Slashdot Mirror

An anonymous reader quotes a report from Business Insider: The actual tally of stolen user accounts from the hack Yahoo experienced could be much larger than 500 million, according to a former Yahoo executive familiar with its security practices. The former Yahoo insider says the architecture of Yahoo's back-end systems is organized in such a way that the type of breach that was reported would have exposed a much larger group of user account information. To be sure, Yahoo has said that the breach affected at least 500 million users. But the former Yahoo exec estimated the number of accounts that could have potentially been stolen could be anywhere between 1 billion and 3 billion. According to this executive, all of Yahoo's products use one main user database, or UDB, to authenticate users. So people who log into products such as Yahoo Mail, Finance, or Sports all enter their usernames and passwords, which then goes to this one central place to ensure they are legitimate, allowing them access. That database is huge, the executive said. At the time of the hack in 2014, inside were credentials for roughly 700 million to 1 billion active users accessing Yahoo products every month, along with many other inactive accounts that hadn't been deleted. In late 2013, Yahoo CEO Marissa Mayer said the company had 800 million monthly active users globally. It currently has more than 1 billion.

An anonymous reader quotes a report from The Washington Post: The long-running feud between Elon Musk's space company and its fierce competitor United Launch Alliance took a bizarre twist this month when a SpaceX employee visited its facilities at Cape Canaveral, Fla., and asked for access to the roof of one of ULA's buildings. About two weeks earlier, one of SpaceX's rockets blew up on a launchpad while it was awaiting an engine test. As part of the investigation, SpaceX officials had come across something suspicious they wanted to check out, according to three industry officials with knowledge of the episode. SpaceX had still images from video that appeared to show an odd shadow, then a white spot on the roof of a nearby building belonging to ULA, a joint venture between Lockheed Martin and Boeing. The SpaceX representative explained to the ULA officials on site that it was trying to run down all possible leads in what was a cordial, not accusatory, encounter, according to the industry sources, who spoke on the condition of anonymity because of the ongoing investigation. The building, which had been used to refurbish rocket motors known as the SMARF, is just more than a mile away from the launchpad and has a clear line of sight to it. A representative from ULA ultimately denied the SpaceX employee access to the roof and instead called Air Force investigators, who inspected the roof and didn't find anything connecting it to the rocket explosion, the officials said. This week, ten members of Congress sent a four-page letter to several government agencies about the SpaceX explosion, raising the question as to whether or not SpaceX should be leading the investigation. Elon Musk said the investigation into what went wrong is the company's "absolute top priority." He added, "We've eliminated all of the obvious possibilities for what occurred there. So what remains are the less probable answers." SpaceX aims to resume flights in November.

An anonymous reader quotes a report from The Washington Post: The long-running feud between Elon Musk's space company and its fierce competitor United Launch Alliance took a bizarre twist this month when a SpaceX employee visited its facilities at Cape Canaveral, Fla., and asked for access to the roof of one of ULA's buildings. About two weeks earlier, one of SpaceX's rockets blew up on a launchpad while it was awaiting an engine test. As part of the investigation, SpaceX officials had come across something suspicious they wanted to check out, according to three industry officials with knowledge of the episode. SpaceX had still images from video that appeared to show an odd shadow, then a white spot on the roof of a nearby building belonging to ULA, a joint venture between Lockheed Martin and Boeing. The SpaceX representative explained to the ULA officials on site that it was trying to run down all possible leads in what was a cordial, not accusatory, encounter, according to the industry sources, who spoke on the condition of anonymity because of the ongoing investigation. The building, which had been used to refurbish rocket motors known as the SMARF, is just more than a mile away from the launchpad and has a clear line of sight to it. A representative from ULA ultimately denied the SpaceX employee access to the roof and instead called Air Force investigators, who inspected the roof and didn't find anything connecting it to the rocket explosion, the officials said. This week, ten members of Congress sent a four-page letter to several government agencies about the SpaceX explosion, raising the question as to whether or not SpaceX should be leading the investigation. Elon Musk said the investigation into what went wrong is the company's "absolute top priority." He added, "We've eliminated all of the obvious possibilities for what occurred there. So what remains are the less probable answers." SpaceX aims to resume flights in November.

Salesforce is urging the European Union to take a closer look at Microsoft's takeover of LinkedIn as EU regulators ask questions on how the software giant could use AI to exploit data from LinkedIn's professionals. Chief Legal Officer Burke Norton said Salesforce plans to tell European and U.S. antitrust officials it has concerns about the acquisition. From a CNN report:"Microsoft's proposed acquisition of LinkedIn threatens the future of innovation and competition," Burke Norton, chief legal officer at Salesforce, said in a statement. "By gaining ownership of LinkedIn's unique dataset of over 450 million professionals in more than 200 countries, Microsoft will be able to deny competitors access to that data, and in doing so obtain an unfair competitive advantage. [...] We intend to work closely with regulators, lawmakers and other stakeholders to make the case that this merger is anticompetitive," he added. The European Commission is reaching out to multiple companies as part of a review of the pending acquisition. Salesforce's comments came in response to this, according to Chi Hea Cho, a spokeswoman for Salesforce.

Apple removed the headphone jack in the iPhone 7 and iPhone 7 Plus, forcing users to use either Bluetooth, the Lightning port or included Lightning to 3.5mm headphone jack adaptor in order to listen to music through headphones. However, one company took it upon themselves to create an iPhone 7 case with a built-in 3.5mm headphone jack. The company is called Fuze and they recently launched an Indiegogo campaign that promises to bring the audio port back to the iPhone 7. The Next Web reports: To achieve this, the company is taking Apple's Lightning to 3.5mm adapter and building it straight into a case, where you can plug your headphones with "no dongles, no adapters, no problems." In addition to the audio port, the Fuze Case will also serve as a battery pack as it adds 2,400mAh of extra battery life to the iPhone 7 and 3,600mAh to the 7 Plus. It will be available in five different colors including white, black, gold, rose gold and blue. The case is currently available for $49 to "super early bird" backers, but will increase to $59 once more people have chipped in and will eventually sell for $69 in retail. The company expects to start shipping the accessory in December later this year.

itwbennett writes from a report via CSO Online: After Yahoo raised eyebrows in the security community with its claim that state-sponsored hackers were responsible for the history-making breach, security firm InfoArmor now says it has evidence to the contrary. InfoArmor claims to have acquired some of the stolen information as part of its investigation into "Group E," a team of five professional hackers-for-hire believed to be from Eastern Europe. The database that InfoArmor has contains only "millions" of accounts, but it includes the users' login IDs, hashed passwords, mobile phone numbers and zip codes, said Andrew Komarov, InfoArmor's chief intelligence officer. Earlier this week, Chase Cunningham, director of cyber operations at security provider A10 Networks, called Yahoo's claim of state-sponsored actors a convenient, if trumped up, excuse: "If I want to cover my rear end and make it seem like I have plausible deniability, I would say 'nation-state actor' in a heartbeat." "Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations," Scottsdale, Arizona-based InfoArmor said Wednesday in a report. "The Yahoo data leak as well as the other notable exposures, opens the door to significant opportunities for cyber-espionage and targeted attacks to occur."

An anonymous reader quotes a report from TechCrunch: A day after announcing a new artificial intelligence partnership with IBM, Google, Facebook and Amazon, Microsoft is upping the ante within its own walls. The tech giant announced that it is creating a new AI business unit, the Microsoft AI and Research Group, which will be led by Microsoft Research EVP Harry Shum. Shum will oversee 5,000 computer scientists, engineers and others who will all be "focused on the company's AI product efforts," the company said in an announcement. The unit will be working on all aspects of AI and how it will be applied at the company, covering agents, apps, services and infrastructure. Shum has been involved in some of Microsoft's biggest product efforts at the ground level of research, including the development of its Bing search engine, as well as in its efforts in computer vision and graphics: that is a mark of where Microsoft is placing its own priority for AI in the years to come. Important to note that Microsoft Research unit will no longer be its on discrete unit -- it will be combined with this new AI effort. Research had 1,000 people in it also working on areas like quantum computing, and that will now be rolled into the bigger research and development efforts being announced today. Products that will fall under the new unit will include Information Platform, Cortana and Bing, and Ambient Computing and Robotics teams led by David Ku, Derrick Connell and Vijay Mital, respectively. The Microsoft AI and Research Group will encompass AI product engineering, basic and applied research labs, and New Experiences and Technologies (NExT), Microsoft said.

Google announced today the next generation of its smartwatch platform -- Android Wear 2.0 -- won't be seeing the light of day this year. The company says that it will release the final version of Android Wear 2.0 in early 2017. From a TechCrunch report: While Google never talked about a final release date for Wear 2.0, its original schedule called for about 30 weeks of alpha and beta testing, which would have put the release date somewhere around the middle of December. Google, however, now says that it has gotten "tons of great feedback from the developer community about Android Wear 2.0" and that it is "committed to improve and iterate based on them to ensure a great user experience." Because of this, the plan is to continue the preview program into early 2017 at which time the first watches will receive the new version.CNET reported recently that three of the top Android Wear smartwatches maker -- LG, Huawei and Motorola -- had confirmed that they won't be releasing new smartwatches until next year, at least.

You asked, he answered!

Raspberry Pi founder and CEO Eben Upton has responded to questions submitted by Slashdot readers. Read on for his answers. What is the future of manufacturing in the UK?
by thegarbz

The Raspberry Pi is quite famously manufactured in the UK. Is this still a long term strategy or have recent events such as the Brexit and the rise of Pi competitors forced a review of the future of manufacturing in the UK?

EU: We've always said that we build Raspberry Pi in the UK because it makes economic sense, not because we are patriotic. That continues to be the case, and interestingly the short term exchange rate movements following the Brexit vote have made UK manufacturing more competitive, not less. I don't believe we'll see significant tariff barriers to importing Raspberry Pi into mainland Europe from the UK post-Brexit: remember we export successfully to lots of places (US, Japan, China) with whom the EU doesn't have a free trade deal.

Chinese manufacture makes sense if you're building for the Far Eastern market, as many of the board components come from there and it's not necessarily economic to ship parts to the UK and then finished product all the way back. In the case of low-touch products for sale in Europe and North America, serious tier-one manufacturers like Sony can achieve lower total cost. I strongly believe that a lot of companies continue to offshore to China out of a sort of superstitious belief, not because it actually makes sense.

So no, I don't think we will stop manufacturing in the UK any time soon.

Do you feel that...
by Anonymous Coward

the RE'd open source VC4 firmware, once feature complete, will finally quell open source advocates dislike of your claims that the Pi was a 'fully' open source system by allowing them to run their own software at all levels of Pi operation? If so, do you foresee any changes being made by Broadcom in future revisions of the VC4 that will "intentionally" break compatibility with the initialization code or see keyed firmware signing required at some or all levels of the Pi hardware, as has happened on Intel, AMD, and a variety of other ARM SoCs?

EU: Well, first-off: [citation needed]. I don't think that I have ever claimed that the Pi was a fully open-source system: we don't have an ideology here, so we're able to be open in places where it makes sense for the platform and closed in others. That said, the open firmware project, and some of the techniques they've used to figure out what the firmware needs to do, is pretty neat, and it's certainly possible that over time it will approach feature parity with the closed firmware.

We have no intention of introducing signed firmware for the Raspberry Pi. I just can't imagine any reason why that would be a sensible or necessary move.

What do you think about RISC-V?
by gr8_phk What do you think about RISC-V?

EU: RISC-V is an interesting project, though I do struggle to see the value in introducing yet another instruction set architecture: any gains from better ISA design are likely to be marginal, and it feels like people undervalue the tools support that comes with established architectures like ARM and x86. High performance implementations of different ISAs tend to feel very similar at the back end in any case, once they've translated architectural instructions to micro-ops and mapped architectural registers to a larger pool of hardware registers using renaming.

The profusion of microarchitectures implementing the RISC-V ISA feel like the real contribution: BOOM is particularly nice. On some level I wish people were devoting their efforts to more well established ISAs which have good tool support and are old enough to be out of patent coverage.

I found these articles, which set out the case for open and proprietary ISAs respectively, quite informative:
http://www.linleygroup.com/mpr/article.php?id=11267
http://www.linleygroup.com/mpr/article.php?id=11268

Future of Raspberry Pi Zero?
by Yvan256

Will each form factor get updated over time? I'm talking about the A+ and especially the Zero.

EU: Yes. We're planning to bring a Model 3A to market in the near future. This will bring BCM2837 and wireless to the Model A+ form factor.
Zero is trickier, as we're reliant on PoP memory to hit the small, single-sided form factor, and the successor devices are all regular BGAs with discrete DRAM. We can't even bump to 1GB of RAM as the memory controller upgrade that introduced support for >512MB was part of the BCM2836 program. Perhaps in a couple of years if it continues to do well we could justify a chip spin to bring a more modern ARM core to the platform.

Will the Pi Zero ever be freely available?
by queazocotal

Currently, vendors are having to limit availability due to supply shortage. Is it intended that this will not be the case in the future, or is the foundation concentrating on other things?

EU: Right now we're concentrating on ramping Zero production, which is only just about keeping pace even with rationing, and making Zero available in one-off from a wider range of vendors in a wider range of countries. At the moment, people outside the UK and US need to pay overseas shipping, which rather undermines the $5 price point. My hope is that by the first quarter of next year we'll have in-country distribution in several other European countries, and maybe Australia and Japan. I'd also like to see more availability in bricks and mortars outlets: currently only Micro Center do this.

What would you have done differently?
by Camembert

I much admire the Raspberry Pi project, philosophy and products. With the luxury of perfect hindsight, what would you have done differently if you could go back in time?

EU: I guess I wish we had launched maybe a year earlier: we certainly had the BCM2835 silicon a year earlier. We might have ended up launching with only 128 MB of RAM, but we'd be one year further along the adoption curve now. In the opposite direction, I wish we'd taped BCM2835 out a little later, or had the opportunity to spin the core early on, replacing the ARM11 with the equivalent area Cortex-A5 to get ARMv7 support from day one.

I wish we'd brought the B+ form factor to market earlier. It certainly was not ideal that that product had only six months in the market as the lead product. That said, I think we learned a lot from the two-and-a-bit years that the Model B was in the market, and James (who designed the B+) was busy working on BCM2836 for much of the previous year, so we'd have had to make sacrifices to free up his time.

Finally, I shouldn't have spent so much time and money pushing water uphill with a custom version of the Epiphany web browser. It was obvious well before we abandoned it that this project wasn't going anywhere, but the sunk cost fallacy got me. We're now standardizing on Chromium plus some light-touch video-acceleration patches, which we should have done immediately after the Raspberry Pi 2 release.

Pi with an SO-DIMM Slot? SATA connectors? GigE?
by Mysticalfruit

Thank you for creating a such an awesome and useful little computer. I've used Pi's to do everything from automatically watering my xmas tree to teaching a fourth grade class basic electronics to doing remote backups of my data (with a pi in my house and one far away at my buddies). That last operation suffers greatly from the lack of RAM resources on a raspberry pi. My "pi" in the sky remote backup node has an SO-DIMM slot on the back I could stick a 8 or 16GB so-dimm in. 1-4 SATA ports so I write faster and a gigE ethernet interface. I understand that you're under financial pressures to keep the cost down, but I see a real market for a Pi 3+.

EU: We're aware that memory capacity and non-multimedia connectivity are probably next in line for an upgrade. There are challenges fitting this feature set into the $35 price point (and we're very committed to maintaining that). Doing this would require a ground-up redesign of the SoC, as it isn't feasible to retrofit those features to BCM283x, so we're talking at least two or three years.

SO-DIMM memory is an interesting concept, but would require a new form factor, and possibly a more sophisticated (and costly) DRAM PHY to drive the extra capacitive load.

Pi with an SO-DIMM Slot? SATA connectors? GigE?
by Coren22

Kind of along the same lines; is there any thought to moving to a USB-C (USB 3.1) connection? This would allow running USB, power, network, and video over a single port, which would ultimately reduce costs. I expect the main problem is the bus speed, and costs of the controller chips involved with USB-C.

EU: It's likely that the next Raspberry Pi will use USB-C upstream for power. Right now, at 12.5W, we're at the limit of what we can deliver through the USB micro-B connector; although we can't dissipate significantly more on the board, this is a limiting factor in terms of what we can deliver to downstream devices. USB-C would immediately allow us to bring an additional 2.5W into the board. As for downstream USB-C (and really by implication USB3.x) that's another thing that would need to wait for a future SoC.

Raspberry Pi 4
by linuxguy

I own all of the major Raspberry Pi hardware versions that have been released. I love them all. I only have one wish. Faster I/O. Will the next hardware release address this? USB 3.0, 1Gbps NIC, faster SD card interface. Any one of these upgrades would be great. All of them? Would be awesome!

EU:See above. We know these are things people want, and I'm sure we'll address them in the future, but it's a long road to get a suitable silicon platform that integrates these features, and it's not feasible to retrofit them with external components given our level of cost sensitivity.

We do have a neat software hack for higher SD card performance that we hope to roll out in the near future.

Any plans for 4GB = RTC?
by UnknownSoldier

Some of us are still waiting for a low-cost 4 GB + 4 Core embedded device with a Real-Time-Clock. Are there any plans to support anything like that in the (near) future?

EU: I think the challenge here is fitting that much memory into a reasonable target price and form factor. You're talking on the order of $15-20 of DDR3L even at spot prices, and 8 PCB placements, so it's unlikely to happen at the $35 target price and credit-card form factor in the near future. 2GB might be feasible in a few years' time; between now and then you'll see us investing a lot of software work in getting the most out of the 1GB we have on Raspberry Pi 3.

An RTC is a tempting addition, but the majority of our users don't need one, so we'd be burdening these users with unnecessary cost for the sake of the minority who do. We prefer to leave it to third parties to create cheap RTC add-on boards.

most interesting usage?
by rkhalloran

The Pi was designed as a cheap-as-chips (pun unintended) computer for classroom education. Obviously, since then it's been put to a myriad of other uses. Which of these have struck you as the "best" or most unexpected usage outside the classroom?

EU: Well, I'm a space cadet, so the various space (or near-space) applications stand out: Dave Akerman's high-altitude balloon flights, our Astro Pi work with Tim Peake on the ISS (technically a classroom, but a rather unusual one), and various telescope projects. People using the Pi to build scientific instruments (microscopes, seismic detectors, meteor trackers, and recently a commercial DNA analyzer) are always fun.

Probably my all-time favorite is the RACHEL project, which bundles a bunch of free educational and utility content (Wikipedia, Project Gutenberg etc.) onto an SD card and serves it via WiFi to people in the developing world who are beyond the current reach of the internet. It's easy to say that Project Loon, or internet.org, or simply the steady roll-out of conventional broadband access will make it obsolete in the near future, but these things always take longer than we imagine.

In the meantime, World Possible are bringing some of the benefits of the internet to people who might otherwise still be waiting in 2040. Go donate!

Low power display
by Nukenbar

What are the challenges in bringing a lower power display (e-ink or otherwise) to market?

EU: For me the number one challenge is finding a commercial-scale, quality supplier of e-ink displays on a non-glass substrate. This should help both with cost and robustness, which are key for my imagined target market (solar powered solid-state computers in the developing world). Without a substrate breakthrough, e-ink doesn't feel compelling (pluses: power consumption, sunlight readability; minuses: refresh speed, color; neutral: cost, robustness).

I had high hopes for Plastic Logic in Cambridge, but this seems not to be happening.

Plans for non usb based networking?
by Joe_Dragon

Plans for non usb based networking?

EU: Not at present. I think this is something that will need to wait for a future SoC with a ground-up redesign, either to add on-board GigE, or some other fast interface (PCIe, USB 3.x) which could be cheaply and efficiently bridged to GigE.

For a lot of use cases Fast Ethernet over USB 2.0 is actually a great solution. Every time Raspberry Pi gets mentioned on Slashdot, someone pops up in the comments to explain that USB dooms us to unstable networking, but I've never seen any evidence that this is actually a thing (even back in 2012 before Jonathan fixed our USB driver issues, and even when serving our website off a Raspberry Pi 3 cluster for this year's April Fools' Day). Superstition is a funny thing.

The NAS use case does generally need faster networking, but then you also need a fast mass-storage interface (SATA, NVMe or USB 3.x again).

The size
by Arakun

Did you target the credit card size from the get-go or was it more of a happy coincidence that the Pi ended up that size?

EU: We targeted the credit card size form factor from day one. Of course if you measure a Raspberry Pi against a credit card you'll see that we didn't quite hit it in either X or Y (and I would say Z ranks as a significant miss). On the flip side we did hit a nice multiple of the Lego basis unit size: that really was a happy coincidence.

Power consumption
by Arakun

To what extent do you take power consumption into account when designing new models -- should we expect new models to continue to use more power as they get more powerful or do you plan to try to keep them below a certain level?

EU: I think we've pretty much hit the limit in terms of how much power we can dissipate on the board. I'm reluctant to add a heat sink, and certainly not active cooling. This sort of implies that we're going to need to change to a SoC on a smaller (and therefore more power-efficient) process node to get more performance. The time impact of that is one of the reasons why I say that Raspberry Pi 3 is likely to have a much longer lifetime in the market than Raspberry Pi 2 did.

OLPC-PI like?
by Camembert

Since the Pi products make computing accessible for most everyone, would it be worthwhile to develop an all-in-one Pi like the One Laptop Per Child concept?

EU:It's tempting, but there's a massive increase in engineering and business complexity associated with building a laptop versus building a Raspberry Pi. You need to know about batteries, keyboards, trackpads, hinges and display panels, and each of those needs to be sourced in a cost-effective manner, designed in, and quality controlled (batteries in particular scare the crap out of me).

I think for the time being we'll leave this to the ecosystem. Pi Top, particularly their CEED product, and some of the efforts to build HDMI-connected "docks" are worth a look.

Storage options
by Anonymous Coward

A lot of Pi users such as myself have experienced bricked SD cards after running a Pi continuously for weeks or months. SD cards, even premium ones, are not terribly robust when used to store a root file system that experiences lots of small writes. Disabling logging helps by reducing the number of writes to the card, but isn't a good solution if you need logs. Have you looked at any alternative storage options for the root file system?

EU:We do now support booting directly from USB mass storage without an SD card on Raspberry Pi 3, and on earlier models you could always load the firmware and kernel from SD but keep the root filesystem on USB. This gives you the choice of USB pen drives (not really superior to good-quality SD from a write endurance perspective but with somewhat better bandwidth), and rotating-media or solid-state drives. Western Digital have supported us with some nice cost-effective single-platter HDDs.

An NFS mounted root filesystem is a good solution for some users: quite a lot of people at Pi Towers do this. Gordon recently added PXE boot support on Raspberry Pi 3, so this is another thing that can be made to work without an SD card.

What do you yourself use Raspberry Pis for?
by Arakun

Do you yourself use Raspberry Pis in your daily life and if so what for?

EU:One of the sad things for me is that even now I don't really get time to do proper creative stuff with this toy that I've been involved in creating. I do use a Raspberry Pi 3 with Kodi as a media center, and very early on I started using them as an alternative to spinning up a VM on my Windows gaming PC each time I need a local Unix box to hack on: my broadband gateway has ended up with a museum of Raspberry Pi hardware dangling off it on tiny patch cables.

I still hope that one day I'll have a chance to do some serious hardware hacking with a Pi. Maybe next year...

Growing multiple successful tech ventures
by raymorris

You've founded multiple successful ventures related to technology. While many entrepreneurs may manage to pay their own bills working out of their garage to "own their job," you've had success beyond that, more than once. What do you think is the biggest reason your projects have been much more successful than the typical entrepreneurial venture which never grows beyond just a few people?

EU:Each time, it's been a case of good people, good luck and being in the right place at the right time.

With Ideaworks we happened to be there with some pluginless (Java and Flash) 3d tech at just the point where Intel were looking for processor-intensive use cases to promote the Pentium 3. We took the money from that, hired the nucleus of a great team, and were probably the first people to realize that cross-platform portability was going to be the big challenge in native mobile game development. If anything we were a bit too early, and the challenge was staying alive while we waited for the market to mature.

Podfun was actually precisely the sort of non-scaling business you talk about. In Cambridge these get called "lifestyle businesses," perhaps with a little condescension, but it paid a few of us good money for a while, and I had the chance to travel to interesting places (notably India) and meet interesting people.

And then Raspberry Pi just tapped into this latent demand for something cost effective and robust that people could hack on. Pete's original Model B hardware, with Dom and Gray's firmware and board support, sold enough to let us start hiring a team, and we bootstrapped our way up with more and better hardware, a more stable and standard software environment, and so on.

I still don't know anything about raising VC money and running a conventional "high growth" company: I'm much more comfortable hiring slowly, growing organically, and keeping the quality of the team insanely high. I met a guy the other day running a London-based mid-stage startup who is hiring two or three engineers a week, and I'm just like "how?" How do you grow that fast and not end up letting the suck in?

Add-on Syndrome
by jo7hs2

Any thoughts on how to address the "add-on syndrome" that plagues SBCs like the Pi products? As in the board is $35, but then after a power supply, case, SD card, wifi (if not equipped), USB hub, etc... you hit around $80-100. It makes it hard to run multiple projects at once, plus the quality of packaged hardware from retailers is often questionable at best.

EU:Steady integration of features onto the board helps: from your list we integrated WiFi onto Raspberry Pi 3, and we've had four USB ports for a couple of years now so you only need a hub if you want to attach a large number of devices, or use several high-power-consumption ones.

The credibility of the $35 price point is important to us, and the goal was always to allow very cost-sensitive users (e.g. kids) to scrounge up a bare set of add-ons at very low cost: this is why we used USB and micro SD for power and storage, and made sure the device was safe to use without a case.

For less cost-sensitive customers who want a reliable pre-configured kit, we've done a lot of work to try to drive cost down and quality up. This is why you've seen us do an official case, official PSU and branded SD card. We make a little money on the case to recover the cost of the injection mold tooling, but not on the PSU or SD card: they exist purely to try to flush out the low-quality ones you see in some kits, particularly on eBay. For $60 you can get a Raspberry Pi 3, and the complete set of official add-ons.

Pi Desktop
by ShakaUVM

Hi Eben, I teach classes using the Raspberry Pi 2 (soon to be switching to 3, I hope) in a variety of contexts, such as with students wanting to learn ARM assembly and to K-12 teachers who want to do physical computing in their science classrooms. It feels to me like the RPi is focused a little too much on Python and Scratch. I understand that it's called the Pi because of Python, but ARM assembly is my favorite assembly language, and bare metal assembly in particular is just a really natural fit for physical computing due to how easy it is to turn GPIO pins on and off. But the lack of documentation for the newer Broadcom SoCs has made it difficult for my students to write bare metal projects. So this leads to my question for you: are there any plans on rolling out better documentation / support / code examples for assembly on the RPi 2 and 3? Despite this sounding like grousing, I would like to assure you that I love everything you've done with the Raspberry Pi and the notion of physical computing in general. Everyone who takes an assembly class or science technology workshop with me this year will get a free RPI3 and a bunch of sensors, wires, and motors to do hands-on, open ended projects. And I've been doing this for a while and it works really well. Thanks again for all of your vision and tireless effort you've spent in this arena.

EU:Well, first off, thank you for using Raspberry Pi in your classes. People forget that the work we do ourselves is dwarfed by the work the community does on top of the platform.

If there are specific things that we've not documented well then please let us know via the contact address on the website: I'm aware that some of the "ARM local" peripherals (timers, mailboxes, interrupt routing) mapped above 0x40000000 that we added between BCM2835 and BCM2836/7 aren't as well documented as the rest of the system (for which the venerable "BCM2835 Peripheral Specification" PDF remains valid). Although a bunch of people have figured it out from our Linux kernel sources, we should probably do something about that.

One of the most-grumbled-about aspects of the Pi -- the closed VideoCore firmware -- actually makes it a very benign environment for bare-metal programming, because the ARM comes out of reset with the SDRAM and video system up and running and your code pre-loaded at address zero. Imperial College do a fantastic bare-metal competition for their first year students each year, that James and Gordon have been involved in judging. The bare-metal Starfox clone with ARM software rasterization is an all-time favorite.

Your move from software to chip design
by ralph.corderoy

How did your move from software to chip design of a graphics processor (that had an ARM added on to become the Pi) come about? Do you think more coders, especially those adept at assembler, should cross the bridge to Verilog and VHDL?

EU:I joined Broadcom as a software engineer, but was lucky to be part of a team that let enthusiastic amateurs like me hack on the chip Verilog. If you came up with something promising you could get it code reviewed by someone who actually knew what they were doing, have the rough edges knocked off, and see it taped out. This is really unusual in the industry, and was an artifact of the small integrated teams that we used to put together the various bits of IP that make up VideoCore.

Most of my contributions were at the higher level (instruction set architecture and outline microarchitecture for the VideoCore IV QPUs, deferred vertex shading, the general approach to the system level on VideoCore V etc), but there are some nice little low level bits in there (8x8 intra mode selection in the video encoder, the polygon clipper state machine, the SDRAM controller ECO for 1GB support on BCM2836) with my fingerprints on them.

I think it's a worthwhile set of skills to have as a software engineer, because it gives you some more appreciation for the tradeoffs that underpin your work. The best advice is to find a small, talented team doing chips or IP, be prepared to get your hands dirty and learn from the guys who've been doing this for decades.

An anonymous reader quotes a report from Politico: The FBI concluded that a computer technician working on Clinton's email was not engaged in an illicit cover-up when he asked on the Reddit website for a tool that could delete a "VIP" email address throughout a large file, FBI Director James Comey said Wednesday. Republican lawmakers have suggested that the July 2014 Reddit post from a user believed to be Platte River Networks specialist Paul Combetta showed an effort to hide Clinton's emails from investigators. However, at a House Judiciary Committee hearing Wednesday, Comey said FBI agents concluded that all the computer aide was trying to do was replace Clinton's email address so it wouldn't be revealed to the public. "Our team concluded that what he was trying to do was when they produced emails not have the actual address but have some name or placeholder instead of the actual dot-com address in the 'From:' line," Comey said. Comey said he wasn't sure whether the FBI knew about the Reddit posting when prosecutors granted Combetta immunity to get statements from him about what transpired. However, he added that such a deletion wouldn't automatically be considered an effort to destroy evidence. "Not necessarily ... It would depend what his intention was and why he wanted to do it," the FBI director said.

According to a report from The Wall Street Journal (Warining: may be paywalled), U.S. officials are all but certain that the hacker Guccifer 2.0, who hacked the Democratic National Committee in June, is connected to a network of individuals and groups who are being shielded by the Russian government to mask its involvement in cyberintrusions. Even though the hacker denies working for the Russian government, the hacker is thought to be working with the hacking groups Fancy Bear and Cozy Bear, which have ties to the Russian government. The Wall Street Journal reports: Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites -- WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0 -- have posted batches of stolen data at least 42 times from April to last week. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers. Guccifer 2.0 said in a Twitter direct message sent to The Wall Street Journal that he wants to expose corruption in politics and shine light on how companies influence policy. The hacker said he also hopes to expose "global electronization." "I think I won't have a better opportunity to promote my ideas than this year," Guccifer 2.0 added in a long exchange with a Journal reporter. The Journal cannot verify the identity of the person sending messages on behalf of Guccifer 2.0, but the account is the same one that was used to publish personal information about Democrats. A posting on a blog run by Guccifer 2.0 says he is a man who was born in Eastern Europe, has been a hacker for years and fears for his safety. "I think u've never felt that feeling when u r crazy eager to shout: look everyone, this is me, this is me who'd done it," the hacker wrote to the Journal. "but u can't." WikiLeaks officials didn't respond to requests for comment on whether Russia fed them the stolen files published by WikiLeaks in July. A representative for DCLeaks.com asked the Journal to submit questions via email but hasn't responded to them. Last week, U.S. intelligence chielf James Clapper said it "shouldn't come as a big shock to people" that Russia is behind the hacking operation. While Russia has tried to interfere in U.S. elections since at least the 1960s by spying and funneling money to particular political groups, "I think it's more dramatic maybe because now they have the cyber tools," he said.

According to a report from The Wall Street Journal (Warining: may be paywalled), U.S. officials are all but certain that the hacker Guccifer 2.0, who hacked the Democratic National Committee in June, is connected to a network of individuals and groups who are being shielded by the Russian government to mask its involvement in cyberintrusions. Even though the hacker denies working for the Russian government, the hacker is thought to be working with the hacking groups Fancy Bear and Cozy Bear, which have ties to the Russian government. The Wall Street Journal reports: Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites -- WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0 -- have posted batches of stolen data at least 42 times from April to last week. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers. Guccifer 2.0 said in a Twitter direct message sent to The Wall Street Journal that he wants to expose corruption in politics and shine light on how companies influence policy. The hacker said he also hopes to expose "global electronization." "I think I won't have a better opportunity to promote my ideas than this year," Guccifer 2.0 added in a long exchange with a Journal reporter. The Journal cannot verify the identity of the person sending messages on behalf of Guccifer 2.0, but the account is the same one that was used to publish personal information about Democrats. A posting on a blog run by Guccifer 2.0 says he is a man who was born in Eastern Europe, has been a hacker for years and fears for his safety. "I think u've never felt that feeling when u r crazy eager to shout: look everyone, this is me, this is me who'd done it," the hacker wrote to the Journal. "but u can't." WikiLeaks officials didn't respond to requests for comment on whether Russia fed them the stolen files published by WikiLeaks in July. A representative for DCLeaks.com asked the Journal to submit questions via email but hasn't responded to them. Last week, U.S. intelligence chielf James Clapper said it "shouldn't come as a big shock to people" that Russia is behind the hacking operation. While Russia has tried to interfere in U.S. elections since at least the 1960s by spying and funneling money to particular political groups, "I think it's more dramatic maybe because now they have the cyber tools," he said.

According to a report from The Wall Street Journal (Warining: may be paywalled), U.S. officials are all but certain that the hacker Guccifer 2.0, who hacked the Democratic National Committee in June, is connected to a network of individuals and groups who are being shielded by the Russian government to mask its involvement in cyberintrusions. Even though the hacker denies working for the Russian government, the hacker is thought to be working with the hacking groups Fancy Bear and Cozy Bear, which have ties to the Russian government. The Wall Street Journal reports: Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites -- WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0 -- have posted batches of stolen data at least 42 times from April to last week. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers. Guccifer 2.0 said in a Twitter direct message sent to The Wall Street Journal that he wants to expose corruption in politics and shine light on how companies influence policy. The hacker said he also hopes to expose "global electronization." "I think I won't have a better opportunity to promote my ideas than this year," Guccifer 2.0 added in a long exchange with a Journal reporter. The Journal cannot verify the identity of the person sending messages on behalf of Guccifer 2.0, but the account is the same one that was used to publish personal information about Democrats. A posting on a blog run by Guccifer 2.0 says he is a man who was born in Eastern Europe, has been a hacker for years and fears for his safety. "I think u've never felt that feeling when u r crazy eager to shout: look everyone, this is me, this is me who'd done it," the hacker wrote to the Journal. "but u can't." WikiLeaks officials didn't respond to requests for comment on whether Russia fed them the stolen files published by WikiLeaks in July. A representative for DCLeaks.com asked the Journal to submit questions via email but hasn't responded to them. Last week, U.S. intelligence chielf James Clapper said it "shouldn't come as a big shock to people" that Russia is behind the hacking operation. While Russia has tried to interfere in U.S. elections since at least the 1960s by spying and funneling money to particular political groups, "I think it's more dramatic maybe because now they have the cyber tools," he said.

According to a report from The Wall Street Journal (Warining: may be paywalled), U.S. officials are all but certain that the hacker Guccifer 2.0, who hacked the Democratic National Committee in June, is connected to a network of individuals and groups who are being shielded by the Russian government to mask its involvement in cyberintrusions. Even though the hacker denies working for the Russian government, the hacker is thought to be working with the hacking groups Fancy Bear and Cozy Bear, which have ties to the Russian government. The Wall Street Journal reports: Following successful breaches, the stolen data are apparently transferred to three different websites for publication, these people say. The websites -- WikiLeaks, DCLeaks.com and a blog run by Guccifer 2.0 -- have posted batches of stolen data at least 42 times from April to last week. Cybersecurity experts believe that DCLeaks.com and Guccifer 2.0 often work together and have direct ties to Russian hackers. Guccifer 2.0 said in a Twitter direct message sent to The Wall Street Journal that he wants to expose corruption in politics and shine light on how companies influence policy. The hacker said he also hopes to expose "global electronization." "I think I won't have a better opportunity to promote my ideas than this year," Guccifer 2.0 added in a long exchange with a Journal reporter. The Journal cannot verify the identity of the person sending messages on behalf of Guccifer 2.0, but the account is the same one that was used to publish personal information about Democrats. A posting on a blog run by Guccifer 2.0 says he is a man who was born in Eastern Europe, has been a hacker for years and fears for his safety. "I think u've never felt that feeling when u r crazy eager to shout: look everyone, this is me, this is me who'd done it," the hacker wrote to the Journal. "but u can't." WikiLeaks officials didn't respond to requests for comment on whether Russia fed them the stolen files published by WikiLeaks in July. A representative for DCLeaks.com asked the Journal to submit questions via email but hasn't responded to them. Last week, U.S. intelligence chielf James Clapper said it "shouldn't come as a big shock to people" that Russia is behind the hacking operation. While Russia has tried to interfere in U.S. elections since at least the 1960s by spying and funneling money to particular political groups, "I think it's more dramatic maybe because now they have the cyber tools," he said.

Soon after the Electronic Frontier Foundation (EFF) issued a letter to HP, calling for them to apologize to customers for releasing firmware that prevents the use of non-HP ink cartridges and refilled HP cartridges, the company has responded with a temporary solution. HP "will issue an optional firmware update that will remove the dynamic security feature" for certain OfficeJet printers. Ars Technica reports: HP made its announcement in a blog post titled "Dedicated to the best printing experience." "We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP," the company said. The recent firmware update for HP OfficeJet Pro, and OfficeJet Pro X printers "included a dynamic security feature that prevented some untested third-party cartridges that use cloned security chips from working, even if they had previously functioned," HP said. For customers who don't wish to be protected from the ability to buy less expensive ink cartridges, HP said it "will issue an optional firmware update that will remove the dynamic security feature. We expect the update to be ready within two weeks and will provide details here." This customer-friendly move may just be a one-time thing. HP said it will continue to use security features that "protect our IP including authentication methods that may prevent some third-party supplies from working." Without the optional firmware update, printers will only be able to use third-party ink cartridges that have an "original HP security chip," the company said.

Soon after the Electronic Frontier Foundation (EFF) issued a letter to HP, calling for them to apologize to customers for releasing firmware that prevents the use of non-HP ink cartridges and refilled HP cartridges, the company has responded with a temporary solution. HP "will issue an optional firmware update that will remove the dynamic security feature" for certain OfficeJet printers. Ars Technica reports: HP made its announcement in a blog post titled "Dedicated to the best printing experience." "We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP," the company said. The recent firmware update for HP OfficeJet Pro, and OfficeJet Pro X printers "included a dynamic security feature that prevented some untested third-party cartridges that use cloned security chips from working, even if they had previously functioned," HP said. For customers who don't wish to be protected from the ability to buy less expensive ink cartridges, HP said it "will issue an optional firmware update that will remove the dynamic security feature. We expect the update to be ready within two weeks and will provide details here." This customer-friendly move may just be a one-time thing. HP said it will continue to use security features that "protect our IP including authentication methods that may prevent some third-party supplies from working." Without the optional firmware update, printers will only be able to use third-party ink cartridges that have an "original HP security chip," the company said.

No Man's Sky is one of the most talked about games this year. The game sees the protagonist explore the space and experience uncertain places. But its controversial promotional material may also have played an instrumental role in making the title a sleeper-hit success. Polygon reports: No Man's Sky's promotional material has come under fire since launch, and it's now the subject of an ongoing investigation. The U.K.-based Advertising Standards Authority (ASA) confirmed to Polygon that it's received "several complaints about No Man's Sky's advertising," which angry customers have criticized as misleading. "I can confirm we have received several complaints about No Man's Sky advertising and we have launched an investigation," the ASA told Polygon. A representative for the ASA declined to comment on the particulars of the investigation, but a thread on the No Man Sky's subreddit details some of the most prominent issues Steam users have with the game's store page, which they passed on to the organization. Screens and video on Steam suggest a different type of combat, unique buildings, "ship flying behaviour" and creature sizes than what's found in the actual game itself. The store page overall has also been criticized for showing No Man's Sky with higher quality graphics than can be attained in-game.

If it wasn't already enough that the mega breach at Yahoo affects over 500 million users, a new investigative report on The New York Times states the extent to which Yahoo didn't care about its users' security (Editor's note: the link could be paywalled; alternate source). The report says Yahoo CEO Marissa Mayer refused to fund security initiatives at the company, and instead invested money in features and new products. Despite Edward Snowden warning Yahoo that it was too easy of a target for hackers, the company took one year to hire a new chief information officer. The company hired Alex Stamos, who is widely respected in the industry. But Stamos soon left partly due to clashes with Mayer, The Times adds. And it gets worse. From the report:But when it came time to commit meaningful dollars to improve Yahoo's security infrastructure, Ms. Mayer repeatedly clashed with Mr. Stamos, according to the current and former employees. She denied Yahoo's security team financial resources and put off proactive security defenses, including intrusion-detection mechanisms for Yahoo's production systems. [...] But during his tenure, Ms. Mayer also rejected the most basic security measure of all: an automatic reset of all user passwords, a step security experts consider standard after a breach. Employees say the move was rejected by Ms. Mayer's team for fear that even something as simple as a password change would drive Yahoo's shrinking email users to other services.

At a conference yesterday, Elon Musk outlined his company SpaceX's plan to send humans to Mars. The vehicle is called the Interplanetary Transport System and it is capable of carrying 100 tons of cargo (people and supplies). Musk added that this rocket ship could take people to Mars in just 80 days. But he also reminded that the first batch of people who are brave enough to go to Mars should be well aware that they are almost certainly going to die. The Verge adds:During the Q&A session that followed, the question inevitably came up: what sort of person does Musk think will volunteer to get strapped to that big rocket and fired toward the Red Planet? "Who should these people be, carrying the light of humanity to Mars for all of us?" an audience member asked. "I think the first journeys to Mars will be really very dangerous," answered Musk. "The risk of fatality will be high. There's just no way around it." The journey itself would take around 80 days, according to the plan and ideas that Musk put forward. "Are you prepared to die? If that's okay, then you're a candidate for going," he added. But Musk didn't want to get stuck talking about the risks and immense danger. "This is less about who goes there first... the thing that really matters is making a self-sustaining civilization on Mars as fast as possible. This is different than Apollo. This is really about minimizing existential risk and having a tremendous sense of adventure," he said.

At a conference yesterday, Elon Musk outlined his company SpaceX's plan to send humans to Mars. The vehicle is called the Interplanetary Transport System and it is capable of carrying 100 tons of cargo (people and supplies). Musk added that this rocket ship could take people to Mars in just 80 days. But he also reminded that the first batch of people who are brave enough to go to Mars should be well aware that they are almost certainly going to die. The Verge adds:During the Q&A session that followed, the question inevitably came up: what sort of person does Musk think will volunteer to get strapped to that big rocket and fired toward the Red Planet? "Who should these people be, carrying the light of humanity to Mars for all of us?" an audience member asked. "I think the first journeys to Mars will be really very dangerous," answered Musk. "The risk of fatality will be high. There's just no way around it." The journey itself would take around 80 days, according to the plan and ideas that Musk put forward. "Are you prepared to die? If that's okay, then you're a candidate for going," he added. But Musk didn't want to get stuck talking about the risks and immense danger. "This is less about who goes there first... the thing that really matters is making a self-sustaining civilization on Mars as fast as possible. This is different than Apollo. This is really about minimizing existential risk and having a tremendous sense of adventure," he said.

It didn't take long for DJI to respond to GoPro's voice-controlled Karma drone. Today, the company has unveiled the Mavic Pro, an ultra-portable drone that can fold up into roughly the "size of a standard water bottle," DJI says. Of course, it also features a high-resolution camera and several autonomous software tricks. PetaPixel reports: Despite its petite form factor, the drone packs a punch: there's a 4K camera on the front, a visual navigation system, a 4.3-mile (7km) range, and a 27-minute flight time. By comparison, the Karma has a range of 0.62 miles (1km) and a flight time of 20 minutes. The Mavic Pro can be operated with a remote controller for long-range uses, or simply with your smartphone if you're not planning to fly it far. For the latter, the drone can go from folded up to in flight in less than a minute. In the Mavic Pro is a new FlightAutonomy system, which uses 5 cameras, GPS and GLONASS navigation, 2 ultrasonic rangefinders, redundant sensors, and 24 computing cores to serve as the drone's "brain and nervous system." Using FlightAutonomy, the Mavic Pro can follow positions and routes while avoiding obstacles at 22mph (36kph), allowing you to create advanced flights with minimal input and flying skills. What's more, the drone can even be controlled with your physical gestures, making it easy to shoot an aerial selfie if you so desire. A new compact remote controller has been designed for the Mavic Pro, and it features an LCD screen with essential data, dedicated buttons (e.g. Return-to-Home, Intelligent Flight pause), and a OcuSync video link system that provides live view at 1080p resolution. DJI is also announcing DJI Goggles to go along with the Mavic Pro. Wearing the goggles allows you to fly the drone with an immersive 85-degree view in full 1080p, viewing the world through the eyes of the drone. The DJI Mavic Pro will be available starting October 15th, 2016, with a price tag of $749 for just the drone and $999 with a remote controller bundled in. The DJI Mavic introduction video can be viewed here.

An anonymous reader quotes a report from The Verge: Today, SpaceX CEO Elon Musk unveiled the Mars vehicle -- the spaceship his company plans to build to transport the first colonists to Mars. It will have a diameter of 17 meters. The plan is to send about 100 people per trip, though Musk wants to ultimately take 200 or more per flight to make the cost cheaper per person. The trip can take as little as 80 days or as many as 150 depending on the year. The hope is that the transport time will be only 30 days "in the more distant future." The rocket booster will have a diameter of 12 meters and the stack height will be 122 meters. The spaceship should hold a cargo of up to 450 tons depending on how many refills can be done with the tanker. As rumored, the Mars vehicle will be reusable and the spaceship will refuel in orbit. The trip will work like this: First, the spaceship will launch out of Pad 39A, which is under development right now at the Kennedy Space Center at Cape Canaveral, Florida. At liftoff, the booster will have 127,800 kilonewtons of thrust, or 28,730,000 pounds of thrust. Then, the spaceship and booster separate. The spaceship heads to orbit, while the booster heads back to Earth, coming back within about 20 minutes. Back on Earth, the booster lands on a launch mount and a propellant tanker is loaded onto the booster. The entire unit -- now filled with fuel -- lifts off again. It joins with the spaceship, which is then refueled in orbit. The propellant tankers will go up anywhere from three to five times to fill the tanks of the spaceship. The spaceship finally departs for Mars. To make the trip more attractive for its crew members, Musk promises that it'll be "really fun" with zero-G games, movies, cabins, games, a restaurant. Once it reaches Mars, the vehicle will land on the surface, using its rocket engines to lower itself gently down to the ground. The spaceship's passengers will use the vehicle, as well as cargo and hardware that's already been shipped over to Mars, to set up a long-term colony. At the rate of 20 to 50 total Mars trips, it will take anywhere from 40 to 100 years to achieve a fully self-sustaining civilization with one million people on Mars, says Musk.

In what may be part of the original Democratic National Committee hack, the FBI is currently investigating a possible hack involving the cell phones of a small number of Democratic Party staffers. CNN reports: The development comes on the same day Homeland Security Secretary Jeh Johnson told lawmakers that 18 states have asked for help in warding off cyberattacks on their electronic voting systems. Law enforcement officials have reached out to the staffers individually about "imaging" their phones to search for evidence of hacking, such as malware. Investigators are still probing whether this attempted hack is part of the original breach of Democratic National Committee emails -- which is widely thought to be the work of the Russian government -- or a new hacking attempt. "Our struggle with the Russian hackers that we announced in June is ongoing -- as we knew it would be -- and we are choosing not to provide general updates unless personal data or other sensitive information has been accessed or stolen," interim DNC Chairwoman Donna Brazile told CNN. Cybersecurity was a major theme at the debate last night between Republican nominee Donald Trump and Democratic nominee Hillary Clinton. While Clinton blamed the Russians for the "election-related cyberintrusions," Trump said "It could be Russia, but it could also be China. It could also be lots of other people. It could also be somebody sitting on their bed that weighs 400 pounds." We will update this story as it develops.

In what may be part of the original Democratic National Committee hack, the FBI is currently investigating a possible hack involving the cell phones of a small number of Democratic Party staffers. CNN reports: The development comes on the same day Homeland Security Secretary Jeh Johnson told lawmakers that 18 states have asked for help in warding off cyberattacks on their electronic voting systems. Law enforcement officials have reached out to the staffers individually about "imaging" their phones to search for evidence of hacking, such as malware. Investigators are still probing whether this attempted hack is part of the original breach of Democratic National Committee emails -- which is widely thought to be the work of the Russian government -- or a new hacking attempt. "Our struggle with the Russian hackers that we announced in June is ongoing -- as we knew it would be -- and we are choosing not to provide general updates unless personal data or other sensitive information has been accessed or stolen," interim DNC Chairwoman Donna Brazile told CNN. Cybersecurity was a major theme at the debate last night between Republican nominee Donald Trump and Democratic nominee Hillary Clinton. While Clinton blamed the Russians for the "election-related cyberintrusions," Trump said "It could be Russia, but it could also be China. It could also be lots of other people. It could also be somebody sitting on their bed that weighs 400 pounds." We will update this story as it develops.

MojoKid writes: If you thought that the massive DDoS attack earlier this month on Brian Krebs' security blog was record-breaking, take a look at what just happened to France-based hosting provider OVH. OVH was the victim of a wide-scale DDoS attack that was carried via a network of over 152,000 IoT devices. According to OVH founder and CTO Octave Klaba, the DDoS attack reached nearly 1 Tbps at its peak. Of those IoT devices participating in the DDoS attack, they were primarily comprised of CCTV cameras and DVRs. Many of these devices have improperly configured network settings, which leaves them ripe for the picking for hackers that would love to use them to carry out destructive attacks.The DDoS peaked at 990 Gbps on September 20th thanks to two concurrent attacks, and according to Klaba, the original botnet was capable of a 1.5 Tbps DDoS attack if each IP topped out at 30 Mbps. This massive DDoS campaign was directed at Minecraft servers that OHV was hosting. Octave Klaba / Oles tweeted: "Last days, we got lot of huge DDoS. Here, the list of 'bigger that 100Gbps' only. You can the simultaneous DDoS are close to 1Tbps!"

HP should apologize to customers and restore the ability of printers to use third-party ink cartridges, the Electronic Frontier Foundation (EFF) said in a letter to the company's CEO yesterday. From an ArsTechnica report:HP has been sabotaging OfficeJet Pro printers with firmware that prevents use of non-HP ink cartridges and even HP cartridges that have been refilled, forcing customers to buy more expensive ink directly from HP. The self-destruct mechanism informs customers that their ink cartridges are "damaged" and must be replaced. "The software update that prevented the use of third-party ink was reportedly distributed in March, but this anti-feature itself wasn't activated until September," EFF Special Advisor Cory Doctorow wrote in a letter to HP Inc. CEO Dion Weisler. "That means that HP knew, for at least six months, that some of its customers were buying your products because they believed they were compatible with any manufacturer's ink, while you had already planted a countdown timer in their property that would take this feature away. Your customers will have replaced their existing printers, or made purchasing recommendations to friends who trusted them on this basis. They are now left with a less useful printer -- and possibly a stockpile of useless third-party ink cartridges."

Reader Zocalo writes: Over the last several months Mozilla has been investigating a large number of breaches of what Mozilla deems to be acceptable CA protocols by the Chinese root CA WoSign and their perhaps better known subsidiary StartCom, whose acquisition by WoSign is one of the issues in question. Mozilla has now published their proposed solution (GoogleDocs link), and it's not looking good for WoSign and Startcom. Mozilla's position is that they have lost trust in WoSign and, by association StartCom, with a proposed action to give WoSign and StartCom a "timeout" by distrusting any certificates issued after a date to be determined in the near future for a period of one year, essentially preventing them issuing any certificates that will be trusted by Mozilla. Attempts to circumvent this by back-dating the valid-from date will result in an immediate and permanent revocation of trust, and there are some major actions required to re-establish that trust at the end of the time out as well.
This seems like a rather elegant, if somewhat draconian, solution to the issue of what to do when a CA steps out of line. Revoking trust for certificates issued after a given date does not invalidate existing certificates and thereby inconvenience their owners, but it does put a severe -- and potentially business-ending -- penalty on the CA in question. Basically, WoSign and StartCom will have a year where they cannot issue any new certificates that Mozilla will trust, and will also have to inform any existing customers that have certificate renewals due within that period they cannot do so and they will need to go else where -- hardly good PR!

What does Slashdot think? Is Mozilla going too far here, or is their proposal justified and reasonable given WoSign's actions, making a good template for potential future breaches of trust by root CAs, particularly in the wake of other CA trust breaches by the likes of CNNIC, DigiNotar, and Symantec?

Reader Zocalo writes: Over the last several months Mozilla has been investigating a large number of breaches of what Mozilla deems to be acceptable CA protocols by the Chinese root CA WoSign and their perhaps better known subsidiary StartCom, whose acquisition by WoSign is one of the issues in question. Mozilla has now published their proposed solution (GoogleDocs link), and it's not looking good for WoSign and Startcom. Mozilla's position is that they have lost trust in WoSign and, by association StartCom, with a proposed action to give WoSign and StartCom a "timeout" by distrusting any certificates issued after a date to be determined in the near future for a period of one year, essentially preventing them issuing any certificates that will be trusted by Mozilla. Attempts to circumvent this by back-dating the valid-from date will result in an immediate and permanent revocation of trust, and there are some major actions required to re-establish that trust at the end of the time out as well.
This seems like a rather elegant, if somewhat draconian, solution to the issue of what to do when a CA steps out of line. Revoking trust for certificates issued after a given date does not invalidate existing certificates and thereby inconvenience their owners, but it does put a severe -- and potentially business-ending -- penalty on the CA in question. Basically, WoSign and StartCom will have a year where they cannot issue any new certificates that Mozilla will trust, and will also have to inform any existing customers that have certificate renewals due within that period they cannot do so and they will need to go else where -- hardly good PR!

What does Slashdot think? Is Mozilla going too far here, or is their proposal justified and reasonable given WoSign's actions, making a good template for potential future breaches of trust by root CAs, particularly in the wake of other CA trust breaches by the likes of CNNIC, DigiNotar, and Symantec?

Reader Zocalo writes: Over the last several months Mozilla has been investigating a large number of breaches of what Mozilla deems to be acceptable CA protocols by the Chinese root CA WoSign and their perhaps better known subsidiary StartCom, whose acquisition by WoSign is one of the issues in question. Mozilla has now published their proposed solution (GoogleDocs link), and it's not looking good for WoSign and Startcom. Mozilla's position is that they have lost trust in WoSign and, by association StartCom, with a proposed action to give WoSign and StartCom a "timeout" by distrusting any certificates issued after a date to be determined in the near future for a period of one year, essentially preventing them issuing any certificates that will be trusted by Mozilla. Attempts to circumvent this by back-dating the valid-from date will result in an immediate and permanent revocation of trust, and there are some major actions required to re-establish that trust at the end of the time out as well.
This seems like a rather elegant, if somewhat draconian, solution to the issue of what to do when a CA steps out of line. Revoking trust for certificates issued after a given date does not invalidate existing certificates and thereby inconvenience their owners, but it does put a severe -- and potentially business-ending -- penalty on the CA in question. Basically, WoSign and StartCom will have a year where they cannot issue any new certificates that Mozilla will trust, and will also have to inform any existing customers that have certificate renewals due within that period they cannot do so and they will need to go else where -- hardly good PR!

What does Slashdot think? Is Mozilla going too far here, or is their proposal justified and reasonable given WoSign's actions, making a good template for potential future breaches of trust by root CAs, particularly in the wake of other CA trust breaches by the likes of CNNIC, DigiNotar, and Symantec?

Years of work and millions of dollars later, China finished its alien-hunting telescope in May this year. Now the country says its telescope has begun its operation. The company flipped the switch over the weekend, hoping to find signals from stars and galaxies -- and more importantly from extraterrestrial life. The telescope also illustrates China's growing ambition to stay among the frontrunners in space efforts. AP reports: Beijing has poured billions into such ambitious scientific projects as well as its military-backed space program, which saw the launch of China's second space station earlier this month. Measuring 500 metres in diameter, the radio telescope is nestled in a natural basin within a stunning landscape of lush green karst formations in southern Guizhou province. It took five years and $180 million to complete and surpasses that of the 300-meter Arecibo Observatory in Puerto Rico, a dish used in research on stars that led to a Nobel Prize. The official Xinhua News Agency said hundreds of astronomers and enthusiasts watched the launch of the Five-hundred-meter Aperture Spherical Telescope, or FAST, in the county of Pingtang. Researchers quoted by state media said FAST would search for gravitational waves, detect radio emissions from stars and galaxies and listen for signs of intelligent extraterrestrial life. "The ultimate goal of FAST is to discover the laws of the development of the universe," Qian Lei, an associate researcher with the National Astronomical Observatories of the Chinese Academy of Sciences, told state broadcaster CCTV. "In theory, if there is civilization in outer space, the radio signal it sends will be similar to the signal we can receive when a pulsar (spinning neutron star) is approaching us," Qian said.

If Uber's recently launched self-driving cars surprised you, wait for the company's "flying" vehicles. Speaking with Recode, Uber's head of products said the company is research small planes that can vertically take off and land, so that they can be used for short-haul flights in cities. From the report:The technology is called VTOL -- which stands for vertical takeoff and landing. Simply put, VTOL is an aircraft that can hover, take off and land vertically, which would also describe a helicopter. But, unlike the typical helicopter, these planes have multiple rotors, could have fixed wings and perhaps eventually would use batteries and be more silent. In time, like cars, such aircraft would be autonomous. Jeff Holden said that he has been researching the area, "so we can someday offer our customers as many options as possible to move around." He added that "doing it in a three-dimensional way is an obvious thing to look at."

Long-time Slashdot reader DeQueue writes: Back in 2011 Fabrice Bellard, the initiator of the QEMU emulator, wrote a PC emulator in JavaScript that let you boot Linux in your browser. But he didn't stop there.

On his website he now has images that let you boot Oberon, Arch Linux, FreeDOS, OpenBSD, Solar OS and more recent versions of Linux such as 2.6 or 3.18 (the 3.18 image includes internet access). You can also boot to a CD image, or a floppy image, or a hard drive disk image on your local machine. And, if you don't need yet another operating system on your computer, you can even boot to Bootchess and play chess

As our DVRs, cameras, and routers join the Internet of Things, long-time Slashdot reader galgon wonders if he's already been compromised: There has been a number of stories of IoT devices becoming part of botnets and being used in distributed denial of service attacks. If these devices are seemingly working correctly to the user, how would they ever know the device was compromised? Is there anything the average user can do to detect when they have a misbehaving device on their network?
I'm curious how many Slashdot readers are even using IoT devices -- so leave your best answers in the comments. How would you know if your IoT device is part of a botnet?

As our DVRs, cameras, and routers join the Internet of Things, long-time Slashdot reader galgon wonders if he's already been compromised: There has been a number of stories of IoT devices becoming part of botnets and being used in distributed denial of service attacks. If these devices are seemingly working correctly to the user, how would they ever know the device was compromised? Is there anything the average user can do to detect when they have a misbehaving device on their network?
I'm curious how many Slashdot readers are even using IoT devices -- so leave your best answers in the comments. How would you know if your IoT device is part of a botnet?

An anonymous Slashdot reader quotes ComputerWorld: Vint Cerf is considered a father of the internet, but that doesn't mean there aren't things he would do differently if given a fresh chance to create it all over again. "If I could have justified it, putting in a 128-bit address space would have been nice so we wouldn't have to go through this painful, 20-year process of going from IPv4 to IPv6," Cerf told an audience of journalists Thursday... For security, public key cryptography is another thing Cerf would like to have added, had it been feasible.

Trouble is, neither idea is likely to have made it into the final result at the time. "I doubt I could have gotten away with either one," said Cerf, who won a Turing Award in 2004 and is now vice president and chief internet evangelist at Google. "So today we have to retrofit... If I could go back and put in public key crypto, I probably would try."
Vint Cerf answered questions from Slashdot users back in 2011.

Slashdot reader theweatherelectric writes: Over on Streaming Media, Amit Jain from Yahoo has written a behind-the-scenes look at the development of Yahoo's HTML5 video player. He writes, "Adobe Flash, once the de-facto standard for media playback on the web, has lost favor in the industry due to increasing concerns over security and performance. At the same time, requiring a plugin for video playback in browsers is losing favor among users as well. As a result, the industry is moving toward HTML5 for video playback...

At Yahoo, our video player uses HTML5 across all modern browsers for video playback. In this post we will describe our journey to providing an industry-leading playback experience using HTML5, lay out some of the challenges we faced, and discuss opportunities we see going forward."
Yet another brick in the wall? YouTube and Twitch have already switched to HTML5, and last year Google started automatically converting Flash ads to HTML5.

Slashdot reader theweatherelectric writes: Over on Streaming Media, Amit Jain from Yahoo has written a behind-the-scenes look at the development of Yahoo's HTML5 video player. He writes, "Adobe Flash, once the de-facto standard for media playback on the web, has lost favor in the industry due to increasing concerns over security and performance. At the same time, requiring a plugin for video playback in browsers is losing favor among users as well. As a result, the industry is moving toward HTML5 for video playback...

At Yahoo, our video player uses HTML5 across all modern browsers for video playback. In this post we will describe our journey to providing an industry-leading playback experience using HTML5, lay out some of the challenges we faced, and discuss opportunities we see going forward."
Yet another brick in the wall? YouTube and Twitch have already switched to HTML5, and last year Google started automatically converting Flash ads to HTML5.

Slashdot reader theweatherelectric writes: Over on Streaming Media, Amit Jain from Yahoo has written a behind-the-scenes look at the development of Yahoo's HTML5 video player. He writes, "Adobe Flash, once the de-facto standard for media playback on the web, has lost favor in the industry due to increasing concerns over security and performance. At the same time, requiring a plugin for video playback in browsers is losing favor among users as well. As a result, the industry is moving toward HTML5 for video playback...

At Yahoo, our video player uses HTML5 across all modern browsers for video playback. In this post we will describe our journey to providing an industry-leading playback experience using HTML5, lay out some of the challenges we faced, and discuss opportunities we see going forward."
Yet another brick in the wall? YouTube and Twitch have already switched to HTML5, and last year Google started automatically converting Flash ads to HTML5.

"Technology has surpassed the law..." argues a Kentucky man who fired a shotgun at a drone last year. An anonymous Slashdot reader reports: The drone's owner has now filed for damages in Federal Court over the loss of his $1,800 drone, arguing that the shotgun blast was unjustified because his drone wasn't actually trespassing or invading anyone's privacy. The defendant -- who has dubbed himself 'the Drone Slayer' -- said the aerial vehicle was over his garden and his daughter, and the verdict could ultimately set a new precedent in U.S. law: who owns the air?

"Operators need to know where they can fly," argued the drone pilot's lawyer, "and owners must know when they can reasonably expect privacy and be free of prying eyes." He estimates a drone is shot from he skies about once a month, and "What happens typically is that law enforcement doesn't know what to do and civil suits are uncommon as most people don't want to get involved due to the costs."
The Drone Slayer was originally charged with felony counts of wanton endangerment and criminal mischief. But all of those charges were dismissed in October when a district judge ruled he "had a right to shoot at the aircraft."

"Technology has surpassed the law..." argues a Kentucky man who fired a shotgun at a drone last year. An anonymous Slashdot reader reports: The drone's owner has now filed for damages in Federal Court over the loss of his $1,800 drone, arguing that the shotgun blast was unjustified because his drone wasn't actually trespassing or invading anyone's privacy. The defendant -- who has dubbed himself 'the Drone Slayer' -- said the aerial vehicle was over his garden and his daughter, and the verdict could ultimately set a new precedent in U.S. law: who owns the air?

"Operators need to know where they can fly," argued the drone pilot's lawyer, "and owners must know when they can reasonably expect privacy and be free of prying eyes." He estimates a drone is shot from he skies about once a month, and "What happens typically is that law enforcement doesn't know what to do and civil suits are uncommon as most people don't want to get involved due to the costs."
The Drone Slayer was originally charged with felony counts of wanton endangerment and criminal mischief. But all of those charges were dismissed in October when a district judge ruled he "had a right to shoot at the aircraft."

"Technology has surpassed the law..." argues a Kentucky man who fired a shotgun at a drone last year. An anonymous Slashdot reader reports: The drone's owner has now filed for damages in Federal Court over the loss of his $1,800 drone, arguing that the shotgun blast was unjustified because his drone wasn't actually trespassing or invading anyone's privacy. The defendant -- who has dubbed himself 'the Drone Slayer' -- said the aerial vehicle was over his garden and his daughter, and the verdict could ultimately set a new precedent in U.S. law: who owns the air?

"Operators need to know where they can fly," argued the drone pilot's lawyer, "and owners must know when they can reasonably expect privacy and be free of prying eyes." He estimates a drone is shot from he skies about once a month, and "What happens typically is that law enforcement doesn't know what to do and civil suits are uncommon as most people don't want to get involved due to the costs."
The Drone Slayer was originally charged with felony counts of wanton endangerment and criminal mischief. But all of those charges were dismissed in October when a district judge ruled he "had a right to shoot at the aircraft."

There was something unique about this week's Patch Tuesday. An anonymous Slashdot reader quotes HelpNetSecurity: It was the last traditional Windows Patch Tuesday as Microsoft is moving to a new patching release model. In the future, patches will be bundled together and users will no longer be able to pick and choose which updates to install. Furthermore, these new 'monthly update packs' will be combined, so for instance, the November update will include all the patches from October as well.
Last month a Slashdot reader asked for suggestions on how to handle the new 'cumulative' updates -- although the most common response was "I run Linux."

There was something unique about this week's Patch Tuesday. An anonymous Slashdot reader quotes HelpNetSecurity: It was the last traditional Windows Patch Tuesday as Microsoft is moving to a new patching release model. In the future, patches will be bundled together and users will no longer be able to pick and choose which updates to install. Furthermore, these new 'monthly update packs' will be combined, so for instance, the November update will include all the patches from October as well.
Last month a Slashdot reader asked for suggestions on how to handle the new 'cumulative' updates -- although the most common response was "I run Linux."

A new study calculates a low probability that real effects are actually being detected in psychology, neuroscience and medicine research paper -- and then explains why. Slashdot reader ananyo writes: The average statistical power of papers culled from 44 reviews published between 1960 and 2011 was about 24%. The authors built an evolutionary computer model to suggest why and show that poor methods that get "results" will inevitably prosper. They also show that replication efforts cannot stop the degradation of the scientific record as long as science continues to reward the volume of a researcher's publications -- rather than their quality.
The article notes that in a 2015 sample of 100 psychological studies, only 36% of the results could actually be reproduced. Yet the researchers conclude that in the Darwin-esque hunt for funding, "top-performing laboratories will always be those who are able to cut corners." And the article's larger argument is until universities stop rewarding bad science, even subsequent attempts to invalidate those bogus results will be "incapable of correcting the situation no matter how rigorously it is pursued."

An anonymous Slashdot reader quotes The Washington Post: Two senior Democratic lawmakers with access to classified intelligence on Thursday accused Russia of "making a serious and concerted effort to influence the U.S. election," a charge that appeared aimed at putting pressure on the Obama administration to confront Moscow... "At the least, this effort is intended to sow doubt about the security of our election and may well be intended to influence the outcomes," the statement said. "We believe that orders for the Russian intelligence agencies to conduct such actions could come only from very senior levels of the Russian government..."

White House officials have repeatedly insisted that they are awaiting the outcome of a formal FBI investigation, even though U.S. intelligence are said to have concluded with "high confidence" that Russia was responsible for the DNC breach and other attacks. The White House hesitation has become a source of frustration to critics, including senior members of Congress.
Meanwhile, U.S. intelligence officials are reportedly investigating whether Donald Trump's foreign policy adviser "opened up private communications with senior Russian officials -- including talks about the possible lifting of economic sanctions if the Republican nominee becomes president."

Yahoo apparently took two years to investigate and tell people that its service had been breached, and that over 500 million users were affected. Amid the announcement, a user is suing Yahoo, accusing the company of gross negligence. From a Reuters report: The lawsuit was filed in the federal court in San Jose, California, one day after Yahoo disclosed the hacking, unprecedented in size, by what it believed was a "state-sponsored actor." Ronald Schwartz, a New York resident, sued on behalf of all Yahoo users in the United States whose personal information was compromised. The lawsuit seeks class-action status and unspecified damages. A Yahoo spokeswoman said the Sunnyvale, California-based company does not discuss pending litigation. The attack could complicate Chief Executive Marissa Mayer's effort to shore up the website's flagging fortunes, two months after she agreed to a $4.8 billion sale of Yahoo's Internet business to Verizon Communications. Yahoo on Thursday said user information including names, email addresses, phone numbers, birth dates and encrypted passwords had been compromised in late 2014.

An anonymous reader quotes a report from Ars Technica: For the better part of a day, KrebsOnSecurity, arguably the world's most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn't like a recent series of exposes reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet. The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service. A third post in the series is here. On Thursday morning, exactly two weeks after Krebs published his first post, he reported that a sustained attack was bombarding his site with as much as 620 gigabits per second of junk data. That staggering amount of data is among the biggest ever recorded. Krebs was able to stay online thanks to the generosity of Akamai, a network provider that supplied DDoS mitigation services to him for free. The attack showed no signs of waning as the day wore on. Some indications suggest it may have grown stronger. At 4 pm, Akamai gave Krebs two hours' notice that it would no longer assume the considerable cost of defending KrebsOnSecurity. Krebs opted to shut down the site to prevent collateral damage hitting his service provider and its customers. The assault against KrebsOnSecurity represents a much greater threat for at least two reasons. First, it's twice the size. Second and more significant, unlike the Spamhaus attacks, the staggering volume of bandwidth doesn't rely on misconfigured domain name system servers which, in the big picture, can be remedied with relative ease. The attackers used Internet-of-things devices since they're always-connected and easy to "remotely commandeer by people who turn them into digital cannons that spray the internet with shrapnel." "The biggest threats as far as I'm concerned in terms of censorship come from these ginormous weapons these guys are building," Krebs said. "The idea that tools that used to be exclusively in the hands of nation states are now in the hands of individual actors, it's kind of like the specter of a James Bond movie." While Krebs could retain a DDoS mitigation service, it would cost him between $100,000 and $200,000 per year for the type of protection he needs, which is more than he can afford. What's especially troubling is that this attack can happen to many other websites, not just KrebsOnSecurity.

After it was revealed that Oculus founder Palmer Luckey backed a pro-Trump political organization called Nimble America that is dedicated to "shitposting" and spreading inflammatory memes about Hillary Clinton, several developers of the Oculus Rift virtual-reality headset have announced that they will stop supporting the headset until its founder steps down. One of the biggest developers for Oculus Rift, Insomniac Games, told Motherboard, "Insomniac Games condemns all forms of hate speech. While everyone has a right to express his or her political opinion, the behavior and sentiments reported do not reflect the values of our company. We are also confident that his behavior and sentiment does not reflect the values of the many Oculus employees we work with on a daily basis." Fez and Superhypercube developer Polytron also said in a statement, "In a political climate as fragile and horrifying as this one, we cannot tacitly endorse these actions by supporting Luckey or his platform." Motherboard reports: Motherboard has reached out to several other, more well-known VR developers who work with Oculus including Fantastic Contraption makers Northway Games and Job Simulator makers Owlchemy Labs. Northway Games couldn't be reached immediately for comment but tweeted the following: "What. The. Fuck. [accompanied with a link to the news via Kotaku]" and "Definitely using every fibre of my 'professionalism' to not tweet some tweets right now." Owlchemy Labs, which is currently developing for Job Simulator for the Oculus Touch controls, declined to comment either way. E McNeill, who has developed a couple of games for Oculus Rift and GearVR, suggested that like-minded VR developers raise money for Hillary Clinton's campaign to counter the money Luckey has raised for Trump. [E McNeill tweeted: "Idle Q: Would any Oculus devs join me in a donation drive for HIllary? We could aim to beat Nimble America's $11k. I'd start with $1k myself."] "This backlash is nonsense," said James Green, co-founder of VR developer Carbon Games. "I absolutely support him doing whatever he wants politically if it's legal. To take any other position is against American values."

An anonymous reader quotes a report from Ars Technica: The federal judge who presided over the Google-Oracle API copyright infringement trial excoriated one of Oracle's lawyers Thursday for disclosing confidential information in open court earlier this year. The confidential information included financial figures stating that Google generated $31 billion in revenue and $22 billion in profits from the Android operating system in the wake of its 2008 debut. The Oracle attorney, Annette Hurst, also revealed another trade secret: Google paid Apple $1 billion in 2014 to include Google search on iPhones. Judge William Alsup of San Francisco has been presiding over the copyright infringement trial since 2010, when Oracle lodged a lawsuit claiming that Google's Android operating system infringed Oracle's Java APIs. After two trials and various trips to the appellate courts, a San Francisco federal jury concluded in May that Google's use of the APIs amounted to fair use. Oracle's motion before Alsup for a third trial is pending. Oracle argues that Google tainted the verdict by concealing a plan to extend Android on desktop and laptop computers. As this legal saga was playing out, Hurst blurted out the confidential figures during a January 14 pre-trial hearing, despite those numbers being protected by a court order. The transcript of that proceeding has been erased from the public record. But the genie is out of the bottle. Google lodged a motion (PDF) for sanctions and a contempt finding against Hurst for unveiling a closely guarded secret of the mobile phone wars. During a hearing on that motion Thursday, Judge Alsup had a back-and-forth with Hurst's attorney, former San Francisco U.S. Attorney Melinda Haag. According to the San Francisco legal journal The Recorder, Haag said that her client Hurst -- of the law firm Orrick, Herrington and Sutcliffe -- should not be sanctioned because of "one arguable mistake made through the course of a very complex litigation."

An anonymous reader quotes a report from Ars Technica: The federal judge who presided over the Google-Oracle API copyright infringement trial excoriated one of Oracle's lawyers Thursday for disclosing confidential information in open court earlier this year. The confidential information included financial figures stating that Google generated $31 billion in revenue and $22 billion in profits from the Android operating system in the wake of its 2008 debut. The Oracle attorney, Annette Hurst, also revealed another trade secret: Google paid Apple $1 billion in 2014 to include Google search on iPhones. Judge William Alsup of San Francisco has been presiding over the copyright infringement trial since 2010, when Oracle lodged a lawsuit claiming that Google's Android operating system infringed Oracle's Java APIs. After two trials and various trips to the appellate courts, a San Francisco federal jury concluded in May that Google's use of the APIs amounted to fair use. Oracle's motion before Alsup for a third trial is pending. Oracle argues that Google tainted the verdict by concealing a plan to extend Android on desktop and laptop computers. As this legal saga was playing out, Hurst blurted out the confidential figures during a January 14 pre-trial hearing, despite those numbers being protected by a court order. The transcript of that proceeding has been erased from the public record. But the genie is out of the bottle. Google lodged a motion (PDF) for sanctions and a contempt finding against Hurst for unveiling a closely guarded secret of the mobile phone wars. During a hearing on that motion Thursday, Judge Alsup had a back-and-forth with Hurst's attorney, former San Francisco U.S. Attorney Melinda Haag. According to the San Francisco legal journal The Recorder, Haag said that her client Hurst -- of the law firm Orrick, Herrington and Sutcliffe -- should not be sanctioned because of "one arguable mistake made through the course of a very complex litigation."