asking him to renew the prepaid phone plan. For some reason, though, Ajit wrote that his internet speed test app still worked, albeit through a T-Mobile server. Ajit figured out that he was able to access media sent from any folder labelled "/speedtest," possibly because T-Mobile whitelists media files from speed tests regardless of the host. He tested his theory by setting up a "/speedtest" folder on his own site and filled it with media, including a Taylor Swift music video, which he was able to access. Ajit writes that he then created a proxy server that allows users to access any site with this method. All a T-Mobile user has to do is go to this page and input any URL they want to visit. "Just like that, I now had access to data throughout the T-Mobile network without maintaining any sort of formal payments or contract," Ajit wrote on Medium. "Just my phone's radios talking to the network's radios, free of any artificial shackles."

HockeyPuck quotes a report from New York Times: This week, WrkRiot, began unraveling in a highly public fashion (Warning: may be paywalled). Its former head of marketing revealed that the start-up had been mired in internal chaos and had sometimes paid employees in cashier's checks before delaying payment... Penny Kim, the former marketing director at WrkRiot, wrote about her experience at the company -- a story that consists of alleged deceptions, including forged wire transfer receipts, late paychecks, and lies from executives. Her entire story can be found in a Medium post titled "I Got Scammed By A Silicon Valley Startup." Quartz reports: "Here's the story Kim lays out in her Medium post: In May 2016, after three interviews, she says she accepted the role of marketing director at 1for.one, one of WrkRiot's earlier incarnations. From the beginning, things didn't seem quite right, she says. The CEO, Isaac Choi, hired one of her direct reports without consulting her. A promised $4 million marketing budget never materialized. At investor meetings, the co-founders 'talked about themselves, their connections, and their qualifications for 30 minutes' rather than the product, which they touted as the next 'Credit Karma of LinkedIn.' The software engineering team was largely made up of young Chinese employees relying on visas sponsored by the company to remain in the U.S., Kim says. After repeated inquiring about salaries, Kim alleges, Choi sent forged Wells Fargo wire transfer receipts to 17 employees, and told them that if the money wasn't in their accounts that it was their responsibility to follow up with their banks. Kim ended up filing wage claims with the state of California as the paychecks stopped coming. Kim claims Choi fired her without cause and owes her back wages, a promised $10,000 relocation bonus, and three months of severance worth $50,000, as negotiated in her contract. A series of former employees, advisors, and even the company's former CTO have since denounced WrkRiot and its leadership, in particular Choi."

Here's a debate that refuses to die: given a choice, would you rather use spaces or tabs? An episode of Silicon Valley last season had a bit on this. Now we have more data to analyze people's behavior. A Google developer has looked into 400,000 GitHub repositories -- 1 billion files, 14 terabytes to find that programmers with interest in specific languages do seem to prefer either tabs or spaces. Spoiler alert: space wins, like all the time.

Chris Dixon, an American internet entrepreneur and investor in a range of tech and media companies including Kickstarter and Foursquare has written an essay on Medium highlighting some of the reasons why we should be excited about the future of technology. The reasons he has listed are as follows: 1. Self-Driving Cars: Self-driving cars exist today that are safer than human-driven cars in most driving conditions. Over the next 3-5 years they'll get even safer, and will begin to go mainstream.
2. Clean Energy: Attempts to fight climate change by reducing the demand for energy haven't worked. Fortunately, scientists, engineers, and entrepreneurs have been working hard on the supply side to make clean energy convenient and cost-effective.
3. Virtual and Augmented Reality: Computer processors only recently became fast enough to power comfortable and convincing virtual and augmented reality experiences. Companies like Facebook, Google, Apple, and Microsoft are investing billions of dollars to make VR and AR more immersive, comfortable, and affordable.
4. Drones and Flying Cars: GPS started out as a military technology but is now used to hail taxis, get mapping directions, and hunt Pokemon. Likewise, drones started out as a military technology, but are increasingly being used for a wide range of consumer and commercial applications.
5. Artificial Intelligence: Artificial intelligence has made rapid advances in the last decade, due to new algorithms and massive increases in data collection and computing power.
6. Pocket Supercomputers for Everyone: By 2020, 80% of adults on earth will have an internet-connected smartphone. An iPhone 6 has about 2 billion transistors, roughly 625 times more transistors than a 1995 Intel Pentium computer. Today's smartphones are what used to be considered supercomputers.
7. Cryptocurrencies and Blockchains: Protocols are the plumbing of the internet. Most of the protocols we use today were developed decades ago by academia and government. Since then, protocol development mostly stopped as energy shifted to developing proprietary systems like social networks and messaging apps. Cryptocurrency and blockchain technologies are changing this by providing a new business model for internet protocols. This year alone, hundreds of millions of dollars were raised for a broad range of innovative blockchain-based protocols.
8. High-Quality Online Education: While college tuition skyrockets, anyone with a smartphone can study almost any topic online, accessing educational content that is mostly free and increasingly high-quality.
9. Better Food through Science: Earth is running out of farmable land and fresh water. This is partly because our food production systems are incredibly inefficient. It takes an astounding 1799 gallons of water to produce 1 pound of beef. Fortunately, a variety of new technologies are being developed to improve our food system.
10. Computerized Medicine: Until recently, computers have only been at the periphery of medicine, used primarily for research and record keeping. Today, the combination of computer science and medicine is leading to a variety of breakthroughs.
11. A New Space Age: Since the beginning of the space age in the 1950s, the vast majority of space funding has come from governments. But that funding has been in decline: for example, NASA's budget dropped from about 4.5% of the federal budget in the 1960s to about 0.5% of the federal budget today.

blottsie writes: The NSA and FBI are both expected to investigate the leak of NSA-linked cyberweapons this week by an entity calling itself the Shadow Brokers, experts with knowledge of the process tell the Daily Dot. However, multiple experts say any retaliation by the U.S. will likely remain secret to keep the tactical advantage. Meanwhile, Motherboard reports that some former NSA staffers believe the leak is the work of a "rogue NSA insider." "First, the incident will be investigated by the National Security Agency as it tracks down exactly what went so wrong that top-secret offensive code and exploits ended up stolen and published for the world to see," reports Daily Dot. "An FBI counterintelligence investigation will likely follow, according to experts with knowledge of the process. [...] Following the investigation, the NSA and other entities within the United States government will have to decide on a response." The response will depend on a lot of things, such as whether or not an insider at the NSA is responsible for the breach -- a theory that is backed by a former NSA staffer and other experts. "The process is called an IGL: Intelligence Gain/Loss," reports Daily Dot. "Authorities suss out a pro and con list for various reactions, including directly and publicly blaming another country. [Chris Finan, a former director of cybersecurity legislation in the Obama administration and now CEO of the security firm Manifold Technology, said:] 'Some people think about responding in kind: A U.S. cyberattack. Doing that gives up the asymmetric response advantage you have in cyberspace.' Finan urged authorities to look at all tools, including economic sanctions against individuals, companies, groups, governments, or diplomatic constraints, to send a message through money rather than possibly burning a cyberwar advantage. Exactly if and how the U.S. responds to the Shadow Brokers incident will depend on the source of the attack. Attribution in cyberwar is tricky or even impossible much of the time. It quickly becomes a highly politicized process ripe with anonymous sources and little solid fact."

An anonymous reader writes: Discovered in 1997 by Aaron Spangler and never fixed, the WinNT/Win95 Automatic Authentication Vulnerability (IE Bug #4) is certainly an excellent vintage. In Windows 8 and 10, the same bug has now been found to potentially leak the user's Microsoft Live account login and (hashed) password information, which is also used to access OneDrive, Outlook, Office, Mobile, Bing, Xbox Live, MSN and Skype (if used with a Microsoft account). The bug itself seems to be present in all Windows systems since Windows 95 / NT, although only Windows 8 and above are effectively compromised. To see if your machine is affected, you may want to check the public demonstration of the exploit, set up by the guys from [Perfect Privacy] and based on [VladikSS] original work. Basically, the default User Authentification Settings of Edge/Spartan (also Internet Explorer, Outlook) lets the browser connect to local network shares, but erroneously fail to block connections to remote shares. To exploit this, an attacker would simply set up a network share. An embedded image link that points to that network share is then sent to the victim, for example as part of an email or website. As soon as the prepped content is viewed inside a Microsoft product such as Edge/Spartan, Internet Explorer or Outlook, that software will try to connect to that share in order to download the image. Doing so, it will silently send the user's Windows login username in plaintext along with the NTLMv2 hash of the login password to the attacker's network share.

A security researcher describes gaining full access to the production database for Imgur's image-sharing site -- and then successfully lobbying the company for a higher bug bounty of $5,000. Nathan Malcolm says he exploited a remote-access vulnerability in one of Imgur's unprotected development servers to read their /etc/passwd file, and also keys.php, which contained the credentials for their MySQL servers. An anonymous Slashdot reader quotes Nathan's article on Medium: An important part of security research is knowing when to stop. I went far enough to prove how serious the issue is, and demonstrate what a malicious attacker could do, while not being overly careless or intrusive... I hope other teams can learn from Imgur's willingness to take on feedback and improve, as communication around security is so very important.
Imgur's founder and CEO sent him a personal e-mail along with the bounty, which ended "Thanks so much for protecting us and properly reporting it to us." The author of the article reports that "I've continued to participate in Imgur's bug bounty program, and while it's not perfect, it's responded and paid out nicely to myself and others." And the $5,000 bounty? "Half of that went to people in need, including Lauri Love, a hacker facing extradition to the United States, and a close friend who was recently made homeless. Various charities and researchers also benefited from it."

Slashdot reader mkwan writes: Economies are just a collection of processes that convert raw materials and labour into useful goods and services. By representing these processes as a series of equations and solving a humongous linear programming problem, it should be possible to maximize an economy's GDP. The catch? The economy needs to go communist.
"[P]oorest members would receive a basic income that gradually increases as the economy becomes more efficient, plateauing at a level where they can afford everything they want to consume," argues the article, while "The middle classes wouldn't see much change. They would continue to work in a regular job for a regular -- but steadily increasing -- wage... Without the ability to own real-estate, companies, or intellectual property, it would be almost impossible to become rich, especially since the only legal source of income would be from a government job."

An anonymous reader writes from a report via CNN: "We have listened to Donald Trump over the past year and we have concluded: Trump would be a disaster for innovation," wrote 145 technology leaders in an open letter Medium post published Thursday. Some of the leaders are from tech giants like Google, Facebook and Apple, others from small startups, venture capital firms, nonprofits and universities. "We believe in an inclusive country that fosters opportunity, creativity and a level playing field. Donald Trump does not," reads the letter, which was signed by well-known names like Apple cofounder Steve Wozniak, Slack CEO Stewart Butterfield, IAC's Barry Diller, Reddit's Alexis Ohanian and Wikipedia's Jimmy Wales. "His reckless disregard for our legal and political institutions threatens to upend what attracts companies to start and scale in America. He risks distorting markets, reducing exports, and slowing job creation," reads the letter, published by chief marketing officer at Color Genomics and former VP at Twitter Katie Jacobs Stanton. Moreover, Trump has shown "poor judgment and ignorance about how technology works," they wrote, citing his proposal to "shut down" parts of the Internet and the fact that he has revoked reporters' press credentials. "We stand against Donald Trump's divisive candidacy," the letter concludes. "We embrace an optimistic vision for a more inclusive country, where American innovation continues to fuel opportunity, prosperity and leadership." Meanwhile, Jon Swartz writes from USA Today that "If there was any lingering doubt as to tech's favored presidential candidate, Hillary Clinton put an end to that Tuesday with a tech plan that reads like a Silicon Valley wish list."

Tech job postings are down 40% year-on-year, says Cameron Moll, founder of job board Authentic Jobs. He says that job volume for April 2016 was nearly half the volume of April 2015, and currently, annual job posting volume is 63% on the platform compared to 2015, and 59% compared to 2014. But wait, there is always a chance that it is only his website that is getting less popular, right? Mr. Moll adds that it's not just his job board, but several of the competitors' as well. From a blog post: On one hand, we're cautious to assume that fewer jobs posted = fewer jobs available. We recognize companies have many avenues for advertising available jobs -- social media, recruiters, employee word-of-mouth, company websites, etc. Companies may choose at any time to broadcast jobs through these channels instead of a job board. So, for all intents and purposes, it's feasible the same number of jobs are available this year compared to previous years, just not on job boards. On the other hand, our volume trends have been very consistent the past four years. However, these trends are suddenly meaningless in 2016. It's anyone's guess what our volume will be each month regardless of what the historical data says.

All software written for the government in Bulgaria are now required to be open-source. The amendments to put such laws in motion were voted in domestic parliament and are now in effect, announced software engineer Bozhidar Bozhanov, who is also an adviser to the Deputy Prime Minister at Council of Ministers of the Republic of Bulgaria. All such software will also be required by law to be developed in a public repository. Bozhanov writes in a blog post:That does not mean that the whole country is moving to Linux and LibreOffice, neither does it mean the government demands Microsoft and Oracle to give the source to their products. Existing solutions are purchased on licensing terms and they remain unaffected (although we strongly encourage the use of open source solutions for that as well). It means that whatever custom software the government procures will be visible and accessible to everyone. After all, it's paid by tax-payers money and they should both be able to see it and benefit from it. As for security -- in the past "security through obscurity" was the main approach, and it didn't quite work -- numerous vulnerabilities were found in government websites that went unpatched for years, simply because a contract had expired. With opening the source we hope to reduce those incidents, and to detect bad information security practices in the development process, rather than when it's too late.

An anonymous Slashdot reader quotes an article from Fortune: Rdio goes bankrupt, Pandora hangs out a 'For Sale' sign and then gets rid of its CEO, artists and labels ramp up their criticism of YouTube. Now we have Tidal in acquisition talks with Apple, while Spotify complains about Apple treating it unfairly... the digital music business is becoming an industry in which only a truly massive company with huge scale and deep pockets can hope to compete... Rdio went bankrupt last year in large part because it couldn't afford to make the licensing payments the record industry requires of streaming services. Deezer, a European service, postponed a planned initial public offering partly because its business is financially shaky for the same reason... [Rhapsody] is still racking up massive losses... Spotify has found it almost impossible to make money, primarily because of onerous licensing payments...

[A]ll the available evidence seems to show that the digital-music business, at least the way it is currently structured, simply isn't economic. The only way for anyone to even come close to making it work is to make it part of a much larger company, like Apple or Amazon or Google. That way they can absorb the losses, they have the heft to negotiate with the record industry, and they can find synergies with their other businesses. In other words, music as a standalone business appears to be dead, or at least on life support.
The article links to an essay by a former eMusic CEO arguing high royalty rates make it impossible to have a profitable business, and the music industry "buried more than 150 startups -- now they are left to dance with the giants."

Earlier this week, security researchers at Checkpoint reported about vulnerabilities in Facebook Chat and Messenger that, if exploited, could allow anyone to essentially take control of any message sent by Chat or Messenger. Now a developer named Inti De Ceukelaire is pointing out another flaw in how Facebook deals with URLs. The Verge reports: Through the right API call, De Ceukelaire was able to summon links shared by specific users in private messages. The links were collected by the Facebook crawler, where De Ceukelaire discovered they were easily accessible to anyone running a Facebook app. Those links could be anything from a popular news story to directions to an abortion clinic. As long as they're shared in private messages, they're logged in Facebook's database, and accessible to API calls. It would be hard to exploit that bug at scale for a few different reasons. De Ceukelaire was only able to make the API call because he's registered as a Facebook developer, and if he started pulling those links en masse, Facebook would quickly catch on and pull his credentials. Still, the bug points to a number of lingering problems with the conflicting way web services treat URLs, and how those conflicts can put private information into public view.

Ron Amadeo, reporting for Ars Technica (edited and condensed): Nest CEO Tony Fadell wasn't officially "fired" from Nest, but it certainly feels like it. In just the last few months, Nest has had to deal with reports of an "employee exodus," a string of public insults from Dropcam co-founder and departing Nest employee Greg Duffy, news that even Google supposedly didn't want to work with Nest on a joint project, and fallout from the company's decision to remotely disable Nest's deprecated Revolv devices. [...] It's hard to argue with the decision to "transition" Fadell away from Nest. When Google bought Nest in January 2014, the expectation was that a big infusion of Google's resources and money would supercharge Nest. Nest grew from 280 employees around the time of the Google acquisition to 1200 employees today. In Nest's first year as "a Google company," it used Google's resources to acquire webcam maker Dropcam for $555 million, and it paid an unknown amount for the smart home hub company Revolv. Duffy said Nest was given a "virtually unlimited budget" inside Alphabet. In return for all this investment, Nest delivered very little. Two-and-a-half years under Google/Alphabet, a quadrupling of the employee headcount, and half-a-billion dollars in acquisitions yielded minor yearly updates and a rebranded device. That's all.

Dan Goodin, reporting for Ars Technica: A large number of websites are vulnerable to a simple attack that allows hackers to execute malicious code hidden inside booby-trapped images. The vulnerability resides in ImageMagick, a widely used image-processing library that's supported by PHP, Ruby, NodeJS, Python, and about a dozen other languages. Many social media and blogging sites, as well as a large number of content management systems, directly or indirectly rely on ImageMagick-based processing so they can resize images uploaded by end users. According to developer and security researcher Ryan Huber, ImageMagick suffers from a vulnerability that allows malformed images to force a Web server to execute code of an attacker's choosing. Websites that use ImageMagick and allow users to upload images are at risk of attacks that could completely compromise their security. "The exploit is trivial, so we expect it to be available within hours of this post," Huber wrote in a blog post. He went on to say: "We have collectively determined that these vulnerabilities are available to individuals other than the person(s) who discovered them. An unknowable number of people having access to these vulnerabilities makes this a critical issue for everyone using this software."

An anonymous reader writes: Developer Nick Lee has successfully installed Windows 95 on his Apple Watch. It works, but it runs very slow. For example, it takes about an hour for the OS to boot up. In a blog post, Lee points out the Apple Watch features specs capable of running the old OS. To get Windows 95 running on the Apple Watch, Lee had to modify Apple's development software in "rather unorthodox ways" that allowed him to turn the OS into a Watch app, which also emulates an environment for the OS to run on, he tells The Verge. To deal with the fact that Apple Watch's screen is always turning itself off when not in use, he set up a motorized tube that constantly turns the Watch's crown, preventing it from falling asleep. In addition, Lee altered the Watch's software to let Windows 95 track a single fingertip, hence the constant swiping in his video.

Joshua Topolsky, co-founder of The Verge and Vox Media, and formerly Editor-in-chief of Engadget, has published an article on Medium wherein he analyzes the ongoing and long-term issues with digital media businesses and their increasingly growing thirst for more and more clicks. Topolsky says that the rate at which media outlets are adopting the new technologies and platforms (such as video, "bots, newsletters, a morning briefing app, a lean back iPad experience, Slack integration, a Snapchat channel, or a great partnership with Twitter") in an attempt to capture more audience -- and save its receding loyal reader base -- isn't going to fix the problem. Topolsky, who left Bloomberg news outlet last year amid his disagreement with Michael Bloomberg himself, writes: The Problem is that we used to have a really neat and tidy version of a media business where very large interests controlled vast swaths of the things we read, watched, and listened to. Because that system was built on the concept of scarcity and locality -- the limits of what was physically possible -- it was very easy to keep the gates and fill the coffers. Put simply, there were far fewer players in the game with far fewer outlets for their content, so audiences were easy to sell to and easy to come by. [...] The media industry now largely thinks its only working business model is to reach as many people as possible, and sell -- usually programmatically, but sometimes not -- as many advertisements against that audience as it can. If they tell you otherwise, they are lying. [...] The truth is that the best and most important things the media (let's say specifically the news media) has ever made were not made to reach the most people -- they were made to reach the right people. Because human beings exist, and we are not content consumption machines. What will save the media industry -- or at least the part worth saving -- is when we start making Real Things for people again, instead of programming for algorithms or New Things.

An anonymous reader writes: Mozilla seems to think a new future for Firefox [lies in Chrome]. While they claim that it is only about new ways of browser design, it is also an open secret that they are running into more and more problems lately with web compatibility. [Senior VP Mark Mayo caused a storm by revealing that the Firefox team is working on a next-generation browser that will run on the same technology as Google's Chrome browser. The project, named Tofino, will not use Firefox's core technology, Gecko, but will instead plumb for Electron, which is built on the technology behind Google's rival Chrome browser, called Chromium.] The benefit of Chromium/Electron would be that it is a solution they could pull much faster forward than their own Servo plans [Servo being Mozilla's Rust-based web engine]. What the real outcome of all this will be, only Mozilla knows so far. But inside Mozilla there is much resistance against such plans... Interesting times are ahead.

Nest, a Google-owned company, will deliberately break one of its own products come May 15. The company has announced plans to disable Revolv, a hub that allows customers to electronically control lights in their homes. Entrepreneur Arlo Gilbert raises some important questions: Google/Nest's decision raises an interesting question. When software and hardware are intertwined, does a warranty mean you stop supporting the hardware or does it mean that the manufacturer can intentionally disable it without consequence? Tony Fadell seems to believe the latter. Tony believes he has the right to reach into your home and pull the plug on your Nest products. [...] To be clear, they are not simply ceasing to support the product, rather they are advising customers that on May 15th a container of hummus will actually be infinitely more useful than the Revolv hub. Google is intentionally bricking hardware that I own. That's a pretty blatant "fuck you" to every person who trusted in them and bought their hardware. They didn't post this notice until long after Google had made the acquisition, so these are Google's words under Tony Fadell's direction. Revolv was acquired by Nest in 2014, and it is believed that all Nest wanted from the acquisition was talent and workforce. An older version of Revolv website reveals that its hub was marketed to have "free lifetime service subscription," "free monthly updates for additional device support," and "free future firmware updates to automatically activate new radios." James Grimmelmann, a professor of Law, tweeted, "I didn't realize that Revolv promised free lifetime service. That makes the shutdown a deceptive trade practice as well as an unfair one." Aaron Parecki, co-founder of IndieWebCamp, wrote, "Your friendly reminder that without open standards, you're not "buying" smarthome hardware, you're renting it."

Steven Sinofsky, former President of the Windows Division at Microsoft, has cataloged how often game-changing technologies have been derided as toys. Some of the things he has included in the list include a PC, C programming, PC networking, GUI, color screen, AI, and internet video. He writes: As many have recognized, when inventions and innovations first appear they are often (always) labeled as "toys" or "incapable" of doing "real work" or providing "real entertainment." Of course, many new inventions don't work out the way inventors had hoped, though quite frequently it is just a matter of timing and the coming together of a variety of circumstances. It can be said that being labeled a toy is necessary, but not sufficient, to become the next big thing. This got me thinking about all the conferences, trip reports, and new products I have looked at over many years. Sure turns out that a huge number of things in my own career were labeled as toys -- not just by me, but by an industry at large. Check out the list on Medium.

Steven Sinofsky, former President of the Windows Division at Microsoft, has cataloged how often game-changing technologies have been derided as toys. Some of the things he has included in the list include a PC, C programming, PC networking, GUI, color screen, AI, and internet video. He writes: As many have recognized, when inventions and innovations first appear they are often (always) labeled as "toys" or "incapable" of doing "real work" or providing "real entertainment." Of course, many new inventions don't work out the way inventors had hoped, though quite frequently it is just a matter of timing and the coming together of a variety of circumstances. It can be said that being labeled a toy is necessary, but not sufficient, to become the next big thing. This got me thinking about all the conferences, trip reports, and new products I have looked at over many years. Sure turns out that a huge number of things in my own career were labeled as toys -- not just by me, but by an industry at large. Check out the list on Medium.

Reader alphadogg cites a report on NetworkWorld: MIT Media Lab, that 30-year-old tech innovation factory that has had a huge hand in churning out everything from LEGO MindStorms to the Guitar Hero video game, has now wowed the open source and free software crowd. Lab Director Joi Ito over the weekend revealed that MIT Media Lab has changed its approach to software releases to FLOSS (free/libre/open-source software) by default.

An anonymous reader quotes an article written by Chris Williams for The Register: Programmers were left staring at broken builds and failed installations on Tuesday after someone toppled the Jenga tower of JavaScript. A couple of hours ago, Azer Koculu unpublished more than 250 of his modules from NPM, which is a popular package manager used by JavaScript projects to install dependencies. Koculu yanked his source code because, we're told, one of the modules was called Kik and that apparently attracted the attention of lawyers representing the instant-messaging app of the same name. According to Koculu, Kik's briefs told him to take down the module, he refused, so the lawyers went to NPM's admins claiming brand infringement. When NPM took Kik away from the developer, he was furious and unpublished all of his NPM-managed modules. 'This situation made me realize that NPM is someone's private land where corporate is more powerful than the people, and I do open source because Power To The People,' Koculu blogged. Unfortunately, one of those dependencies was left-pad. It pads out the lefthand-side of strings with zeroes or spaces. And thousands of projects including Node and Babel relied on it. With left-pad removed from NPM, these applications and widely used bits of open-source infrastructure were unable to obtain the dependency, and thus fell over.

An anonymous reader writes: French hacker and security expert Anthony Zboralski calls social media networks a "digital shantytown" in his most recent blogpost. While fellow members of hacker collective w00w00 have formed successful billion dollar startups, he claims that the rewards for creating content and use are unfair and suggests a better solution would be like the successful creation of land title for slum dwellers — partial ownership for users on social media.

An anonymous reader writes from an opinionated article on TechCrunch by Tom Hadfield: If Facebook announces the "Messenger Bot Store" at F8, as many predict, it would be arguably the most consequential event for the tech industry since Apple announced the App Store and iPhone SDK in March 2008. Today, Facebook Messenger has 800 million monthly active users -- more than 100 times the number of iPhone owners when Apple launched the App Store. In January, TechCrunch first reported rumors of Facebook's secret Chat SDK for building Messenger bots. If and when Facebook announces a Bot Store, it will mark the "end of the beginning" of a new era: messaging as a platform. Over the summer, The Information broke the news that AI-powered Facebook M would enable Messenger users to make purchases, restaurant reservations, and travel bookings within the messaging interface. A Messenger Bot Store would have far-reaching consequences not only for entrepreneurs and investors, but also developers and designers. Sam Lessin, the CEO of Fin, says the rise of chat-based user interfaces will mark "a fundamental shift that is going to change the types of applications that get developed and the style of service development." For a time, bots were perceived to be plain-text exchanges and as such were often described as "invisible apps." As Jonathan Libov at USV points out, "just because the container is a messenger doesn't mean that all the apps inside are text-based." Tomaz Stolfa says there is "unexplored potential in blending conversational interfaces with rich graphical UI elements." If 800 million Facebook users start discovering bots in Messenger after F8, it will vindicate those who have been saying bots are the new apps.

Hallie Siegel writes: A new paper covering 60 years of robotics in American case law shows that a growing mismatch between how judges think about robots and what contemporary robots can actually do is resulting in inconsistent treatment of how robots are dealt with in the courts. Interestingly, much of this confusion comes down to the definition of the word robot; dictionaries' definitions often contradict each other. This article presents the case that lawmakers and policy makers need to work more closely with technology experts to develop a more nuanced understanding of robotics, lest new technologies overwhelm our legal systems.

An anonymous reader writes: Writing for Defense News, Lara Seligman reports, "For the first time since a controversial report detailing how the F-35 performs in a dogfight emerged last summer, an F-35 pilot gave an in-depth analysis of his experience flying the jet in a close-range battle scenario. Norwegian Air Force Maj. Morten 'Dolby' Hanche, the first Norwegian to fly the F-35, analyzed the jet's performance in a dogfight in a March 1 blog post published on Norway's Ministry of Defense website. Although Hanche never mentions the 2015 report, 'F-35A High Angle of Attack Operational Maneuvers' revealed last summer by blogger David Axe on WarisBoring.com, he counters many of the anonymous author's claims."

whoever57 writes: Talia Jane was employed by Yelp in San Francisco but after posting in an open letter to Yelp's CEO, Jeremy Stoppelman, that her after tax income of $8.15 was insufficient to provide basic necessities like heating, food, etc., she discovered that she had been fired. How did she discover? Her work email stopped working. Even her boss did not know what had happened. Stoppelman denies having a hand in her firing, making the claim "(There are) two sides to every HR story so Twitter army please put down the pitchforks," replying to the criticism. He didn't personally turn off her email, perhaps he did not even make the decision to fire her, but as the person who ultimately sets the culture and policies of the company, his claim to not be directly responsible is unconvincing.

New submitter isisilik writes: For those working in the 'aaS' business the Parse shutdown was the main topic of conversation this weekend. So why did Facebook decide to shut down their developer platform? The author claims that Facebook never wanted to host apps to begin with, they just wanted developers to use Facebook login. And he builds up a good case.

New submitter umafuckit writes: Blogger Stewart Alsop wrote an open letter to Elon Musk following a supposedly badly run launch event for the Model X. Alsop complained that the event started almost 2 hours late and was unable to test drive the car (for which has put down a deposit). In response, Musk cancelled Alsop's pre-order saying "Must be a slow news day if denying service to a super rude customer gets this much attention." Alsop, who is known not just for his prolific blogging but for his role as a founding partner at VC firm Alsop Louie Partners, compares his treatment by Tesla to that of BMW, about which he's also said some unflattering things as a customer.

An anonymous reader writes: Eric Springer describes his recent troubles with Amazon to highlight one of the biggest weak points in information security: customer service. You can use complex passwords and two-factor authentication all you want — all it takes is a low-level representative trying to be helpful and your account information is now compromised. In this case, a bad actor was able to use Amazon's online chat support and a fake address to get the rep to tell him Springer's real address and phone number. That was enough to commit fraud with a couple of unrelated online services. Springer complained, but months later the same thing happened again. That time, he had Amazon put a note on his account not to give out his details.

But that didn't help; the attacker contacted Amazon's phone support line instead, and gathered yet more information. Springer writes, "At this point, Amazon has completely betrayed my trust three times. I have done absolutely everything in my power to secure my account, but it's hopeless. I am in the process of closing my Amazon account, and migrating as much to Google services which seem significantly more robust at stopping these attacks." Springer's advice for fixing this: "Never do customer support unless the user can log in to their account. The only exception to this would be if the user forgot the password, and there should be a very strict policy." He also says email services should make aliases easier, and whois protection should be default.

tiltowait writes: Slashdot readers should be familiar with most if not all of these, but the list of 20 Hollow Copyright Claims is a somber reminder of the current sorry state of intellectual property laws in the United States--as anyone who's encountered a paywall or a takedown notice (or remembers Slashdot's run-in with Scientology) can attest. It serves as a call to arms that we not lose sight of the benefits to sharing knowledge.

New submitter kynthelig writes: There are a hundred reasons why 3D printed cars might not work. But that's true of almost any great idea in tech. A few automotive entrepreneurs have developed a vision — along with actual physical cars — that rethink the assumptions about how cars get built. The result has a smaller environmental footprint than either conventional or electric cars, allows for faster innovation, and retools car manufacturing into a local, community-oriented business. The car revolution isn't just in automating them: it's also in how we build them.

An anonymous reader writes: Steven Levy reports on his trip to the facility where Google tests is autonomous vehicles (here's a map). The company apparently has a four-week program to certify people to not-drive these cars, and they gave Levy an abbreviated version of it. "The most valuable tool the test team has for making sure things are running smoothly is the laptop on the co-driver's lap. Using an interface called x_view, the laptop shows the world as the car sees it, a wireframe representation of the area that depicts all the objects around the car: pedestrians, trees, road signs, other cars, motorcycles—basically everything picked up by the car's radar and laser sensors.

X_view also shows how the car is planning to deal with conditions, mainly through a series of grid-like "fences" that depict when the car intends to stop, cautiously yield, or proceed past a hazard. It also displays the car's path. If the co-driver sees a discrepancy between x_view and the real world, that's reason to disengage. ... At the end of the shift, the entire log is sent off to an independent triage team, which runs simulations to see what would have happened had the car continued autonomously. In fact, even though Google's cars have autonomously driven more than 1.3 million miles—routinely logging 10,000 to 15,000 more every week—they have been tested many times more in software, where it's possible to model 3 million miles of driving in a single day."

An anonymous reader writes: Steven Levy reports on his trip to the facility where Google tests is autonomous vehicles (here's a map). The company apparently has a four-week program to certify people to not-drive these cars, and they gave Levy an abbreviated version of it. "The most valuable tool the test team has for making sure things are running smoothly is the laptop on the co-driver's lap. Using an interface called x_view, the laptop shows the world as the car sees it, a wireframe representation of the area that depicts all the objects around the car: pedestrians, trees, road signs, other cars, motorcycles—basically everything picked up by the car's radar and laser sensors.

X_view also shows how the car is planning to deal with conditions, mainly through a series of grid-like "fences" that depict when the car intends to stop, cautiously yield, or proceed past a hazard. It also displays the car's path. If the co-driver sees a discrepancy between x_view and the real world, that's reason to disengage. ... At the end of the shift, the entire log is sent off to an independent triage team, which runs simulations to see what would have happened had the car continued autonomously. In fact, even though Google's cars have autonomously driven more than 1.3 million miles—routinely logging 10,000 to 15,000 more every week—they have been tested many times more in software, where it's possible to model 3 million miles of driving in a single day."

TheCoop1984 writes: A blog post by ex-Bitcoin developer Mike Hearn has highlighted dysfunctional management right at the top of Bitcoin development. He says it is clear Bitcoin is on the verge of collapse, and lays out several compelling reasons why. Quoting: "What was meant to be a new, decentralized form of money that lacked 'systemically important institutions' and 'too big to fail' has become something even worse: a system completely controlled by just a handful of people. Worse still, the network is on the brink of technical collapse. The mechanisms that should have prevented this outcome have broken down, and as a result there’s no longer much reason to think Bitcoin can actually be better than the existing financial system." Is the end of Bitcoin on the horizon?

New submitter acm writes: RouteBuilder has been using the Google Maps API to help people share their routes (bicycling, hiking, etc) for a decade. Last week, Google sent an email demanding Routebuilder stop using the API: "In particular,your application violates clause 10.4(c), which does not allow developers to create a wrapper — an application that re-implements or duplicates the Google Maps website or mobile app, or any of the Google Maps APIs." Why did it take the Google Maps Team 10 years to decide they don't want pedometer-type sites to use their API?

An anonymous reader writes: 2015 was an undeniably huge year in Virtual Reality, breaking down the doors and setting the stage for an all-out 2016 consumer VR frenzy. The adoption of VR is not simply like ‘just another’ new device, not like a new aspect ratio for display panels, not like just an upgraded generation of gaming console, but a fundamentally new kind of technology that enables a new kinds of experiences that haven’t before been possible or comparable to anything else we’ve had (in the consumer market at least). Here is an article of some of my predictions for the coming years. What are your predictions?