"Developers can distribute their applications packaged as snaps to Orange Pi owners," explains a new blog post from Canonical, bragging that "hackers and tinkerers can install complex IoT and server projects in seconds." An anonymous reader quotes Ubuntu's Insights blog: Orange Pi maker Shenzhen Xunlong Software Co. Ltd is launching an app store in partnership with Canonical to foster an active community of developers and users. Through this app store, developers gain a simple mechanism to share their applications, projects and scripts between themselves and with the wider Orange Pi community...

With snaps developers can distribute their application in a secure, confined package bundled with all its dependencies, so users can install applications that could take half an hour to install in just a few seconds. The Orange Pi App Store uses the whitelabel app store offering from Canonical, which lets them distribute applications to the Orange Pi community under its own brand. The store is a place for developers to share their Orange Pi specific applications. It also benefits from the wealth of applications available in the Ubuntu snap store, also available through the store.
Are there any Slashdot readers who are actually using snaps? Or -- for that matter -- are there any Slashdot readers developing with the Orange Pi?

Google plans to roll out a change in Chrome Stable soon that will have the browser throttle timers in background tabs to improve battery life and browsing performance. From a report: The motivation behind the chance is that some pages consume a lot of CPU when they are in the background. Google mentions JavaScript advertisements and analytics scripts explicitly but it is not limited to that. The core idea is to limit the processing power that background tabs get in Chrome once the feature lands. (1) Each WebView has a budget (in seconds) for running timers in background. (2) A timer task is only allowed to run when the budget is non-negative. (3) After a timer has executed, its run time is subtracted from the budget. (4) The budget regenerates with time (at rate of 0.01 seconds per second). (5) The only pages that appear to be exempt from the throttling are those that play audio.

You asked, he answered! The creator of Apple's Swift programming language (and a self-described "long-time reader/fan of Slashdot") stopped by on his way to a new job at Tesla just to field questions from Slashdot readers. Read on for Chris's answers...

An anonymous reader writes: Two weeks after cybercriminal groups started to hijack and hold for ransom MongoDB servers, similar attacks are now taking place against CouchDB, Hadoop, and ElasticSearch servers. According to the latest tallies, the number of hijacked MongoDB servers is 34,000 (out of 69,000 available on Shodan), 4,681 ElasticSearch clusters (out of 33,000), 126 Hadoop datastores (out of 5,400), and 452 CouchDB databases (out of 4,600). Furthermore, the group that has hijacked the most MongoDB and ElasticSearch servers is also selling the scripts it used for the attacks.
Two security researchers are tracking the attacks on Google spreadsheets, and report that when a ransom is paid, many victims still report that their data is never restored. But the researchers also identified 124 Hadoop servers where the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet."

An anonymous reader quotes a report from Hollywood Reporter: CBS All Access' Star Trek: Discovery has been delayed again as the series continues casting. The revival for the streaming platform has cast James Frain as Spock's father, producer CBS Television Studios announced Wednesday, as sources confirm that the show's planned May debut has been pushed. "Production on Star Trek: Discovery begins next week. We love the cast, the scripts and are excited about the world the producers have created," reps for CBS All Access said in a statement. "This is an ambitious project; we will be flexible on a launch date if it's best for the show. We've said from the beginning it's more important to do this right than to do it fast. There is also added flexibility presenting on CBS All Access, which isn't beholden to seasonal premieres or launch windows." Frain will play Sarek, the famed father of Spock who was first introduced in the original Star Trek and who has made several appearances throughout the franchise's many incarnations over the past five decades. The CBS All Access show features the franchise's Enterprise, now known as the U.S.S. Discovery. The drama will introduce new characters seeking new worlds and civilizations while exploring the dramatic contemporary themes that have been a signature of the franchise since its inception in 1966. Star Trek: Discovery was originally scheduled to debut in January and was pushed back to May, with The Good Wife spinoff The Good Fight now set to be the first scripted offering on CBS All Access, the network's VOD platform. This marks the second delay for the series, which saw former showrunner Bryan Fuller step down to focus on his Starz drama American Gods.

An anonymous reader quotes a report from BleepingComputer: A Dutch developer illegally accessed the accounts of over 20,000 users after he allegedly collected their login information via backdoors installed on websites he built. According to an official statement, Dutch police officials are now in the process of notifying these victims about the crook's actions. The hacker, yet to be named by Dutch authorities, was arrested on July 11, 2016, at a hotel in Zwolle, the Netherlands, and police proceeded to raid two houses the crook owned, in Leeuwarden and Sneek. According to Dutch police, the 35-years-old suspect was hired to build e-commerce sites for various companies. After doing his job, the developer also left backdoors in those websites, which he used to install various scripts that allowed him to collect information on the site's users. Police say that it's impossible to determine the full breadth of his hacking campaign, but evidence found on his laptop revealed he gained access to over 20,000 email accounts. Authorities say the hacker used his access to these accounts to read people's private email conversations, access their social media profiles, sign-up for gambling sites with the victim's credentials, and access online shopping sites to make purchases for himself using the victim's funds.

An anonymous reader quotes a report from BleepingComputer: A team of researchers from universities across the U.S. has identified different fingerprinting techniques that can track users when they use different browsers installed on the same machine. Named "cross-browser fingerprinting" (CBF), this practice relies on new technologies added to web browsers in recent years, some of which had been previously considered unreliable for cross-browser tracking and only used for single browser fingerprinting. These new techniques rely on making browsers carry out operations that use the underlying hardware components to process the desired data. For example, making a browser apply an image to the side of a 3D cube in WebGL provides a similar response in hardware parameters for all browsers. This is because the GPU card is the one carrying out this operation and not the browser software. According to the three-man research team led by Assistant Professor Yinzhi Cao from the Computer Science and Engineering Department at Lehigh University, the following browser features could be (ab)used for cross-browser fingerprinting operations: [Screen Resolution, Number of CPU Virtual Cores, AudioContext, List of Fonts, Line, Curve, and Anti-Aliasing, Vertex Shader, Fragment Shader, Transparency via Alpha Channel, Installed Writing Scripts (Languages), Modeling and Multiple Models, Lighting and Shadow Mapping, Camera and Clipping Planes.] Researchers used all these techniques together to test how many users they would be able to pin to the same computer. For tests, researchers used browsers such as Chrome, Firefox, Edge, IE, Opera, Safari, Maxthon, UC Browser, and Coconut. Results showed that CBF techniques were able to correctly identify 99.24% of all test users. Previous research methods achieved only a 90.84% result.

Senior Program Manager at Microsoft has responded to speculations that Command Prompt is going away. He writes: The Cmd shell remains an essential part of Windows, and is used daily by millions of businesses, developers, and IT Pro's around the world. In fact:
1. Much of the automated system that builds and tests Windows itself is a collection of many Cmd scripts that have been created over many years, without which we couldn't build Windows itself!
2. Cmd is one of the most frequently run executables on Windows with a similar number of daily launches as File Explorer, Edge and Internet Explorer!
3. Many of our customers and partners are totally dependent on Cmd, and all its quirks, for their companies" existence!
In short: Cmd is an absolutely vital feature of Windows and, until there's almost nobody running Cmd scripts or tools, Cmd will remain within Windows.

Designer Ilya Birman writes: I understand why rendering a complicated layout may be slow. Or why executing a complicated script may be slow. Actually, browsers are rather fast doing these things. If you studied programming and have a rough idea about how many computations are made to render a page, it is surprising the browsers can do it all that fast. But I am not talking about rendering and scripts. I am talking about everything else. Safari may take a second or two just to open a new blank tab on a 2014 iMac. And with ten or fifteen open tabs it eventually becomes sluggish as hell. Chrome is better, but not much so. What are they doing? The tabs are already open. Everything has been rendered. Why does it take more than, say, a thousandth of a second to switch between tabs or create a new one? Opening a 20-megapixel photo from disk doesn't take any noticeable amount of time, it renders instantaneously. Browsers store their stuff in memory. Why can't they just show the pixels immediately when I ask for them? [...] Unfortunately, modern browsers are so stupid that they reload all the tabs when you restart them. Which takes ages if you have a hundred of tabs. Opera was sane: it did not reload a tab unless you asked for it. It just reopened everything from cache. Which took a couple of seconds. Modern browsers boast their rendering and script execution performance, but that's not what matters to me as a user. I just don't understand why programmers spend any time optimising for that while the Chrome is laughably slow even by ten-years-old standards.Do you agree with Birman? If yes, why do you think browsers are generally slow today?

Microsoft's Windows PowerShell configuration management framework continues to be abused by cyber attackers, according to researchers at Symantec, who have seen a surge in associated threats. From a report on ComputerWeekly: More than 95% of PowerShell scripts analysed by Symantec researchers have been found to be malicious, with 111 threat families using PowerShell. Malicious PowerShell scripts are on the rise, as attackers are using the framework's flexibility to download their payloads, traverse through a compromised network and carry out reconnaissance, according to Candid Wueest, threat researcher at Symantec.

Researchers at Durham University and the UK's Nautical Almanac Office compiled nearly 3,000 years of celestial records and found that with every passing century, the day on Earth lengthens by two milliseconds as the planet's rotation gradually winds down. The Guardian reports: The split second gained since the first world war may not seem much, but the time it takes for a sunbeam to travel 600km towards Earth can cost an Olympic gold medal, as the American Tim McKee found out when he lost to Sweden's Gunnar Larsson in 1972. For those holding out for a whole extra hour a day, be prepared for a long wait. Barring any change in the rate of slowing down, an Earth day will not last 25 hours for about two million centuries more. Researchers at Durham University and the UK's Nautical Almanac Office gathered historical accounts of eclipses and other celestial events from 720BC to 2015. The oldest records came from Babylonian clay tablets written in cuneiform, with more added from ancient Greek texts, such as Ptolemy's 2nd century Almagest, and scripts from China, medieval Europe and the Arab dominions. The ancient records captured the times and places that people witnessed various stages of solar and lunar eclipses, while documents from 1600AD onwards described lunar occultations, when the moon passed in front of particular stars and blocked them from view. To find out how the Earth's rotation has varied over the 2,735-year-long period, the researchers compared the historical records with a computer model that calculated where and when people would have seen past events if Earth's spin had remained constant. The astronomers found that Earth's spin would have slowed down even more had it not been for a counteracting process. Since the end of the most recent ice age, land masses that were once buried under slabs of frozen water have been unloaded and sprung back into place. The shift caused the Earth to be less oblate -- or squished -- on its axis. And just as a spinning ice skater speeds up when she pulls in her arms, so the Earth spins faster when its poles are less compressed. Changes in the world's sea levels and electromagnetic forces between Earth's core and its rocky mantle had effects on Earth's spin too, according to the scientists' report in Proceedings of the Royal Society.

After being let go over a series of "personal issues" with his employer, things got worse for 26-year-old network administrator Dariusz J. Prugar, who will now have to spend two years in prison for hacking the ISP where he'd worked. An anonymous reader writes: Prugar had used his old credentials to log into the ISP's network and "take back" some of the scripts and software he wrote... "Seeking to hide his tracks, Prugar used an automated script that deleted various logs," reports Bleeping Computer. "As a side effect of removing some of these files, the ISP's systems crashed, affecting over 500 businesses and over 5,000 residential customers."

When the former ISP couldn't fix the issue, they asked Prugar to help. "During negotiations, instead of requesting money as payment, Prugar insisted that he'd be paid using the rights to the software and scripts he wrote while at the company, software which was now malfunctioning, a week after he left." This tipped off the company, who detected foul play, contacted the FBI and rebuilt its entire network.
Six years later, Prugar was found guilty after a one-week jury trial, and was ordered by the judge to pay $26,000 in restitution to the ISP (which went out of business in October of 2015). Prugar's two-year prison sentence begins December 27.

On Friday, O'Reilly Media announced "Our Cyber Monday sale starts now." An anonymous reader writes: They're offering a 50% discount on every ebook they publish -- over 14,000 titles from O'Reilly, No Starch Press, Pearson, A Book Apart, Make, Packt, and 25 other book publishers. (And they're offering a 60 percent discount on orders over $100.) Just use the code CYBER16 when checking out to claim the discount. The sale continues through Tuesday morning at 5 a.m. PST.

These are all DRM-free ebooks (in multiple formats), and there's even some "early release" editions -- advance copies distributed before their official publication. The discount also applies to new titles like "Head First Python" as well as old-school classics like "Learning Perl". Right now their best-sellers are "Wicked Cool Shell Scripts", "Modern Linux Administration", and "You Don't Know JS: Up and Going" -- but again, the discount applies to any ebook that they sell, and they also still have their selection of free programming texts.
Tim O'Reilly was one of the first people interviewed by Slashdot -- more than 17 years ago.

It looks like we're going to have to wait even longer for CBS's upcoming Star Trek Discovery series, as the production's showrunner, Bryan Fuller, is stepping back. He will however still remain the show's executive producer. Variety reports: The decision was made late last week to hand the day-to-day showrunning reins to "Star Trek" exec producers Gretchen Berg and Aaron Harberts as "Discovery" gears up for the start of filming next month and a May 2017 premiere date. Fuller, who will remain an executive producer, will still be involved in breaking stories, and the show will continue to follow his vision for the universe that this latest "Trek" series will inhabit. Writer-director Akiva Goldsman is also expected to join "Discovery" in a top creative role. He's envisioned as serving as producing support for Berg and Harberts, Fuller and exec producer Alex Kurtzman as they juggle the demands of the series that CBS is counting on to be the marquee selling point for subscriptions to its CBS All Access SVOD service. Sources said there had been some strain between "Star Trek" producer CBS Television Studios and Fuller over the progress of production on the show, as Fuller is also juggling the final weeks of shooting and post-production duties on Starz's upcoming drama "American Gods" and prepping a reboot of "Amazing Stories" for NBC. Fuller has penned the first two scripts for "Discovery" and has hammered out the broader story arc and mythology for the new "Trek" realm. But it became clear that he couldn't devote the amount of time needed for "Discovery" to make its premiere date and with production scheduled to start in Toronto next month.

mask.of.sanity writes from a report via The Register: Hackers have installed skimming scripts on more than 6,000 online stores and are adding 85 each day in a wide-scale active operation that may have compromised hundreds of thousands of credit cards. The malware is infecting stores (full list) running vulnerable versions of the Magento ecommerce platform, and also compromised the U.S. National Republican Senatorial Committee store. "Given that there are [about] 5,900 other skimmed stores, and the malpractice has been going on since at least May last year, I would expect the number of stolen cards in the hundreds of thousands," said Dutch developer Willem de Groot. You can read his blog post to learn more.

An anonymous Slashdot reader shares an excerpt with us from a report via ZDNet that summarizes a catfishing scheme designed to deceive Amazon users into buy low-quality ebooks: Emma Moore is just one of hundreds of pseudonyms employed in a sophisticated "catfishing" scheme run by Valeriy Shershnyov, whose Vancouver-based business hoodwinks Amazon customers into buying low-quality ebooks, which have been boosted on the online marketplace by an unscrupulous system of bots, scripts, and virtual servers. Catfishing isn't new -- it's been well documented. Some scammers buy fake reviews, while others will try other ways to game the system. Until now, nobody has been able to look inside at how one of these scams work -- especially one that's been so prolific, generating millions of dollars in royalties by cashing in on unwitting buyers who are tricked into thinking these ebooks have some substance. Shershnyov was able to stay in Amazon's shadows for two years by using his scam server conservatively so as to not raise any red flags. What eventually gave him away weren't customer complaints or even getting caught. It was good old-fashioned carelessness. He forgot to put a password on his server.

Slashdot reader theodp writes: Aside from it being hosted in a town without a movie theater, the 2016 Bentonville Film Festival was also unusual in that it required all entrants to submit "film scripts and downloadable versions of the film" for judgment by "the team at Google and USC", apparently part of a larger Google-funded research project with USC Engineering "to develop a computer science tool that could quickly and efficiently assess how women are represented in films"...

Fest reports noted that representatives of Google and the White House Office of Science and Technology Policy appeared in a "Reel vs. Real Diversity" panel presentation at the fest, where the importance of diversity and science to President Obama were discussed, and the lack of qualified people to fill 500,000 U.S. tech jobs was blamed in part on how STEM careers have been presented in film and television... In a 2015 report on a Google-sponsored USC Viterbi School of Engineering MacGyver-themed event to promote women in engineering, USC reported that President Obama was kept briefed on efforts to challenge media's stereotypical portrayals of women. As for its own track record, Google recently updated its Diversity page, boasting that "21% of new hires in 2015 were women in tech, compared to 19% of our current population"....

A paper published last year revealed that the battery on a laptop or phone can be used to track one's online activities. The vulnerability resided in a built-in HTML 5 specification, which could be tricked into identifying people and tracking their online activities. One year later, we are now learning that the vulnerability is being exploited in the wild. The Guardian reports: [...] Two security researchers from Princeton University have shown that the battery status indicator really is being used in the wild to track users. By running a specially modified browser, Steve Engelhard and Arvind Narayanan found two tracking scripts that used the API to "fingerprint" a specific device, allowing them to continuously identify it across multiple contexts. The research was highlighted by Lukasz Olejnik, one of the four researchers who first called attention to the potential issues with the battery status API in 2015. Although Olejnik achieved some success following his warning, with the body in charge of the web's standards thanking his group for the privacy analysis, the API still has the potential for misuse. And while it is only tracking scripts using it now, Olejnik warns that unscrupulous actors could do more. "Some companies may be analysing the possibility of monetising the access to battery levels," he writes. "When battery is running low, people might be prone to some -- otherwise different -- decisions. In such circumstances, users will agree to pay more for a service."

An anonymous reader writes: Washington State has filed a lawsuit against Comcast to the sum of $100 million, accusing Comcast of "engaging in a pattern of deceptive practices." It claims that Comcast's documents reveal a pattern of illegally deceiving its own customers for profit. KOMO News reports: "The lawsuit (PDF) alleges more than 1.8 million individual violations of the Washington Consumer Protection Act. The Attorney General's Office says 500,000 Washington consumers were affected. The lawsuit also accuses Comcast of violating the Consumer Protection Act to all of its nearly 1.2 million Washington subscribers due to its deceptive 'Comcast Guarantee,' Ferguson said. The lawsuit accuses Comcast of misleading 500,000 Washington consumers and deceiving them into paying at least $73 million in subscription fees over the last five years for what the attorney general says is a a near-worthless protection plan. Customers who sign up for Comcast's Service Protection Plan pay a $4.99 monthly fee to avoid being charged if a Comcast technician visits their home. But the plan did not cover wiring inside a wall, the lawsuit says. The Attorney General Office says 75 percent of the time, customers who contacted Comcast were told the plan covered inside wiring. Customer service scripts, which the Attorney General's Office said it obtained during its investigation, told Comcast representatives to say that the plan covers calls 'related to inside wiring' and 'wiring inside your home.'" According to KOMO News, the lawsuit is seeking more than $73 million in restitution to pay back Service Protection Plan subscriber payments; full restitution for all service calls that applied an improper resolution code, estimated to be at least $1 million; removal of improper credit checks from the credit reports of more than 6,000 customers; up to $2,000 per violation of the Consumer Protection Act; and that Comcast clearly disclose the limitations of its Service Protection Plan in advertising and through its representatives, correct improper service codes that should not be chargeable and implement a compliance procedure for improper customer credit checks.

You asked, he answered!

Perl creator Larry Wall has responded to questions submitted by Slashdot readers. Read on for his answers...