An anonymous reader quotes a report from Paste Magazine: Indie developer TinyBuild, the studio behind Punch Club, Party Hard and SpeedRunners, had thousands of their game codes stolen through fraudulent credit card purchases, which then wound up on G2A.com, a site that allows people to resell game codes. The basic idea behind G2A is straightforward and pretty harmless: with the amount of game codes sold through Steam, the Humble Store/Bundle, and more, the site gives consumers a place to sell unwanted game codes. However, in doing so, G2A has created a huge black market for game codes sales. As TinyBuild described in their blog post on the matter, the common practice for scammers is to "get ahold of a database of stolen credit cards on the dark web. Go to a bundle/3rd party key reseller and buy a ton of game keys. Put them up onto G2A and sell them at half the retail price." This allows scammers to make thousands of dollars while preventing any profit from reaching the game developers because, once the stolen credit cards are processed, the payments will be denied. G2A states that TinyBuild's retail partners are the ones selling the codes on G2A, not scammers, despite the thousands of codes they lost through their online store to fraudulent credit card purchases. In 2011, TinyBuild was in the news for uploading their own game, a platformer called No Time To Explain, to the Pirate Bay.

An anonymous reader writes: Following a report that Russian hackers penetrated the DNC's database, a hacker, who identifies himself as "Guccifer 2.0" after a popular Romanian hacker who hacked various American political figures, most notably Hillary Clinton and her private server, has published documents on Tuesday that he says came from the party's digital files. The documents detail Clinton's weaknesses as a candidate, and include a collection of negative press clips about the Clinton Foundation and a list of defenses against attacks on her private email use. Washington Examiner reports: "Another document, titled '2016 Democrats Positions Cheat Sheet,' listed major policy issues and indicated where Clinton, Bernie Sanders, Martin O'Malley, Jim Webb, Lincoln Chaffee, Elizabeth Warren and Joe Biden -- all former or possible rivals for the Democratic nomination -- stood on each issue." The documents contain information ranging from how the Clinton Foundation and its allies should respond to criticisms of the Clinton Foundation's revenue sources to how Chelsea Clinton wasn't able to answer questions about Clinton Foundation donations and other instances in which Bill Clinton was called a "sexual predator" for his past indiscretions. Even though the cybersecurity breach was blamed on the Russian government, the Kremlin has denied any involvement. The DNC also has yet to confirm or deny the authenticity of the leaked documents.

An anonymous reader writes from a report via ZDNet: OpenAI, the artificial-intelligence non-profit backed by Elon Musk, Amazon Web Services, and others, is working on creating a physical robot that performs household chores. In a blog post Monday, OpenAI leaders said they don't want to manufacture the robot itself, but "enable a physical robot [...] to perform basic housework." The company says it is "inspired" by DeepMind's work in the deep learning and reinforcement learning field of AI, as displayed by its AlphaGo victory over human Go masters. OpenAI says it wants to "train an agent capable enough to solve any game," noting that significant advances in AI will be required in order for that to happen. In May, the company released a public beta of a new Open Source gym for computer programmers working on AI. They also have plans to build an agent that can understand natural language and seek clarification when following instructions to complete a task. OpenAI plans to build new algorithms that can advance this field. Finally, OpenAI wants to measure its progress across games, robotics, and language-based tasks, which is where OpenAI's Gym Beta will come into play.

This week HelpNetSecurity reported on a study that found that "the average data breach cost has grown to $4 million, representing a 29 percent increase since 2013.. 'The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don't have a plan in place to deal with this process efficiently," said Caleb Barlow, Vice President, of IBM Security."

But the most stunning part of the study was that each compromised record costs a company $158 (on average), and up to $355 per record in more highly-regulated industries like healthcare, according to the study -- $100 more than in 2013. And yet it also found that having an "incident response team" greatly reduces the cost of a data breach. So I'd be curious how many Slashdot readers work for a company that actually has a team in place to handle data breaches. Leave your answers in the comments. Does your company have an incident response team ?

Long-time Slashdot reader sandbagger writes: The Mattel people have released a new Barbie doll figurine touted as Game Developer Barbie. Dressed in jeans and a t-shirt, she was apparently designed by a game developer.
It's already sold out on Mattel's web site, with CNET saying it provides a better role model than a 2014 book In which "computer engineer" Barbie designed a cute game about puppies, then admitted "I'll need Steven's and Brian's help to turn it into a real game," before her laptop crashed with a virus. Mattel says that with this new doll, "young techies can play out the creative fun of this exciting profession," and the doll even comes with a laptop showing an IDE on the screen. Sandbagger's original submission ended with a question. Do Slashdot readers think this will inspire a new generation of programmers to stay up late writing code?

"Paper forms are a security risk", warns the web site for CareMonkey, which maintains digital and up-to-date medical information in the cloud "for any organization with a duty of care". This is raising concerns for long-time Slashdot reader rolandw, who says he's being asked by his daughter's school to approve using the site to store "her full medical details". CareMonkey say that this data is stored on AWS and their security page says that it is secured by every protocol ever claimed by AWS (apparently). As a sysadmin and developer who has used AWS extensively for non-secure information my alarm bells are sounding.
Should he ignore those alarm bells and approve the storage of his daughter's medical history in the cloud? And if not, what specific reason would you give for refusing?

The Air Force now says it will be able to recover those 100,000 investigation files dating back to 2004, after "aggressively leveraging all vendor and department capabilities." An anonymous reader quotes a report from Government Executive about the mysteriously corrupted database: In a short, four-sentence statement released midday on Wednesday, service officials said the Air Force continues to investigate the embarrassing incident in which the files and their backups were corrupted. "Through extensive data recovery efforts over the weekend and this week, the Air Force has been able to regain access to the data in the Air Force Inspector General Automated Case Tracking System..." the statement reads. Earlier on Wednesday, the Air Force chief of staff said that the effort to recover the files involved Lockheed Martin and Oracle, the two defense contractors that run the database, plus Air Force cyber and defense cyber crime personnel.
The Chief of Staff hopes "there won't be a long-term impact, other than making sure we understand exactly what happened, how it happened and how we keep it from ever happening again." The Air Force is conducting an independent review, while Lockheed Martin is now also performing a separate internal review.

An anonymous reader writes from a report via Softpedia: Microsoft has open-sourced Checked C, an extension to the C programming language that brings new features to address a series of security-related issues. As its name hints, Checked C will add checking to C, and more specifically pointer bounds checking. The company hopes to curb the high-number of security bugs such as buffer overruns, out-of-bounds memory accesses, and incorrect type casts, all which would be easier to catch in Checked C. Despite tangible benefits to security, the problem of porting code to Checked C still exists, just like it did when C# or Rust came out, both C alternatives.

John Leyden, writing for The Register: GitHub has reset the passwords of users targeted in an attack this week that relied on using stolen credentials from a breach at a third-party site. The software repository itself has not suffered a breach. Hackers behind the assault were trying to break into the accounts of users who had inadvisedly used the same login credentials on an unnamed site that had suffered a breach, as a statement by GitHub explains. GitHub said it had reset the passwords on all affected accounts before beginning the process of notifying those affected. "We encourage all users to practise good password hygiene and enable two-factor authentication to protect your account," GitHub sensibly advised.

An anonymous reader writes from a report via VentureBeat: Samsung has announced Thursday that it has acquired Joyent, a company with public cloud infrastructure and private cloud software, to help beef-up its software and services around its smartphone business. While terms of the deal weren't disclosed, Samsung did say Joyent will continue to operate as a standalone company. "Until now, we lacked one thing. We lacked the scale required to compete effectively in the large, rapidly growing and fiercely competitive cloud computing market. Now, that changes," Joyent chief executive Scott Hammond wrote in a blog post. With Samsung's brand name and money to invest, Joyent may become more popular and challenge some of the top cloud infrastructure providers like Amazon Web Services, Microsoft Azure, and the Google Cloud Platform. Joyent was the original steward of server-side JavaScript framework Node.js and helped to establish the Node.js Foundation in 2015.

An anonymous reader writes from a report via EFF: The federal Government Accountability Office published a report on the FBI's face recognition capabilities that says the FBI has access to hundreds of millions of photos. According to the GAO report, the FBI's Facial Analysis, Comparison, and Evaluation (FACE) Services unit not only has access to the FBI's Next Generation Identification (NGI) face recognition database of nearly 30 million civil and criminal mug shot photos, but it also has access to the State Department's Visa and Passport databases, the Defense Department's biometric database, and the drivers license databases of at least 16 states. This totals 411.9 million images, most of which are Americans and foreigners who have committed no crimes. In May, it was reported that the FBI is keeping information contained in the NGI database private and unavailable. It argues in a proposal that the database should be exempt from the Privacy Act.

Apple's web browser Safari 10, which will ship with macOS Sierra, will disable Flash, Java, Silverlight, QuickTime and other plug-ins by default. The move will help the company improve the overall web browsing experience by focusing on HTML5 content. From a post on WebKit blog, authored by Apple's Safari team: When a website directly embeds a visible plug-in object, Safari instead presents a placeholder element with a "Click to use" button. When that's clicked, Safari offers the user the options of activating the plug-in just one time or every time the user visits that website. Here too, the default option is to activate the plug-in only once.

An anonymous reader quotes a report from ZDNet: A hacker has stolen tens of millions of accounts from over a thousand popular forums, which host popular car, tech, and sports communities. The stolen database contains close to 45 million records from 1,100 websites and forums hosted by VerticalScope, a Toronto-based media company with dozens of major properties, including forums and sites run by AutoGuide.com, PetGuide.com, and TopHosts.com. "We are aware of the possible issue and our internal security team has been investigating and will be collecting information to provide to the appropriate law enforcement agencies," said Jerry Orban, vice-president of corporate development, in an email. In a sample given to ZDNet, the database shows email addresses, passwords that were hashed and salted passwords with MD5 (an algorithm that nowadays is easy to crack), as well as a user's IP address (which in some cases can determine location), and the site that the record was taken from. LeakedSource, which confirmed the findings, said in its blog post that it was "likely that VerticalScope stored all of their data on interconnected or even the same servers as there is no other way to explain a theft on such a large scale." A LeakedSource group member said it was "not related" to the recent hacks against MySpace, LinkedIn, and Tumblr. The report goes on to say: "A cursory search of the list of domains caught up in the hack revealed that none of the sites [ZDNet] checked offered basic HTTPS website encryption, which would prevent usernames and passwords from being intercepted."

An anonymous reader shares an Ars Technica report: Ubuntu's "snappy" new way of packaging applications is no longer exclusive to Ubuntu. Canonical today is announcing that snapd, the tool that allows snap packages to be installed on Ubuntu, has been ported to other Linux distributions including Debian, Arch, Fedora, and Gentoo among others. To install snap packages on non-Ubuntu distributions, Linux desktop and server users will have to first install the newly cross-platform snapd. This daemon verifies the integrity of snap packages, confines them into their own restricted space, and acts as a launcher. Instructions for creating snaps and installing snapd on a variety of distributions are available at this website. Snaps can exist on the same system as either deb or RPM packages. Snaps aren't the only new package manager for Linux distributions that aims to simplify installation of applications. There's also AppImage and OrbitalApps.

On Monday at its Worldwide Developer's Conference, Apple announced a new app called Breathe as one of the new headline features for watchOS 3, the latest version of its operating system for Apple Watch. The health-centric app reminds users to take a moment and breathe. But was it company's own idea? App developer Ben Erez is accusing Apple of stealing features from his app. What's worse, he adds that the company even used the same name for its app. Erez tells BGR India in a statement: We've had the same concept, same spelling, same functionality in the App store for phone and watch for over a year. We built the app because the existing mindfulness apps were insufficient in that they all focus on intense sessions of 5-20 minutes, once per day. We wanted a mindfulness experience that was felt throughout the day in smaller bits.

On the sidelines of its Worldwide Developer's Conference, Apple also quietly unveiled a new file system dubbed APFS (Apple File System). Here's how the company describes it: HFS+ and its predecessor HFS are more than 30 years old. These file systems were developed in an era of floppy disks and spinning hard drives, where file sizes were calculated in kilobytes or megabytes. Today, solid-state drives store millions of files, accounting for gigabytes or terabytes of data. There is now also a greater importance placed on keeping sensitive information secure and safe from prying eyes. A new file system is needed to meet the current needs of Apple products, and support new technologies for decades to come.Ars Technica dived into the documentation to find that APFS comes with a range of "solid" features including support for 64-bit inode numbering, and improved granularity of object time-stamping. "APFS supports nanosecond time stamp granularity rather than the 1-second time stamp granularity in HFS+." It also supports copy-on-write metadata scheme which aims to ensure that file system commits and writes to the file system journal stay in sync even if "something happens during the write -- like if the system loses power." The new file system offers an improvement over Apple's previous full-disk encryption File Vault application. It also features Snapshots (that lets you throw off a read-only instant of a file system at any given point in time), and Clones. According to the documentation, APFS can create file or directory clones -- and like a proper next-generation file system, it does so instantly, rather than having to wait for data to be copied. From the report: Also interesting is the concept of "space sharing," where multiple volumes can be created out of the same chunk of underlying physical space. This sounds on first glance a lot like enterprise-style thin provisioning, where you can do things like create four 1TB volumes on a single 1TB disk, and each volume grows as space is added to it. You can add physical storage to keep up with the volume's growth without having to resize the logical volume.As the documentation notes, things are in early stage, so it might take a while before AFPS becomes available to general users.

An anonymous reader writes: A user on Reddit forum who goes by the alias FiletOfFish1066 (referred to as Mr. Fish hereafter) has been let go by his company after it was discovered that Mr. Fish hadn't actually done anything for six years. Umm, well he did something, but nothing new and productive, his Bay Area-based firm says, which paid him $95,000 (avg) each of these years. When he first got his software testing quality assurance job, he spent eight months automating all of the programming tasks. With all of his tasks fully automated by a computer, he was able to literally sit back and do whatever he wanted. Mr. Fish is pretty despondent in tone after he posted about getting fired from his job. He's upset because he has completely forgotten how to code, having relegated all that work to the computer, and now possesses no marketable skills. But, he also is not stressed financially, having saved up $200,000 during his 6-year long "career."

An anonymous reader writes: At their Worldwide Developers Conference in San Francisco today, Apple CEO Tim Cook said, "We believe coding should be a required language in all schools." To help achieve this goal, Apple introduced Swift Playgrounds, a new app that is meant to teach kids basic coding skills in Apple's chosen language. It teaches concepts like loops and conditionals, and uses an animated character tasked with performing simple challenges in a digital maze to help make learning fun. The app also offers suggested coding languages and will be completely free. Tim Cook described it as "a powerful new way for kids to learn to code," and went on to compare writing code to basic literacy. "I wish Swift Playgrounds was around when I was first learning to code," said Apple's senior vice president of Software Engineering Craig Federighi. "Swift Playgrounds is the only app of its kind that is both easy enough for students and beginners, yet powerful enough to write real code. It's an innovative way to bring real coding concepts to life and empower the next generation with the skills they need to express their creativity." Apple announced a host of new features and improvements made to iOS and Mac OS X. Not only did they announce that OS X will now be called macOS, but the first version update will be called macOS Sierra. One of the biggest new features of the new OS is support for Siri.

Also at its annual developer conference, Apple announced major updates to its other platforms: Apple TV, iPhone and iPad, and Apple Watch. Starting with the Apple TV, the company announced that tvOS is getting a new feature called Live-Tune-In which uses Siri to allow users to simply state aloud what channel they want to watch. The company also announced a feature called Single sign-on, a cable networks feature which will let users sign-in to all their Apple TV accounts more efficiently and easily. There's a new TV Remote app for iPhone as well.

watchOS 3 comes with a range of new capabilities as well. Most importantly, it offers much faster app performance, thanks to something Apple calls Instant Launch. It does the job seven times faster than its counterpart in watchOS 2. The Verge reports about other changes: The updated interface includes Control Center, which is accessed via a swipe up from the bottom of the display. The side button has been remapped to launch the dock of recent and running apps instead of the contacts menu. Apple has also added a few new watch faces, including a Minnie Mouse version and new one that more prominently shows activity progress. Watch faces can be changed by swiping across the display. The Reminders and Find Friends apps have been redesigned, and third party apps can also now run in the dock area. The new Scribble feature lets you draw letters on the screen to type out words. It's similar to a feature recently announced for Android Wear.Coming to iPhone and iPad, they will be getting iOS 10 update later this year. One of its coolest feature lets one automatically download apps across all your devices. Apple has also improved its Continuity effort, allowing users to utilize Universal Clipboard. "Basically, snippets of text, hyperlinks, and the like that you copy on one iOS or macOS device will be available on all the others." There is another new feature called Raise to Wake, which wakes up your iPhone when it is lifted. 3D Touch feature has received some improvements, too. Siri now offers more contextual feedback, and it is likely to get even better as Apple has provided developers with SDK for Siri for the first time. The Verge reports: It makes intelligent suggestions based on your current location, calendar availability, contact information, recent addresses, and more. It's Siri growing more and more into the role of an AI or a bot. And yes, it's based on deep learning just like Google's rival system is.Apple Music has been redesigned from scratch, and Apple Maps and Messages are getting some nifty features, and they are also being opened to developers.

Larry Wall created the Perl programming language (as well as the Unix utility patch, and the Usenet client rn ). This Christmas saw the release of Perl 6 -- a "sister" language to the original Perl -- that's also free and open source, after 15 years of development. Now Larry has agreed to give some of his time to answer your questions (joking that "I doubt my remarks will be quite as controversial as, say, Donald Trump's, but I suspect I could say an interesting thing or two...")

Larry also gave one of Slashdot's very first interviews back in 2002 -- so it's high time we had him back for more heartfelt and entertaining insights. Ask as many questions as you'd like, but please, one per comment. (And feel free to also leave your suggestions for who Slashdot should interview next.) We'll pick the very best questions -- and forward them on to Larry Wall himself.