Tag Archives: moon

PlayerUnknown’s Battlegrounds on a Game Boy?!

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/playerunknowns-battlegrounds-game-boy/

My evenings spent watching the Polygon Awful Squad play PlayerUnknown’s Battlegrounds for hours on end have made me mildly obsessed with this record-breaking Steam game.

PlayerUnknown's Battlegrounds Raspberry Pi

So when Michael Darby’s latest PUBG-inspired Game Boy build appeared in my notifications last week, I squealed with excitement and quickly sent the link to my team…while drinking a cocktail by a pool in Turkey ☀️🍹

PUBG ON A GAMEBOY

https://314reactor.com/ https://www.hackster.io/314reactor https://twitter.com/the_mikey_d

PlayerUnknown’s Battlegrounds

For those unfamiliar with the game: PlayerUnknown’s Battlegrounds, or PUBG for short, is a Battle-Royale-style multiplayer online video game in which individuals or teams fight to the death on an island map. As players collect weapons, ammo, and transport, their ‘safe zone’ shrinks, forcing a final face-off until only one character remains.

The game has been an astounding success on Steam, the digital distribution platform which brings PUBG to the masses. It records daily player counts of over a million!

PlayerUnknown's Battlegrounds Raspberry Pi

Yeah, I’d say one or two people seem to enjoy it!

PUBG on a Game Boy?!

As it’s a fairly complex game, let’s get this out of the way right now: no, Michael is not running the entire game on a Nintendo Game Boy. That would be magic silly impossible. Instead, he’s streaming the game from his home PC to a Raspberry Pi Zero W fitted within the hacked handheld console.

Michael removed the excess plastic inside an old Game Boy Color shell to make space for a Zero W, LiPo battery, and TFT screen. He then soldered the necessary buttons to GPIO pins, and wrote a Python script to control them.

PlayerUnknown's Battlegrounds Raspberry Pi

The maker battleground

The full script can be found here, along with a more detailed tutorial for the build.

In order to stream PUBG to the Zero W, Michael uses the open-source NVIDIA steaming service Moonlight. He set his PC’s screen resolution to 800×600 and its frame rate to 30, so that streaming the game to the TFT screen works perfectly, albeit with no sound.

PlayerUnknown's Battlegrounds Raspberry Pi

The end result is a rather impressive build that has confused YouTube commenters since he uploaded footage for it last week. The video has more than 60000 views to date, so it appears we’re not the only ones impressed with Michael’s make.

314reactor

If you’re a regular reader of our blog, you may recognise Michael’s name from his recent Nerf blaster mod. And fans of Raspberry Pi may also have seen his Pi-powered Windows 98 wristwatch earlier in the year. He blogs at 314reactor, where you can read more about his digital making projects.

Windows 98 Wrist watch Raspberry Pi PlayerUnknown's Battlegrounds

Player Two has entered the game

Now it’s your turn. Have you used a Raspberry Pi to create a gaming system? I’m not just talking arcades and RetroPie here. We want to see everything, from Pi-powered board games to tech on the football field.

Share your builds in the comments below and while you’re at it, what game would you like to stream to a handheld device?

The post PlayerUnknown’s Battlegrounds on a Game Boy?! appeared first on Raspberry Pi.

Moonhack 2017: a new world record!

Post Syndicated from Katherine Leadbetter original https://www.raspberrypi.org/blog/moonhack-2017-world-record/

With the incredible success of this year’s Moonhack under their belt, here’s Code Club Australia‘s Kelly Tagalan with a lowdown on the event, and why challenges such as these are so important.

On 15 August 2017, Code Clubs around the globe set a world record for the most kids coding in a day! From Madrid to Manila and from Sydney to Seoul, kids in Code Clubs, homes, and community centres around the world used code in order to ‘hack the moon’.

Moonhack 2017 Recap: WORLDWIDE CODING

We set a world record of the most kids coding at the same time not only across Australia….but across the WORLD! Watch our recap of our day hackathon of kids coding across the globe.

The Moonhack movement

The first Moonhack took place in Sydney in 2016, where we set a record of 10207 kids coding in a day.

Images of children taking part in Code Club Australia's Moonhack 2017

The response to Moonhack, not just in Australia but around the world, blew us away, and this year we decided to make the challenge as global as possible.

“I want to create anything that can benefit the life of one person, hundreds of people, or maybe even thousands.” – Moonhack Code Club kid, Australia.

The Code Club New Zealand team helped to create and execute projects with help from Code Club in the UK, and Code Club Canada, France, South Korea, Bangladesh, and Croatia created translated materials to allow even more kids to take part.

Moonhack 2017

The children had 24 hours to try coding a specially made Moonhack project using Python, Scratch or Scratch Jr. Creative Moonhackers even made their own custom projects, and we saw amazing submissions on a range of themes, from moon football to heroic dogs saving our natural satellite from alien invaders!

Images of children taking part in Code Club Australia's Moonhack 2017

In the end, 28575 kids from 56 countries and from 600 Code Clubs took part in Moonhack to set a new record. Record Setter founder and Senior Adjudicator, Corey Henderson, travelled to Sydney to Moonhack Mission Control to verify the record, and we were thrilled to hear that we came close to tripling the number of kids who took part last year!

The top five Moonhack contributing countries were Australia, New Zealand, the USA, the UK, and Croatia, but we saw contributions from so many more amazing places, including Syria and Guatemala. The event was a truly international Code Club collaboration!

Images of children taking part in Code Club Australia's Moonhack 2017

The founder of Code Club Bangladesh, Shajan Miah, summed up the spirit of Moonhack well: “Moonhack was a great opportunity for children in Bangladesh to take part in a global event. It connected the children with like-minded people across the world, and this motivated them to want to continue learning coding and programming. They really enjoyed the challenge!”

Images of children taking part in Code Club Australia's Moonhack 2017

Of course, the most important thing about Moonhack was that the kids had fun taking part and experienced what it feels like to create with code. One astute nine-year-old told us, “What I love about coding is that you can create your own games. Coding is becoming more important in the work environment and I want to understand it and write it.”

This is why we Moonhack: to get kids excited about coding, and to bring them into the global Code Club community. We hope that every Moonhacker who isn’t yet part of a Code Club will decide to join one soon, and that their experience will help guide them towards a future involving digital making. Here’s to Moonhack 2018!

Join Code Club

With new school terms starting and new clubs forming, there’s never been a better time to volunteer for a Code Club! With the official extension of the Code Club age range from 9-11 to 9-13, there are even more opportunities to get involved.

The Code Club logo with added robots - Moonhack 2017

If you’re ready to volunteer and are looking for a club to join, head to the Code Club International website to find your local network. There you’ll also find information on starting a new club from scratch, anywhere in the world, and you can read all about making your venue, such as a library, youth club, or office, available as a space for a Code Club.

The post Moonhack 2017: a new world record! appeared first on Raspberry Pi.

WordPress Reports Surge in ‘Piracy’ Takedown Notices, Rejects 78%

Post Syndicated from Ernesto original https://torrentfreak.com/wordpress-reports-surge-in-piracy-takedown-notices-rejects-78-170909/

Automattic, the company behind the popular WordPress.com blogging platform, receives thousands of takedown requests from rightsholders.

A few days ago the company published its latest transparency report, showing that it had processed 9,273 requests during the first half of 2017.

This is more than double the amount it received during the same period last year, which is a significant increase. Looking more closely at the numbers, we see that this jump is solely due to an increase in incomplete and abusive requests.

Of all the DMCA notices received, only 22% resulted in the takedown of allegedly infringing content. This translates to 2,040 legitimate requests, which is less than the 2,342 Automattic received during the same period last year.

This logically means that the number of abusive and incomplete DMCA notices has skyrocketed. And indeed, in its most recent report, 78% of all requests were rejected due to missing information or plain abuse. That’s much more than the year before when 42% were rejected.

Automattic’s transparency report (first half of 2017)

WordPress prides itself on carefully reviewing the content of each and every takedown notice, to protect its users. This means checking whether a takedown request is properly formatted but also reviewing the legitimacy of the claims.

“We also may decline to remove content if a notice is abusive. ‘Abusive’ notices may be formally complete, but are directed at fair use of content, material that isn’t copyrightable, or content the complaining party misrepresents ownership of a copyright,” Automattic notes.

During the first half of 2017, a total of 649 takedown requests were categorized as abuse. Some of the most blatant examples go into the “Hall of Shame,” such as a recent case where the Canadian city of Abbotsford tried to censor a parody of its logo, which replaced a pine tree with a turd.

While some abuse cases sound trivial they can have a real impact on website operators, as examples outside of WordPress show. Most recently the operator of Oro Jackson, a community dedicated to the anime series “One Piece,” was targeted with several dubious DMCA requests.

The takedown notices were sent by the German company Comeso and were forwarded through their hosting company Linode. The notices urged the operator to remove various forum threads because they included words of phrases such as “G’day” and “Reveries of the Moonlight,” not actual infringing content.

G’day

Fearing legal repercussions, the operator saw no other option than to censor these seemingly harmless discussions (starting a thread with “G’day”!!), until there’s a final decision on the counter-notice. They remain offline today.

It’s understandable that hosting companies have to be strict sometimes, as reviewing copyright claims is not their core business. However, incidents like these show how valuable the skeptical review process of Automattic is.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Hunting for life on Mars assisted by high-altitude balloons

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/eclipse-high-altitude-balloons/

Will bacteria-laden high-altitude balloons help us find life on Mars? Today’s eclipse should bring us closer to an answer.

NASA Bacteria Balloons Raspberry Pi HAB Life on Mars

image c/o NASA / Ames Research Center / Tristan Caro

The Eclipse Ballooning Project

Having learned of the Eclipse Ballooning Project set to take place today across the USA, a team at NASA couldn’t miss the opportunity to harness the high-flying project for their own experiments.

NASA Bacteria Balloons Raspberry Pi HAB Life on Mars

The Eclipse Ballooning Project invited students across the USA to aid in the launch of 50+ high-altitude balloons during today’s eclipse. Each balloon is equipped with its own Raspberry Pi and camera for data collection and live video-streaming.

High-altitude ballooning, or HAB as it’s often referred to, has become a popular activity within the Raspberry Pi community. The lightweight nature of the device allows for high ascent, and its Camera Module enables instant visual content collection.

Life on Mars

image c/o Montana State University

The Eclipse Ballooning Project team, headed by Angela Des Jardins of Montana State University, was contacted by Jim Green, Director of Planetary Science at NASA, who hoped to piggyback on the project to run tests on bacteria in the Mars-like conditions the balloons would encounter near space.

Into the stratosphere

At around -35 degrees Fahrenheit, with thinner air and harsher ultraviolet radiation, the conditions in the upper part of the earth’s stratosphere are comparable to those on the surface of Mars. And during the eclipse, the moon will block some UV rays, making the environment in our stratosphere even more similar to the martian oneideal for NASA’s experiment.

So the students taking part in the Eclipse Ballooning Project could help the scientists out, NASA sent them some small metal tags.

NASA Bacteria Balloons Raspberry Pi HAB Life on Mars

These tags contain samples of a kind of bacterium known as Paenibacillus xerothermodurans. Upon their return to ground, the bacteria will be tested to see whether and how the high-altitude conditions affected them.

Life on Mars

Paenibacillus xerothermodurans is one of the most resilient bacterial species we know. The team at NASA wants to discover how the bacteria react to their flight in order to learn more about whether life on Mars could possibly exist. If the low temperature, UV rays, and air conditions cause the bacteria to mutate or indeed die, we can be pretty sure that the existence of living organisms on the surface of Mars is very unlikely.

Life on Mars

What happens to the bacteria on the spacecraft and rovers we send to space? This experiment should provide some answers.

The eclipse

If you’re in the US, you might have a chance to witness the full solar eclipse today. And if you’re planning to watch, please make sure to take all precautionary measures. In a nutshell, don’t look directly at the sun. Not today, not ever.

If you’re in the UK, you can observe a partial eclipse, if the clouds decide to vanish. And again, take note of safety measures so you don’t damage your eyes.

Life on Mars

You can also watch a live-stream of the eclipse via the NASA website.

If you’ve created an eclipse-viewing Raspberry Pi project, make sure to share it with us. And while we’re talking about eclipses and balloons, check here for our coverage of the 2015 balloon launches coinciding with the UK’s partial eclipse.

The post Hunting for life on Mars assisted by high-altitude balloons appeared first on Raspberry Pi.

Thomas and Ed become a RealLifeDoodle on the ISS

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/astro-pi-reallifedoodle/

Thanks to the very talented sooperdavid, creator of some of the wonderful animations known as RealLifeDoodles, Thomas Pesquet and Astro Pi Ed have been turned into one of the cutest videos on the internet.

space pi – Create, Discover and Share Awesome GIFs on Gfycat

Watch space pi GIF by sooperdave on Gfycat. Discover more GIFS online on Gfycat

And RealLifeDoodles aaaaare?

Thanks to the power of viral video, many will be aware of the ongoing Real Life Doodle phenomenon. Wait, you’re not aware?

Oh. Well, let me explain it to you.

Taking often comical video clips, those with a know-how and skill level that outweighs my own in spades add faces and emotions to inanimate objects, creating what the social media world refers to as a Real Life Doodle. From disappointed exercise balls to cannibalistic piles of leaves, these video clips are both cute and sometimes, though thankfully not always, a little heartbreaking.

letmegofree – Create, Discover and Share Awesome GIFs on Gfycat

Watch letmegofree GIF by sooperdave on Gfycat. Discover more reallifedoodles GIFs on Gfycat

Our own RealLifeDoodle

A few months back, when Programme Manager Dave Honess, better known to many as SpaceDave, sent me these Astro Pi videos for me to upload to YouTube, a small plan hatched in my brain. For in the midst of the video, and pointed out to me by SpaceDave – “I kind of love the way he just lets the unit drop out of shot” – was the most adorable sight as poor Ed drifted off into the great unknown of the ISS. Finding that I have this odd ability to consider many inanimate objects as ‘cute’, I wanted to see whether we could turn poor Ed into a RealLifeDoodle.

Heading to the Reddit RealLifeDoodle subreddit, I sent moderator sooperdavid a private message, asking if he’d be so kind as to bring our beloved Ed to life.

Yesterday, our dream came true!

Astro Pi

Unless you’re new to the world of the Raspberry Pi blog (in which case, welcome!), you’ll probably know about the Astro Pi Challenge. But for those who are unaware, let me break it down for you.

Raspberry Pi RealLifeDoodle

In 2015, two weeks before British ESA Astronaut Tim Peake journeyed to the International Space Station, two Raspberry Pis were sent up to await his arrival. Clad in 6063-grade aluminium flight cases and fitted with their own Sense HATs and camera modules, the Astro Pis Ed and Izzy were ready to receive the winning codes from school children in the UK. The following year, this time maintained by French ESA Astronaut Thomas Pesquet, children from every ESA member country got involved to send even more code to the ISS.

Get involved

Will there be another Astro Pi Challenge? Well, I just asked SpaceDave and he didn’t say no! So why not get yourself into training now and try out some of our space-themed free resources, including our 3D-print your own Astro Pi case tutorial? You can also follow the adventures of Ed and Izzy in our brilliant Story of Astro Pi cartoons.

Raspberry Pi RealLifeDoodle

And if you’re quick, there’s still time to take part in tomorrow’s Moonhack! Check out their website for more information and help the team at Code Club Australia beat their own world record!

The post Thomas and Ed become a RealLifeDoodle on the ISS appeared first on Raspberry Pi.

5…4…3…2…1…SPACESHIP BUNK BED!

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/spaceship-bunk-bed/

Many of us have created basic forts in our childhood bedrooms using pillows, sheets, and stuffed toys. Pete Dearing’s sons, meanwhile, get to play and sleep in an incredible spaceship bunk bed.

A spaceship bunk bed with functional lights, levers, buttons, and knobs.

I’m not jealous at all.

Not. At. All.

spaceship bunk bed Raspberry Pi

All the best beds have LEDs.

Building a spaceship bunk bed

Pete purchased plans for a spacecraft-shaped bunk bed online, and set out to build its MDF frame. Now, I don’t know about you, but for young me, having a bunk bed shaped like a spaceship would have been enough – tiny humans have such incredible imagination. But it wasn’t enough for Pete. He had witnessed his children’s obsession with elevator buttons, mobile phones, and the small control panel he’d made for them using switches and an old tool box. He knew he had to go big or go home.

spaceship bunk bed Raspberry Pi

While he was cutting out pieces for the bed frame, Pete asked the boys some creative input, and then adjusted the bed’s plans to include a functional cockpit and extra storage (for moon boots, spacesuits, and flags for staking claims, no doubt).

Wiring a spaceship bunk bed

After realising he hadn’t made enough allowance for the space taken up by the cockpit’s dials, levers, and switches, Pete struggled a little to fit everything in place inside the bunk bed.

spaceship bunk bed Raspberry Pi

“Ground Control to Major Sleepy…”

But it all worked out, and the results were lights, buttons, and fun aplenty. Finally, as icing on the build’s proverbial cake, Pete added sound effects, powered by a Raspberry Pi, and headsets fitted with microphones.

spaceship bunk bed Raspberry Pi

“Red Leader standing by…”

The electronics of the build run on a 12V power supply. To ensure his boys’ safety, and so that they will actually be able to sleep, Pete integrated a timer for the bed’s ‘entertainment system’.

Find more information about the spaceship bunk bed and photos of the project here.

So where do I get mine?

If you want to apply to be adopted by Pete, you can head to www.alex-is-first-in-line.com/seriously_me_first. Alternatively, you could build your own fantastic Pi-powered bed, and add lights and sounds of your choosing. How about a Yellow Submarine bed with a dashboard of Beatles songs? Or an X-Wing bed with flight and weapon controls? Oh, oh, how about a bed shaped like one of the cars from Jurassic Park, or like a Top Gun jet?

Yup…I definitely need a new bed.

While I go take measurements and get the power tools out, why not share your own ideas with us in the comments? Have you pimped your kid’s room with a Raspberry Pi (maybe like this)? Or do you have plans to incorporate lights and noise into something wonderful you’re making for a friend or relation? We want to know.

And I want a spaceship bunk bed!

The post 5…4…3…2…1…SPACESHIP BUNK BED! appeared first on Raspberry Pi.

Break a world record with Moonhack 2017

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/moonhack-2017/

The team at Code Club Australia set a world record last year by gathering 10,207 Australian kids together to participate in their coding event Moonhack. But they are not going to rest on their laurels: this year, they’ve set their sights even higher with their event on 15 August.

Moonhack Code Club Australia

What is Moonhack?

In honour of the Apollo 11 landing, Code Club Australia created a series of space-themed coding activities for their Moonhack event in July 2016. Their aim? To bring together as many kids as possible from all over Australia, to get them to code and have fun, and to hopefully establish a world record along the way.

Code Club Australia #MoonHack

Watch the Sunrise coverage of Code Club Australia World Record ‪#‎Moonhack‬ event – Launching Wed 20th July 2016 18:00 AEST – Register Now: www.moonhack.com.au

And they did exactly that! 10,207 kids completed Moonhack projects, which constitutes the largest number of children coding on one day ever recorded.

Moonhack 2017

With the success of the 2016 event spurring them on, the Code Club Australia team have scaled up their efforts this year. By opening Moonhack to kids across the globe, they want to spread enthusiasm for coding everywhere. And why not break their own world record in the process? Every kid in the world can take part in the event, as the website explains:

“Moonhack is for everyone. Moonhack is inclusive, not exclusive, because coding is for everyone, no matter their skill level or age – kids new to code, coding whizz kids, and anyone who wants to try out coding for the first time, or coding pros who want to get creative.”

Participants between the ages of 8 and 18 are invited to form teams and create their own space-themed project – or use one of the provided examples in Scratch, ScratchJr, or Python. If you’re outside the age range, don’t worry – you can still take part, but your project won’t be counted toward the world record attempt.

Moonhack Code Club Australia

The sky is no longer the limit…

Participating teams submit their complete project to the Moonhack website as a link, screenshot, or file upload. All successful participants will receive a certificate to print and hang proudly on their wall. Woohoo!

How do we take part?

Teams will need to be registered on the website by a facilitator. Registering will give the facilitator access to a whole host of helpful tips for how to help their team out. Then, on Moonhack day, 15 August, the facilitator can upload the team’s completed project. If you can’t host an event for your team on 15 August, don’t worry – simply get the kids to complete the project beforehand. For more information go to the Moonhack website, where you can also find coding projects in several human and programming languages.

So what are you waiting for? Get together with the code-loving young people in your life, put your thinking hats on, get programming, and have the chance to set a new world record!

The post Break a world record with Moonhack 2017 appeared first on Raspberry Pi.

Teaching with Raspberry Pis and PiNet

Post Syndicated from Janina Ander original https://www.raspberrypi.org/blog/teaching-pinet/

Education is our mission at the Raspberry Pi Foundation, so of course we love tools that help teachers and other educators use Raspberry Pis in a classroom setting. PiNet, which allows teachers to centrally manage a whole classroom’s worth of Pis, makes administrating a fleet of Pis easier. Set up individual student accounts, install updates and software, share files – PiNet helps you do all of this!

Caleb VinCross on Twitter

The new PiNet lab up and running. 30 raspberry pi 3’s running as fat clients for 600 + students. Much thanks to the PiNet team! @PiNetDev.

PiNet developer Andrew

PiNet was built and is maintained by Andrew Mulholland, who started work on this project when he was 15, and who is also one of the organisers of the Northern Ireland Raspberry Jam. Check out what he says about PiNet’s capabilities in his guest post here.

PiNet in class

PiNet running in a classroom

PiNet, teacher’s pet

PiNet has been available for about two years now, and the teachers using it are over the moon. Here’s what a few of them say about their experience:

We wanted a permanently set up classroom with 30+ Raspberry Pis to teach programming. Students wanted their work to be secure and backed up and we needed a way to keep the Pis up to date. PiNet has made both possible and the classroom now required little or no maintenance. PiNet was set up in a single day and was so successful we set up a second Pi room. We now have 60 Raspberry Pis which are used by our students every day. – Rob Jones, Secondary School Teacher, United Kingdom

AKS Computing on Twitter

21xRaspPi+dedicated network+PiNet server+3 geeks = success! Ready to test with a full class.

I teach Computer Science at middle school, so I have 4 classes per day in my lab, sharing 20 Raspberry Pis. PiNet gives each student separate storage space. Any changes to the Raspbian image can be done from my dashboard. We use Scratch, Minecraft Pi, Sonic Pi, and do physical computing. And when I have had issues, or have wanted to try something a little crazy, the support has been fabulous. – Bob Irving, Middle School Teacher, USA

Wolf Math on Twitter

We’re starting our music unit with @deejaydoc. My CS students are going through the @Sonic_Pi turorial on @PiNetDev.

I teach computer classes for about 600 students between the ages of 5 and 13. PiNet has really made it possible to expand our technology curriculum beyond the simple web-based applications that our Chromebooks were limited to. I’m now able to use Arduino boards to do basic physical computing with LEDs and sensors. None of this could have happened without PiNet making it easy to have an affordable, stable, and maintainable way of managing 30 Linux computers in our lab. – Caleb VinCross, Primary School Teacher, USA

More for educators

If you’re involved in teaching computing, be that as a professional or as a volunteer, check out the new free magazine Hello World, brought to you by Computing At School, BCS Academy of Computing, and Raspberry Pi working in partnership. It is written by educators for educators, and available in print and as a PDF download. And if you’d like to keep up to date with what we are offering to educators and learners, sign up for our education newsletter here.

Are you a teacher who uses Raspberry Pis in the classroom, or another kind of educator who has used them in a group setting? Tell us about your experience in the comments below.

The post Teaching with Raspberry Pis and PiNet appeared first on Raspberry Pi.

Copyright Troll Claims Texan Woman Downloaded Over 54,000 Torrents

Post Syndicated from Ernesto original https://torrentfreak.com/copyright-troll-claims-texan-woman-downloaded-over-54000-torrents-170713/

In recent years, file-sharers around the world have been pressured to pay significant settlement fees, or face legal repercussions.

These so-called “copyright trolling” efforts have been a common occurrence in the United States for more than half a decade, and still are.

Malibu Media, the Los Angeles-based company behind the ‘X-Art’ adult movies, is behind many of these cases. The company has filed thousands of lawsuits in recent years, targeting Internet subscribers whose accounts were allegedly used to share Malibu’s films via BitTorrent.

When the accused pirates don’t want to settle, Malibu generally ramps up the pressure. This is also what happened to Jenna Howard, a 29-year-old consultant from Houston, Texas.

When Howard protested her innocence and refused to pay the proposed settlement for downloading 15 pirated videos, the adult company came back with two spreadsheets of additional downloads that were linked to her IP-address.

This tactic isn’t new. Copyright trolls regularly provide lists of other downloads, of content they don’t own, to show that the defendant is a prolific downloader. However, in this case, the list is unusually long.

The spreadsheets provided by Malibu Media suggest that Ms. Howard’s connection was used to download fifty-four thousand torrents in recent years.

The downloads in question are all over the map, literally, with titles ranging from “100MB Woman Ass Pictures,” through “этот неловкий момент,” to “육룡이 나르샤” and “La casa di Topolino.”

A small selection of the alleged downloads

According to a recent filing by Ms. Howard’s attorneys, the spreadsheets are part of Malibu’s intimidation tactics.

“Malibu also produced two spreadsheets that suggest Ms. Howard made over fifty-four thousand downloads consisting of an estimated 27 terabytes of data over a four-year period, which is an average of 31 items every day for the last four years, and literally hundreds of items on certain days, including for example downloads of movies in the hundreds and in languages that Ms. Howard does not even speak.”

“This leads to only two possible conclusions: first, either Ms. Howard’s network was hacked, or second, Malibu’s research is wrong,” Ms. Howard’s attorneys write.

They stress, however, that there is no credible evidence to suggest that their client is responsible for downloading all these files. They point out that their client was even accused of downloading dozens of files from her home connection while she was on her honeymoon.

“The spreadsheets also show that Ms. Howard downloaded 31 items on her wedding day, and somehow managed to download an average of 22 items at her home IP address each day of her international honeymoon when she was overseas in the Bahamas,” the filing reads.

The attorneys believe that the adult company has gone too far and ask the court to deny further discovery requests targeted at her Internet provider AT&T, including information about her download activity.

“Malibu’s shoddy research simply does not support the implication that Ms. Howard illegally downloaded the pornographic movies that are the subject of this suit, as well as an additional 54,000 other, unrelated, downloads,” the attorneys write.

“The supposed overlap between the downloads and Ms. Howard’s interests is also not credible. Malibu peddles smut as a commercial enterprise, and is trying to strong-arm a settlement from Ms. Howard while threatening to link Ms. Howard as a purveyor of its pornographic product.”

Malibu’s efforts are a textbook case of discovery abuse, the defense argues. They hope that the court agrees with this assessment and denies the request.

The full request for a protective order is available here (pdf), with help from FCT.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Weekly roundup: On the move

Post Syndicated from Eevee original https://eev.ee/dev/2017/07/02/weekly-roundup-on-the-move/

Busy week, including a friend’s visiting, but most of my time went towards only two things:

  • veekun: I got forms dumping (more or less), got moves dumping, spent a whole lot of time chasing down obscure little details, and wrote most of a yaml-to-sql importer for moves. That all leaves me pretty heckin’ close to having the core Sun and Moon stuff in the database. Finally, the end is in sight.

  • blog: I wrote about level design by going over some levels in games that are memorable to me.

I’ll be spending the next week working on the potluck game and watching SGDQ!

Nintendo Shuts Down “Donkey Kong” Remake For Roku

Post Syndicated from Ernesto original https://torrentfreak.com/nintendo-shuts-down-donkey-kong-remake-for-roku-170630/

When Nintendo’s Shigeru Miyamoto came up with Donkey Kong more than 35 years ago, gaming was still a niche pastime.

How different is that today, where the average household has more than a handful of devices that play computer games.

While the gaming industry has come a long way, plenty of people are still drawn to older arcade games. There’s something nostalgic about their look and feel, and thanks to emulators and remakes, they are still widely available.

Donkey Kong, for example, could be played on Roku thanks to the efforts of Marcelo Lv Cabral, who released an unofficial version of the Nintendo game using the original art and music.

The software developer, who lives in Arizona, started the project as a hobby to improve his programming skills. He previously did the same with other games such as Lode Runner and Prince of Persia.

When he finished the project he released the code on GitHub, incuding a disclaimer stating his intent.

“This source code was developed as a programming exercise, it is not being used for profit or any kind of financial gain, all assets and images belong to the original copyright owner,” it read.

Screenshot from the GitHub page

While nostalgic arcade game fans will appreciate the effort, Nintendo was not amused. This week the gaming giant instructed the developer platform GitHub to remove the repository, which it did.

“The reported repository contains a recreation of Nintendo’s Donkey Kong video game for Roku, which was created and published without Nintendo’s authorization,” Nintendo writes in its takedown notice. “Please immediately remove the repository.”

We reached out to the developer, who is disappointed to see his code taken down. While he realizes that Nintendo owns the rights to Donkey Kong, his code was unique and completely custom.

“I believe they have the rights related to the name and the assets, but not to my code. That was completely done by myself, no porting of any Nintendo code, but GitHub took down everything,” Cabral tells TorrentFreak.

“What I don`t understand is why only my project was removed, if you search Donkey Kong on the GitHub you`ll found several other remake projects,” he adds.

The developer doesn’t plan to challenge the takedown. In theory, he could re-release the code with unique artwork and a new name, but Cabral prefers to focus on other projects for the time being.

He is currently working on a remake of the game Moon Patrol for example, also for the Roku platform.

While Nintendo has every right to take the infringing Donkey Kong content offline, some might feel that the company should allow fans a little more leeway for their fan-made projects.

However, judging from recent history, this is idle hope. In recent years the company has taken several fan-projects offline, including a popular JavaScript-powered Game Boy Advance emulator

Luckily for Cabral, his Lode Runner and Prince of Persia remakes are still available, for now. These games were originally released by Brøderbund Software, which no longer exists.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

NonPetya: no evidence it was a "smokescreen"

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/06/nonpetya-no-evidence-it-was-smokescreen.html

Many well-regarded experts claim that the not-Petya ransomware wasn’t “ransomware” at all, but a “wiper” whose goal was to destroy files, without any intent at letting victims recover their files. I want to point out that there is no real evidence of this.

Certainly, things look suspicious. For one thing, it certainly targeted the Ukraine. For another thing, it made several mistakes that prevent them from ever decrypting drives. Their email account was shutdown, and it corrupts the boot sector.

But these things aren’t evidence, they are problems. They are things needing explanation, not things that support our preferred conspiracy theory.

The simplest, Occam’s Razor explanation explanation is that they were simple mistakes. Such mistakes are common among ransomware. We think of virus writers as professional software developers who thoroughly test their code. Decades of evidence show the opposite, that such software is of poor quality with shockingly bad bugs.

It’s true that effectively, nPetya is a wiper. Matthieu Suiche‏ does a great job describing one flaw that prevents it working. @hasherezade does a great job explaining another flaw.  But best explanation isn’t that this is intentional. Even if these bugs didn’t exist, it’d still be a wiper if the perpetrators simply ignored the decryption requests. They need not intentionally make the decryption fail.

Thus, the simpler explanation is that it’s simply a bug. Ransomware authors test the bits they care about, and test less well the bits they don’t. It’s quite plausible to believe that just before shipping the code, they’d add a few extra features, and forget to regression test the entire suite. I mean, I do that all the time with my code.

Some have pointed to the sophistication of the code as proof that such simple errors are unlikely. This isn’t true. While it’s more sophisticated than WannaCry, it’s about average for the current state-of-the-art for ransomware in general. What people think of, such the Petya base, or using PsExec to spread throughout a Windows domain, is already at least a year old.

Indeed, the use of PsExec itself is a bit clumsy, when the code for doing the same thing is already public. It’s just a few calls to basic Windows networking APIs. A sophisticated virus would do this itself, rather than clumsily use PsExec.

Infamy doesn’t mean skill. People keep making the mistake that the more widespread something is in the news, the more skill, the more of a “conspiracy” there must be behind it. This is not true. Virus/worm writers often do newsworthy things by accident. Indeed, the history of worms, starting with the Morris Worm, has been things running out of control more than the author’s expectations.

What makes nPetya newsworthy isn’t the EternalBlue exploit or the wiper feature. Instead, the creators got lucky with MeDoc. The software is used by every major organization in the Ukraine, and at the same time, their website was horribly insecure — laughably insecure. Furthermore, it’s autoupdate feature didn’t check cryptographic signatures. No hacker can plan for this level of widespread incompetence — it’s just extreme luck.

Thus, the effect of bumbling around is something that hit the Ukraine pretty hard, but it’s not necessarily the intent of the creators. It’s like how the Slammer worm hit South Korea pretty hard, or how the Witty worm hit the DoD pretty hard. These things look “targeted”, especially to the victims, but it was by pure chance (provably so, in the case of Witty).

Certainly, MeDoc was targeted. But then, targeting a single organization is the norm for ransomware. They have to do it that way, giving each target a different Bitcoin address for payment. That it then spread to the entire Ukraine, and further, is the sort of thing that typically surprises worm writers.

Finally, there’s little reason to believe that there needs to be a “smokescreen”. Russian hackers are targeting the Ukraine all the time. Whether Russian hackers are to blame for “ransomware” vs. “wiper” makes little difference.

Conclusion

We know that Russian hackers are constantly targeting the Ukraine. Therefore, the theory that this was nPetya’s goal all along, to destroy Ukraines computers, is a good one.

Yet, there’s no actual “evidence” of this. nPetya’s issues are just as easily explained by normal software bugs. The smokescreen isn’t needed. The boot record bug isn’t needed. The single email address that was shutdown isn’t significant, since half of all ransomware uses the same technique.

The experts who disagree with me are really smart/experienced people who you should generally trust. It’s just that I can’t see their evidence.

Update: I wrote another blogpost about “survivorship bias“, refuting the claim by many experts talking about the sophistication of the spreading feature.


Update: comment asks “why is there no Internet spreading code?”. The answer is “I don’t know”, but unanswerable questions aren’t evidence of a conspiracy. “What aren’t there any stars in the background?” isn’t proof the moon landings are fake, such because you can’t answer the question. One guess is that you never want ransomware to spread that far, until you’ve figured out how to get payment from so many people.

The Pi Who Loved Me

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/be-james-bond/

Fancy yourself as James Bond? In honour of English treasure Roger Moore, we think it’s high time we all became a little more MI5 and a little less MIDoneYet?

James Bond GIF

It’s been a while and M is worried you’re a little…rusty. Best head back to training: go see Q. He has everything you need to get back in shape, both physically and mentally, for the challenges ahead!

Training Camp

Q here, good to have you back.

James Bond Q

First thing’s first: we need to work on your skills and get you ready for your next assignment. Let’s start with your reaction times. This skill is critical in getting you prepared for stealthy situations and averting detection.

Head into my office and grab a Raspberry Pi, LED, and a button to build your own Python Quick Reaction Game. Not only will it help you brush up on your quick thinking, it’ll also teach you how to wire a circuit, use variables, and gather information. This could be key in getting you out of some sticky situations further down the line if you find yourself without one of my gadgets.

James Bond Q

Though speaking of…have you seen our See Like a Bat echolocation device? I’m rather proud of it, even if I do say so myself. Now, even in the darkest of times, you can find your way through any building or maze.

Gathering Intel

We’ll need you to gather some important information for us. But what can you do to make sure no one steals your secret intel? We need you to build a Secret Agent Chat Generator to encrypt information. Once you have completed it, send the information to M via this Morse Code Visual Radio.

Do do this, you’ll need a Morse Code Key. You can find them online or at your local war museum, though they may not care for your taking theirs. But we’re spies. And spies are experts in taking forbidden artefacts. After all, this is what your Laser Tripwire training was for. Oh, you haven’t completed it yet?

James Bond GIF

Well, get to it. Time’s a-wasting!

Locks and Detection

You’re done? Good. Back to the intel.

Until you can find a Morse Code Key, why not hide the information in this Sense HAT Puzzle Box. It’s a wonderful tool to help you learn how to create loops and use conditional statements and functions to create ‘locks’.

You’ll also need to…wait…did you hear that? Someone is listening in, I’m sure of it. Check the Parent Detector to see who is trying to spy on us.

Surveillance

James Bond GIF

Are they gone? Good. Phew, that was a close one. We can’t be so careless in the future. Let’s set up a Raspberry Pi Zero Time-Lapse Camera for constant surveillance of the training camp. You could also attach the camera to your glasses. No one will notice, and you’ll be able to record images of your missions – vital for debriefing.

James Bond seal of approval

Right. That’s all from me. Report back to M for your mission. And remember, this blog post will self-destruct in five…wait, wrong franchise.

Good luck!

Roger Moore GIF

Puns

Other Raspberry Pi/James Bond puns include:

  • Live and Let Pi
  • MoonBaker
  • GoldenPi – Starring Pi-s Brosnan
  • Pifall
  • You Only Live Pi-ce
  • Tomorrow Never Pis
  • Pi Another Day
  • Pi-monds Are Forever
  • For Your Pis Only

Any more?

The post The Pi Who Loved Me appeared first on Raspberry Pi.

WannaBark (at the Moon)

Post Syndicated from Йовко Ламбрев original https://yovko.net/wannabark/

Не. Няма да пиша за ИскаПлаче. Вече много се изписа – и както обикновено малка част си струваше четенето.

Проблемът е много по-голям от раздуханата случка. А резюмето е, че сме прецакани. Генерално сме прецакани! Нещо, което си повтаряме от време на време из технологичните среди, но е крайно време да го обясним с човешки думи на всички и да започнем някак да поправяме нещата.

Интернет е лабораторно чедо. Няма някакъв съвършен имунитет. Роди се и проходи в среда на академична романтика, обгрижвано с наивната добронамереност на първосъздателите и първопотребителите си. До скоро (в Интернет) все още беше донякъде вярно, че мнозинството по принцип е рационално, що-годе грамотно, а полезното и смисленото естествено ще надделяват над глупостта и враждебността. Вече не е така. Приказката свърши!

Време е да се събудим и да признаем, че доброто няма да победи злото по подразбиране, без да му помогнем.

Свързани сме. Всички. Повече от всякога. И затова трябва да осъзнаваме отговорността си един към друг. Както когато сме пипнали грип, не си стоим вкъщи само за да се излекуваме по-бързо, а и за да ограничим заразата сред останалите – така и не можем в наши дни да си позволим да ползваме компютър, смартфон и софтуер, който е стар и изоставен от поддръжка – защото сме уязвими не само ние, но застрашаваме и останалите.

Както някой сполучливо обобщи тези дни в twitter: „Не е вярно, че не можеш да си позволиш да обновяваш. Не можеш да си позволиш да не обновяваш!“

Системите, които ползваме явно или невидимо около нас, ще стават все по-свързани и отговорността да ги опазим е обща. Тя включва и да изискваме отговорност – от себе си, от операторите, от правителствата.

WannaCry нямаше да има този ефект, ако пострадалите бяха обновили софтуера си. Затова, когато на телефона или какъвто и да е компютър или умно устройство изгрее обновление, за бога, не го пренебрегвайте! Да, понякога може да е досадно. Не е много забавно и да си миеш зъбите, но е силно препоръчително и полезно за здравето.

Но… дори и от утре всички да започнем стриктно да спазваме това, то пак няма да е достатъчно, ако срещу себе си имаме правителства и организации, които злоупотребяват. WannaCry е производна на уязвимост в Windows, която Агенцията за сигурност на Съединените щати е открила, но вместо да уведоми за това Microsoft, неясно колко време се е възползвала от нея, за да прониква в чужди системи и да проследява и краде данни от тях. Кракерска групировка ги открадна пък от тях преди време, публикува присвоения арсенал – и ето – бързо се намери някой, който да го използва с користна цел.

Такива случки тепърва ще зачестяват. И ако правителствата ни играят срещу нас… няма да е никак весело.

Нужна е глобална, масова и упорита съпротива срещу практиката да се пазят в тайна уязвимости.

Играем и една друга рискована игра. Ежедневно. С великодушно безразличие за мащаба и ефекта на проблема. Смартфоните и таблетите ни също са компютри, а огромна част от производителите им, увлечени от стремежа за повече продажби на нови модели, бързат да „пенсионират“ старите, спирайки обновленията за тях, притискайки клиентите си да сменят устройството си. Това обаче не се случва така, както на производителите им се иска, и по-старите устройства продължават да бъдат ползвани без обновления, с уязвимости, препродават се на вторичен пазар, преотстъпват се на деца, роднини или по-възрастни хора. Докато един ден… нещо като WannaCry ще направи и от това новина… или тихо ще отмъква данни – телефонни номера, съобщения, снимки, пароли, кредитни карти, всевъзможна лична информация… И понеже сме толкова свързани – ще пострадат не само притежателите на пробити устройства, а косвено и тези, с които те са в някакви взаимоотношения.

Най-лошият пример са старите телефони и таблети с Android, за които Google няма механизъм да принуди производителите им да се грижат по-добре и по-адекватно и продължително за тях.

Огледайте се около себе си и вижте колко ваши познати използват много стари устройства.

За кошмарната сигурност на доста IoT джаджи за автоматизация и управление на умни домове и производства дори не ми се отваря тема.

Но като споменах Google… Необходим ни е нов, променен Интернет!

Централизираният модел на гигантски силози с информация, които пълним всички, но контрол върху тях имат малцина, е фундаментално сбъркан.

И тук проблемът не опира само до сигурност, защото пробив в такава система директно се проектира върху много хора, които разчитат на нея. Имаме и вторичен, но много сериозен проблем, свързан със зависимостта ни от нея и злоупотребата с данните ни там.

Подхлъзвайки ни да ползваме „безплатните“ услуги на Google, Facebook и подобните им… те ни обричат на зависимост и контрол. Елегантно се оказва, че данните, които им поверяваме, не са наши данни, а техни. Те ги използват, за да ни профилират, да отгатват интересите ни, темите към които имаме чувствителност, манипулират ни с тях, продават ги, за да ни манипулират и други. Това е цената на „безплатното“.

Както казва Aral Balkan (вече два пъти беше и в България) – това не е data farming, а people farming, защото нашите данни това сме самите ние. А пренебрежителното махване с ръка, че няма какво да крием, е престъпление към общността ни (пак да акцентирам) в нашия свързан свят, защото пък както казва Edward Snowden: „Да нямаш нужда от лична неприкосновеност, защото нямало какво да криеш, е като да нямаш нужда от право на свободна воля, защото няма какво да кажеш.“

Права = Сила

И борбата за тях (трябва да) е непрекъсната.

  • Трябва да си върнем контрола върху дигиталното ни Аз в Интернет. Да редуцираме до минимум използването на безплатни услуги, които събират данни.
  • Да приемем грижата за сигурността на софтуера и устройствата ни като част от личната ни хигиена.
  • Да възпитаваме чувствителност към манипулациите в Интернет и особено към фалшивите новини и некачествената журналистика.
  • Да настояваме за прозрачност от правителствата, организациите, политиците и корпорациите.
  • Да предпочитаме децентрализирани или фокусирани (в едно нещо) услуги, вместо глобални конгломерати със стремеж към монопол в колкото се може повече теми (напр. ProtonMail или FastMail вместо Gmail, собствени блогове вместо Facebook и др.)
  • Да използваме по-малки, децентрализирани платформи (медийни, за услуги, за комуникация) и да ги подкрепяме финансово, а когато можем – и да стартираме собствени такива.
  • Да надвиваме индивидуализма си и да се подкрепяме взаимно в общността си.
  • Да обучаваме и призоваваме повече хора да правят същото…

Бъдещето принадлежи не на големите мастодонти, а на мрежи от малки, взаимносвързани, независими и подкрепящи се проекти, които случваме заедно. Колкото по-рано осъзнаем тенденцията и силата си, толкова по-добре.

Снимка: Markus Spiske

European Astro Pi Challenge winners

Post Syndicated from David Honess original https://www.raspberrypi.org/blog/european-astro-pi-winners/

In October last year, with the European Space Agency and CNES, we launched the first ever European Astro Pi challenge. We asked students from all across Europe to write code for the flight of French ESA astronaut Thomas Pesquet to the International Space Station (ISS) as part of the Proxima mission. Today, we are very excited to announce the winners! First of all, though, we have a very special message from Thomas Pesquet himself, which comes all the way from space…

Thomas Pesquet congratulates Astro Pi participants from space

French ESA astronaut Thomas Pesquet floats in to thank all participants in the European Astro Pi challenge. In October last year, together with the European Space Agency, we launched the first ever European Astro Pi challenge for the flight of French ESA astronaut Thomas Pesquet to the International Space Station (ISS) as part of mission Proxima.

Thomas also recorded a video in French: you can click here to see it and to enjoy some more of his excellent microgravity acrobatics.

A bit of background

This year’s competition expands on our previous work with British ESA astronaut Tim Peake, in which, together with the UK Space Agency and ESA, we invited UK students to design software experiments to run on board the ISS.

Astro Pi Vis (AKA Ed) on board the ISS. Image from ESA.

In 2015, we built two space-hardened Raspberry Pi units, or Astro Pis, to act as the platform on which to run the students’ code. Affectionately nicknamed Ed and Izzy, the units were launched into space on an Atlas V rocket, arriving at the ISS a few days before Tim Peake. He had a great time running all of the programs, and the data collected was transmitted back to Earth so that the winners could analyse their results and share them with the public.

The European challenge provides the opportunity to design code to be run in space to school students from every ESA member country. To support the participants, we worked with ESA and CPC to design, manufacture, and distribute several hundred free Astro Pi activity kits to the teams who registered. Further support for teachers was provided in the form of three live webinars, a demonstration video, and numerous free educational resources.

Image of Astro Pi kit box

The Astro Pi activity kit used by participants in the European challenge.

The challenge

Thomas Pesquet assigned two missions to the teams:

  • A primary mission, for which teams needed to write code to detect when the crew are working in the Columbus module near the Astro Pi units.
  • A secondary mission, for which teams needed to come up with their own scientific investigation and write the code to execute it.

The deadline for code submissions was 28 February 2017, with the judging taking place the following week. We can now reveal which schools will have the privilege of having their code uploaded to the ISS and run in space.

The proud winners!

Everyone produced great work and the judges found it really tough to narrow the entries down. In addition to the winning submissions, there were a number of teams who had put a great deal of work into their projects, and whose entries have been awarded ‘Highly Commended’ status. These teams will also have their code run on the ISS.

We would like to say a big thank you to everyone who participated. Massive congratulations are due to the winners! We will upload your code digitally using the space-to-ground link over the next few weeks. Your code will be executed, and any files created will be downloaded from space and returned to you via email for analysis.

In no particular order, the winners are:

France

  • Winners
    • @stroteam, Institut de Genech, Hauts-de-France
    • Wierzbinski, École à la maison, Occitanie
    • Les Marsilyens, École J. M. Marsily, PACA
    • MauriacSpaceCoders, Lycée François Mauriac, Nouvelle-Aquitaine
    • Ici-bas, École de Saint-André d’Embrun, PACA
    • Les Astrollinaires, Lycée général et technologique Guillaume Apollinaire, PACA
  • Highly Commended
    • ALTAÏR, Lycée Albert Claveille, Nouvelle Aquitaine
    • GalaXess Reloaded, Lycée Saint-Cricq, Nouvelle Aquitaine
    • Les CM de Neffiès, École Louis Authie, Occitanie
    • Équipe Sciences, Collège Léonce Bourliaguet, Nouvelle Aquitaine
    • Maurois ICN, Lycée André Maurois, Normandie
    • Space Project SP4, Lycée Saint-Paul IV, Île de la Réunion
    • 4eme2 Gymnase Jean Sturm, Gymnase Jean Sturm, Grand Est
    • Astro Pascal dans les étoiles, École Pascal, Île-de-France
    • les-4mis, EREA Alexandre Vialatte, Auvergne-Rhône-Alpes
    • Space Cavenne Oddity, École Cavenne, Auvergne-Rhône-Alpes
    • Luanda for Space, Lycée Français de Luanda, Angola
      (Note: this is a French international school and the team members have French nationality/citizenship)
    • François Detrille, Lycée Langevin-Wallon, Île-de-France

Greece

  • Winners
    • Delta, TALOS ed-UTH-robotix, Magnesia
    • Weightless Mass, Intercultural Junior High School of Evosmos, Macedonia
    • 49th Astro Pi Teamwork, 49th Elementary School of Patras, Achaia
    • Astro Travellers, 12th Primary School of Petroupolis, Attiki
    • GKGF-1, Gymnasium of Kanithos, Sterea Ellada
  • Highly Commended
    • AstroShot, Lixouri High School, Kefalonia
    • Salamina Rockets Pi, 1st Senior High School of Salamina, Attiki
    • The four Astro-fans, 6th Gymnasio of Veria, Macedonia
    • Samians, 2nd Gymnasio Samou, North Eastern Aegean

United Kingdom

  • Winners
    • Madeley Ad Astra, Madeley Academy, Shropshire
    • Team Dexterity, Dyffryn Taf School, Carmarthenshire
    • The Kepler Kids, St Nicolas C of E Junior School, Berkshire
    • Catterline Pi Bugs, Catterline Primary, Aberdeenshire
    • smileyPi, Westminster School, London
  • Highly Commended
    • South London Raspberry Jam, South London Raspberry Jam, London

Italy

  • Winners
    • Garibaldini, Istituto Comprensivo Rapisardi-Garibaldi, Sicilia
    • Buzz, IIS Verona-Trento, Sicilia
    • Water warmers, Liceo Scientifico Galileo Galilei, Abruzzo
    • Juvara/Einaudi Siracusa, IIS L. Einaudi, Sicilia
    • AstroTeam, IIS Arimondi-Eula, Piemonte

Poland

  • Winners
    • Birnam, Zespół Szkoły i Gimnazjum im. W. Orkana w Niedźwiedziu, Malopolska
    • TechnoZONE, Zespół Szkół nr 2 im. Eugeniusza Kwiatkowskiego, Podkarpacie
    • DeltaV, Gimnazjum nr 49, Województwo śląskie
    • The Safety Crew, MZS Gimnazjum nr 1, Województwo śląskie
    • Warriors, Zespół Szkół Miejskich nr 3 w Jaśle, Podkarpackie
  • Highly Commended
    • The Young Cuiavian Astronomers, Gimnazjum im. Stefana Kardynała Wyszyńskiego w Piotrkowie Kujawskim, Kujawsko-pomorskie
    • AstroLeszczynPi, I Liceum Ogolnokształcace w Jasle im. Krola Stanislawa Leszczynskiego, Podkarpackie

Portugal

  • Winners
    • Sampaionautas, Escola Secundária de Sampaio, Setúbal
    • Labutes Pi, Escola Secundária D. João II, Setúbal
    • AgroSpace Makers, EB 2/3 D. Afonso Henriques, Cávado
    • Zero Gravity, EB 2/3 D. Afonso Henriques, Cávado
    • Lua, Agrupamento de Escolas José Belchior Viegas, Algarve

Romania

  • Winners
    • AstroVianu, Tudor Vianu National High School of Computer Science, Bucharest
    • MiBus Researchers, Mihai Busuioc High School, Iași
    • Cosmos Dreams, Nicolae Balcescu High School, Cluj
    • Carmen Sylva Astro Pi, Liceul Teoretic Carmen Sylva Eforie, Constanța
    • Stargazers, Tudor Vianu National High School of Computer Science, Bucharest

Spain

  • Winners
    • Papaya, IES Sopela, Vizcaya
    • Salesianos-Ubeda, Salesianos Santo Domingo Savio, Andalusia
    • Valdespartans, IES Valdespartera, Aragón
    • Ins Terrassa, Institut Terrassa, Cataluña

Ireland

  • Winner
    • Moonty1, Mayfield Community School, Cork

Germany

  • Winner
    • BSC Behringersdorf Space Center, Labenwolf-Gymnasium, Bayern

Norway

  • Winner
    • Skedsmo Kodeklubb, Kjeller Skole, Akershus

Hungary

  • Winner
    • UltimaSpace, Mihaly Tancsics Grammar School of Kaposvár, Somogy

Belgium

  • Winner
    • Lambda Voyager, Stedelijke Humaniora Dilsen, Limburg

FAQ

Why aren’t all 22 ESA member states listed?

  • Because some countries did not have teams participating in the challenge.

Why do some countries have fewer than five teams?

  • Either because those countries had fewer than five teams qualifying for space flight, or because they had fewer than five teams participating in the challenge.

How will I get my results back from space?

  • After your code has run on the ISS, we will download any files you created and they will be emailed to your teacher.

The post European Astro Pi Challenge winners appeared first on Raspberry Pi.

Why LÖVE?

Post Syndicated from Eevee original https://eev.ee/blog/2017/03/23/why-love/

This month, IndustrialRobot asked my opinion of FOSS game engines — or, more specifically, why I chose LÖVE.

The short version is that it sort of landed in my lap, I tried it, I liked it, and I don’t know of anything I might like better. The long version is…

LÖVE

I’d already made a couple of games (Under Construction, Isaac’s Descent) for the PICO-8, a fantasy 8-bit-ish console powered by Lua. I’ve got a few strong criticisms of Lua, but we’ve formed an uneasy truce. It makes a better JavaScript than JavaScript, at least.

Coming off of those, I was pretty familiar with Lua, so I was already naturally gravitating towards LÖVE. I also knew one or two people who’d used it before, which helped. And it had the faint ring of familiarity, which I’ve since realized is only because I’d once seen a trailer for Love, the procedurally-generated adventure MMO with zero relationship to the LÖVE engine.

Hmm. Perhaps not the most compelling criteria.

I stayed with LÖVE because it hits a very nice sweet spot for me. It’s not a framework or anything, just an engine. Its API has tidy coverage of use cases at every tier of complexity, if that makes sense? It can do the obvious basics, like drawing immediate-mode-style circles or sprites, but it can also batch together those sprite draws for a ridiculous speedup. Without having to know or care or see any details of OpenGL. If you do care about OpenGL, that’s cool: you can write your own shaders, too. But you don’t have to.

LÖVE also has some nice touches like using a virtual filesystem that overlays the game itself with the player’s save directory (which is created for you). That means games are automatically moddable! You can create whatever new assets you want and drop them in your save directory; they’ll replace existing assets of the same name and be picked up by a directory scan. It’s a simple idea that eliminates a whole class of dumb problem I don’t want to think about — where do I put save data? — and at the same time opens the door to some really interesting applications.

Distribution takes a similar approach. You can just concatenate a zipped up project to a LÖVE binary and distribute that. Nothing to build, and games automatically make their source and assets available. (That’s a perk for me; it may not be for you.) You can also point LÖVE at a separate zip file, or even a directory; the latter effectively gives you development mode.

Overall, it’s pretty well thought-out and simple to get into without being opinionated, but with a lot of hidden depth. I dig that kind of approach. My one major criticism is that the API is neither forwards- nor backwards-compatible. My games work on 0.10.2, not 0.9.x (or even 0.10.1), and I can tell from the dev log that they won’t work on 0.11.0 either. It’s unfortunate, but willingness to churn is probably how LÖVE ended up with as nice an API as it has. Maybe things will calm down whenever it hits 1.0.

Bearing all this in mind, let’s look at the competition.

pygame

I’m a huge Python dweeb, so pygame seems like an obvious choice.

I’ve never actually tried it. One of the biggest turn-offs for me is the website, which is admittedly frivolous to care about, but prominent use of lime green sets off alarm bells in my head.

Every time I’ve looked into pygame, it’s felt almost abandoned. I think part of this is that the website has always been using a very generic CMS, where everything is “nodes” and there are tons of superfluous features that don’t seem to belong. Those setups always feel big and empty and vaguely abstract to me. I see there’s now a site revamp in progress, but it’s basically made out of stock Bootstrap, which gives exactly the same impression. I feel like any link I click has a 50–50 chance of being broken or leading to a page that’s been outdated for ten years.

None of this has anything to do with the quality of pygame itself, nor with any concrete facts. The way pygame presents itself just inspires irrational feelings of “if you use this, your project is already obsolete”.

It doesn’t help that I’ve been up to my eyeballs in Python for years, and I’ve seen plenty of people suggest using pygame for game development, yet I’ve never known anyone who has actually used pygame. I can’t name a single game made with pygame. At least I have an acquaintance who’s made a bunch of Ludum Dare games with LÖVE; that’s infinitely more.

I’m also wary of distributing Python software — I know there are lots of tools for doing this, and I’ve seen it done, and many moons ago I even used Python software on a Windows machine without Python installed. But I still expect it to be a pain in the ass in some surprising way.

I know I’m being massively unfair here, and I should really give it a chance sometime. I just, um, don’t want to.

cocos2d

No, not the iPhone one.

That’s actually one of the biggest problems with cocos2d: it’s the name of both a Python library and a vastly more popular iOS library. Have fun Googling for solutions to problems! Oh, and the APIs are almost completely different. And the Python version is much skimpier. And very nearly abandoned, having received only two point releases since the last minor release three years ago.

I have used cocos2d before, on a stub of a game that was abandoned ages ago. I enjoyed it enough, but something about it always felt… clumsy, like everything I tried to do took more effort than necessary. I don’t know if it’s because I was still figuring out game development, because I had to learn cocos’s little framework (versus writing my own scaffolding in LÖVE), because the game I was working on was a bit nebulous, or because something about the design of cocos itself is wrong. I do remember that I had to just about dip into bare vertex-buffer-style OpenGL just to draw lines on the screen for debugging purposes, which I found incredibly annoying. (Don’t tell me it’s faster. I know. If I thought performance were a grave concern, I probably wouldn’t be writing the thing in Python in the first place.)

I did borrow some of cocos2d’s ideas for Under Construction and later games, so I don’t regret using it or anything. It has some good ideas, and it has some handy touches like built-in vector and AABB types. I just wasn’t charmed enough to try using it again. (Yet?)

GameMaker

Closed-source. Windows only. Eh.

Their website says “no barriers to entry” and “making games is for everyone”. Uh huh.

Unity

Ah, yeah, that thing everyone uses.

I don’t have strong opinions of Unity. It’s closed-source, but it has some open source parts, so at least they care a bit and engage with the wider development community.

It’s based on Mono, which gives me pause. Obviously Mono is open source, and I think large chunks of .NET itself are now too, but I’m still very wary of the .NET ecosystem. I don’t have any concrete reason for this; I think living through the IE6 era left me deeply skeptical of anything developer-oriented that has Microsoft fingerprints on it. I’m sure their tools are very nice — plenty of people swear by Visual Studio — but I don’t trust them to actually give a damn about not-Windows. Homebrew software that can’t work on Mono just because it makes a bunch of DirectX calls has not left me particularly impressed with the cross-platform support, either.

But more importantly: Unity for Linux is still experimental, or beta, or something? I think? The actual download page still claims you need Windows 7 or OS X 10.8, and the Linux builds are only available via a forum thread, which doesn’t scream “stable” to me. The thread claims it’s supported, but… it’s still only in a thread, two and a half years after it was first released. I don’t really want to start getting into a huge platform for the first time when the maintainers aren’t confident enough of their Linux port to actually mention it anywhere.

Various web things

There are plenty of these nowadays, like Pixi and… um… others. The distribution story is obviously pretty nice, too: just have a web browser. I’ve been meaning to try one out.

I only haven’t because, well, JavaScript. I don’t particularly enjoy JavaScript. It doesn’t even have a module story yet, unless you tack a bunch of third-party stuff onto it, and I don’t want the first step of writing a game to be “fix the language I’m writing it in”. Also I’ve written more than enough JavaScript in my life already and would like to do something not web-based for a change.

There’s also something about JavaScript that feels clumsy to debug, even though that obviously makes no sense, since every web browser now has gobs of interactive debugging tools baked right in. Maybe it’s that everything is built out of async and promises and event handlers, and those are all still a bit painful to inspect. Or maybe my soul is weary from trying to use debuggers on production sites with minified libraries.

Writing from scratch

Ugh.

I know of SFML, and Allegro, and SDL, and various other libraries somewhere between “game engine” and “generic media handling”. I could definitely make something happen with one of them. I could bind to them from Python if I wanted. Or Rust. Or, hell, Lua.

But I don’t want to? That sounds like I’d spend a bunch of time writing plumbing and not so much time writing game. I mean, yes, okay, I wrote my own physics system even though LÖVE has box2d bindings built in. But I chose to do that because I thought the result would be better, not because I had to invent the universe just to get off the ground.

This is also the approach that would make me care the most about distribution, possibly even in the form of compiling stuff, which I do not enjoy.

In conclusion

My reasoning is probably not as, er, directly rational as readers may have hoped.

In my defense: there were a lot of possible choices here. There are dozens of hyperpopular game engines alone, and far greater numbers of less popular one-offs.

Now, there are two situations I want to avoid more than anything else here.

  1. Spending all of my time looking at game engines and none of my time actually making a game.
  2. Getting halfway through a game only to run into a brick wall, because the chosen engine simply cannot do some very straightforward thing I want.

So I don’t want to get stuck with a dud of an engine, but I also don’t want to spend inordinate amounts of time evaluating dozens of candidates in excruciating detail. (I have enough trouble just deciding what brand of RAM to buy.) The solution is to prune extremely aggressively, discarding anything that has even a whiff of possible inconvenience later. Worst case, I run out of engines and just start again, being less picky on the second round.

pygame? Unclear how much it’s still maintained. Pass.

cocos2d? Not confident about distribution. Pass.

Unity? In beta. Pass.

XNA? Eh on Microsoft. Also apparently discontinued four years ago. Pass.

GameMaker? Don’t want to rely on Wine. Pass.

When all was said and done, not too many contenders remained! So I gave LÖVE a whirl and I liked it well enough. It’s entirely possible I’ve been unfair to one of the things I listed above, or that there’s some amazing game thing I’ve never even heard of. I definitely don’t claim that LÖVE is the best possible tool for all problems, or that everyone should use it — but I’m enjoying it and have successfully made things with it.

I might write a followup to this sometime that comes from the other direction, listing game engines and why you might want to use them, rather than why I weeded them out.

Some moon math

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/02/some-moon-math.html

So “Brianna Wu” (famous for gamergate) is trending, and because I love punishment, I clicked on it to see why. Apparently she tweeted that Elon Musk’s plan to go to the moon is bad, because once there he can drop rocks on the Earth with the power of 100s of nuclear bombs. People are mocking her for the stupidity of this.

But the math checks out.

First of all, she probably got the idea from Heinlein’s book The Moon is a Harsh Mistress where the rebel moon colonists do just that. I doubt she did her own math, and relied upon Heinlein to do it for her. But let’s do the math ourselves.

Let’s say that we want to stand at the height of the moon and drop a rock. How big a rock do we need to equal the energy of an atomic bomb? To make things simple, let’s assume the size of bombs we want is that of the one dropped on Hiroshima.

As we know from high school physics, the energy of a dropped object (ignoring air) is:

energy = 0.5 * mass * velocity * velocity

Solving for mass (the size of the rock), the equation is:

mass = 2 * energy/(velocity * velocity)

We choose “energy” as that of an atomic bomb, but what is “velocity” in this equation, the speed of something dropped from the height of the moon?

The answer is something close to the escape velocity, which is defined as the speed of something dropped infinitely far away from the Earth. The moon isn’t infinitely far away (only 250,000 miles away), but it’s close.

How close? Well, let’s use the formula for escape velocity from Wikipedia [*]:

where G is the “gravitational constant”, M is the “mass of Earth”, and r is the radius. Plugging in “radius of earth” and we get an escape velocity from the surface of the Earth of 11.18 km/s, which matches what Google tells us. Plugging in the radius of the moon’s orbit, we get 1.44 km/s [*]. Thus, we get the following as the speed of an object dropped from the height of the moon to the surface of the earth, barring air resistance [*]:

9.74 km/s

Plugging these numbers in gets the following result:

So the answer for the mass of the rock, dropped from the moon, to equal a Hiroshima blast, is 1.3 billion grams, or 1.3 million kilograms, or 1.3 thousand metric tons.

Well, that’s a fine number and all, but what does that equal? Is that the size of Rhode Island? or just a big truck?

The answer is: nearly the same mass as the Space Shuttle during launch (2.03 million kilograms [*]). Or, a rock about 24 feet on a side.

That’s big rock, but not so big that it’s impractical, especially since things weigh 1/6th as on Earth. In Heinlein’s books, instead of shooting rocks via rockets, it shot them into space using a railgun, magnetic rings. Since the moon doesn’t have an atmosphere, you don’t need to shoot things straight up. Instead, you can accelerate them horizontally across the moon’s surface, to an escape velocity of 5,000 mph (escape velocity from moon’s surface). As the moon’s surface curves away, they’ll head out into space (or toward Earth)

Thus, Elon Musk would need to:

  • go the moon
  • setup a colony, underground
  • mine iron ore
  • build a magnetic launch gun
  • build fields full of solar panels for energy
  • mine some rock
  • cover it in iron (for magnet gun to hold onto)
  • bomb earth

At that point, he could drop hundreds of “nukes” on top of us. I, for one, would welcome our Lunar overlords. Free Luna!


Update: I’ve made a number of short cuts, but I don’t think they’ll affect the math much.

We don’t need escape velocity for the moon as a whole, just enough to reach the point where Earth’s gravity takes over. On the other hand, we need to kill the speed of the Moons’s orbit (2,000 miles per hour) in order to get down to Earth, or we just end up orbiting the Earth. I just assume the two roughly cancel each other out and ignore it.

I also ignore the atmosphere. Meteors from outer space hitting the earth of this size tend to disintegrate or blow up before reaching the surface. The Chelyabinsk meteor, the one in all those dashcam videos from 2013, was roughly 5 times the size of our moon rocks, and blew up in the atmosphere, high above the surface, with about 5 times the energy of a Hiroshima bomb. Presumably, we want our moon rocks to reach the surface, so they’ll need some protection. Probably make them longer and thinner, and put an ablative heat shield up from, and wrap them in something strong like iron.

I don’t know how much this will slow down the rock. Presumably, if coming straight down, it won’t slow down by much, but if coming in at a steep angle (as meteors do), then it could slow down quite a lot.

Update: First version of this post used “height of moon”, which Wolfram Alfa interpreted as “diameter of moon”. This error was found by . The current version of this post changes this to the correct value “radius of moon’s orbit”.

Update: I made a stupid error about Earth’s gravitational strength at the height of the Moon’s orbit. I’ve changed the equations to fix this.

Security and the Internet of Things

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/02/security_and_th.html

Last year, on October 21, your digital video recorder ­- or at least a DVR like yours ­- knocked Twitter off the internet. Someone used your DVR, along with millions of insecure webcams, routers, and other connected devices, to launch an attack that started a chain reaction, resulting in Twitter, Reddit, Netflix, and many sites going off the internet. You probably didn’t realize that your DVR had that kind of power. But it does.

All computers are hackable. This has as much to do with the computer market as it does with the technologies. We prefer our software full of features and inexpensive, at the expense of security and reliability. That your computer can affect the security of Twitter is a market failure. The industry is filled with market failures that, until now, have been largely ignorable. As computers continue to permeate our homes, cars, businesses, these market failures will no longer be tolerable. Our only solution will be regulation, and that regulation will be foisted on us by a government desperate to “do something” in the face of disaster.

In this article I want to outline the problems, both technical and political, and point to some regulatory solutions. Regulation might be a dirty word in today’s political climate, but security is the exception to our small-government bias. And as the threats posed by computers become greater and more catastrophic, regulation will be inevitable. So now’s the time to start thinking about it.

We also need to reverse the trend to connect everything to the internet. And if we risk harm and even death, we need to think twice about what we connect and what we deliberately leave uncomputerized.

If we get this wrong, the computer industry will look like the pharmaceutical industry, or the aircraft industry. But if we get this right, we can maintain the innovative environment of the internet that has given us so much.

**********

We no longer have things with computers embedded in them. We have computers with things attached to them.

Your modern refrigerator is a computer that keeps things cold. Your oven, similarly, is a computer that makes things hot. An ATM is a computer with money inside. Your car is no longer a mechanical device with some computers inside; it’s a computer with four wheels and an engine. Actually, it’s a distributed system of over 100 computers with four wheels and an engine. And, of course, your phones became full-power general-purpose computers in 2007, when the iPhone was introduced.

We wear computers: fitness trackers and computer-enabled medical devices ­- and, of course, we carry our smartphones everywhere. Our homes have smart thermostats, smart appliances, smart door locks, even smart light bulbs. At work, many of those same smart devices are networked together with CCTV cameras, sensors that detect customer movements, and everything else. Cities are starting to embed smart sensors in roads, streetlights, and sidewalk squares, also smart energy grids and smart transportation networks. A nuclear power plant is really just a computer that produces electricity, and ­- like everything else we’ve just listed -­ it’s on the internet.

The internet is no longer a web that we connect to. Instead, it’s a computerized, networked, and interconnected world that we live in. This is the future, and what we’re calling the Internet of Things.

Broadly speaking, the Internet of Things has three parts. There are the sensors that collect data about us and our environment: smart thermostats, street and highway sensors, and those ubiquitous smartphones with their motion sensors and GPS location receivers. Then there are the “smarts” that figure out what the data means and what to do about it. This includes all the computer processors on these devices and ­- increasingly ­- in the cloud, as well as the memory that stores all of this information. And finally, there are the actuators that affect our environment. The point of a smart thermostat isn’t to record the temperature; it’s to control the furnace and the air conditioner. Driverless cars collect data about the road and the environment to steer themselves safely to their destinations.

You can think of the sensors as the eyes and ears of the internet. You can think of the actuators as the hands and feet of the internet. And you can think of the stuff in the middle as the brain. We are building an internet that senses, thinks, and acts.

This is the classic definition of a robot. We’re building a world-size robot, and we don’t even realize it.

To be sure, it’s not a robot in the classical sense. We think of robots as discrete autonomous entities, with sensors, brain, and actuators all together in a metal shell. The world-size robot is distributed. It doesn’t have a singular body, and parts of it are controlled in different ways by different people. It doesn’t have a central brain, and it has nothing even remotely resembling a consciousness. It doesn’t have a single goal or focus. It’s not even something we deliberately designed. It’s something we have inadvertently built out of the everyday objects we live with and take for granted. It is the extension of our computers and networks into the real world.

This world-size robot is actually more than the Internet of Things. It’s a combination of several decades-old computing trends: mobile computing, cloud computing, always-on computing, huge databases of personal information, the Internet of Things ­- or, more precisely, cyber-physical systems ­- autonomy, and artificial intelligence. And while it’s still not very smart, it’ll get smarter. It’ll get more powerful and more capable through all the interconnections we’re building.

It’ll also get much more dangerous.

**********

Computer security has been around for almost as long as computers have been. And while it’s true that security wasn’t part of the design of the original internet, it’s something we have been trying to achieve since its beginning.

I have been working in computer security for over 30 years: first in cryptography, then more generally in computer and network security, and now in general security technology. I have watched computers become ubiquitous, and have seen firsthand the problems ­- and solutions ­- of securing these complex machines and systems. I’m telling you all this because what used to be a specialized area of expertise now affects everything. Computer security is now everything security. There’s one critical difference, though: The threats have become greater.

Traditionally, computer security is divided into three categories: confidentiality, integrity, and availability. For the most part, our security concerns have largely centered around confidentiality. We’re concerned about our data and who has access to it ­- the world of privacy and surveillance, of data theft and misuse.

But threats come in many forms. Availability threats: computer viruses that delete our data, or ransomware that encrypts our data and demands payment for the unlock key. Integrity threats: hackers who can manipulate data entries can do things ranging from changing grades in a class to changing the amount of money in bank accounts. Some of these threats are pretty bad. Hospitals have paid tens of thousands of dollars to criminals whose ransomware encrypted critical medical files. JPMorgan Chase spends half a billion on cybersecurity a year.

Today, the integrity and availability threats are much worse than the confidentiality threats. Once computers start affecting the world in a direct and physical manner, there are real risks to life and property. There is a fundamental difference between crashing your computer and losing your spreadsheet data, and crashing your pacemaker and losing your life. This isn’t hyperbole; recently researchers found serious security vulnerabilities in St. Jude Medical’s implantable heart devices. Give the internet hands and feet, and it will have the ability to punch and kick.

Take a concrete example: modern cars, those computers on wheels. The steering wheel no longer turns the axles, nor does the accelerator pedal change the speed. Every move you make in a car is processed by a computer, which does the actual controlling. A central computer controls the dashboard. There’s another in the radio. The engine has 20 or so computers. These are all networked, and increasingly autonomous.

Now, let’s start listing the security threats. We don’t want car navigation systems to be used for mass surveillance, or the microphone for mass eavesdropping. We might want it to be used to determine a car’s location in the event of a 911 call, and possibly to collect information about highway congestion. We don’t want people to hack their own cars to bypass emissions-control limitations. We don’t want manufacturers or dealers to be able to do that, either, as Volkswagen did for years. We can imagine wanting to give police the ability to remotely and safely disable a moving car; that would make high-speed chases a thing of the past. But we definitely don’t want hackers to be able to do that. We definitely don’t want them disabling the brakes in every car without warning, at speed. As we make the transition from driver-controlled cars to cars with various driver-assist capabilities to fully driverless cars, we don’t want any of those critical components subverted. We don’t want someone to be able to accidentally crash your car, let alone do it on purpose. And equally, we don’t want them to be able to manipulate the navigation software to change your route, or the door-lock controls to prevent you from opening the door. I could go on.

That’s a lot of different security requirements, and the effects of getting them wrong range from illegal surveillance to extortion by ransomware to mass death.

**********

Our computers and smartphones are as secure as they are because companies like Microsoft, Apple, and Google spend a lot of time testing their code before it’s released, and quickly patch vulnerabilities when they’re discovered. Those companies can support large, dedicated teams because those companies make a huge amount of money, either directly or indirectly, from their software ­ and, in part, compete on its security. Unfortunately, this isn’t true of embedded systems like digital video recorders or home routers. Those systems are sold at a much lower margin, and are often built by offshore third parties. The companies involved simply don’t have the expertise to make them secure.

At a recent hacker conference, a security researcher analyzed 30 home routers and was able to break into half of them, including some of the most popular and common brands. The denial-of-service attacks that forced popular websites like Reddit and Twitter off the internet last October were enabled by vulnerabilities in devices like webcams and digital video recorders. In August, two security researchers demonstrated a ransomware attack on a smart thermostat.

Even worse, most of these devices don’t have any way to be patched. Companies like Microsoft and Apple continuously deliver security patches to your computers. Some home routers are technically patchable, but in a complicated way that only an expert would attempt. And the only way for you to update the firmware in your hackable DVR is to throw it away and buy a new one.

The market can’t fix this because neither the buyer nor the seller cares. The owners of the webcams and DVRs used in the denial-of-service attacks don’t care. Their devices were cheap to buy, they still work, and they don’t know any of the victims of the attacks. The sellers of those devices don’t care: They’re now selling newer and better models, and the original buyers only cared about price and features. There is no market solution, because the insecurity is what economists call an externality: It’s an effect of the purchasing decision that affects other people. Think of it kind of like invisible pollution.

**********

Security is an arms race between attacker and defender. Technology perturbs that arms race by changing the balance between attacker and defender. Understanding how this arms race has unfolded on the internet is essential to understanding why the world-size robot we’re building is so insecure, and how we might secure it. To that end, I have five truisms, born from what we’ve already learned about computer and internet security. They will soon affect the security arms race everywhere.

Truism No. 1: On the internet, attack is easier than defense.

There are many reasons for this, but the most important is the complexity of these systems. More complexity means more people involved, more parts, more interactions, more mistakes in the design and development process, more of everything where hidden insecurities can be found. Computer-security experts like to speak about the attack surface of a system: all the possible points an attacker might target and that must be secured. A complex system means a large attack surface. The defender has to secure the entire attack surface. The attacker just has to find one vulnerability ­- one unsecured avenue for attack -­ and gets to choose how and when to attack. It’s simply not a fair battle.

There are other, more general, reasons why attack is easier than defense. Attackers have a natural agility that defenders often lack. They don’t have to worry about laws, and often not about morals or ethics. They don’t have a bureaucracy to contend with, and can more quickly make use of technical innovations. Attackers also have a first-mover advantage. As a society, we’re generally terrible at proactive security; we rarely take preventive security measures until an attack actually happens. So more advantages go to the attacker.

Truism No. 2: Most software is poorly written and insecure.

If complexity isn’t enough, we compound the problem by producing lousy software. Well-written software, like the kind found in airplane avionics, is both expensive and time-consuming to produce. We don’t want that. For the most part, poorly written software has been good enough. We’d all rather live with buggy software than pay the prices good software would require. We don’t mind if our games crash regularly, or our business applications act weird once in a while. Because software has been largely benign, it hasn’t mattered. This has permeated the industry at all levels. At universities, we don’t teach how to code well. Companies don’t reward quality code in the same way they reward fast and cheap. And we consumers don’t demand it.

But poorly written software is riddled with bugs, sometimes as many as one per 1,000 lines of code. Some of them are inherent in the complexity of the software, but most are programming mistakes. Not all bugs are vulnerabilities, but some are.

Truism No. 3: Connecting everything to each other via the internet will expose new vulnerabilities.

The more we network things together, the more vulnerabilities on one thing will affect other things. On October 21, vulnerabilities in a wide variety of embedded devices were all harnessed together to create what hackers call a botnet. This botnet was used to launch a distributed denial-of-service attack against a company called Dyn. Dyn provided a critical internet function for many major internet sites. So when Dyn went down, so did all those popular websites.

These chains of vulnerabilities are everywhere. In 2012, journalist Mat Honan suffered a massive personal hack because of one of them. A vulnerability in his Amazon account allowed hackers to get into his Apple account, which allowed them to get into his Gmail account. And in 2013, the Target Corporation was hacked by someone stealing credentials from its HVAC contractor.

Vulnerabilities like these are particularly hard to fix, because no one system might actually be at fault. It might be the insecure interaction of two individually secure systems.

Truism No. 4: Everybody has to stop the best attackers in the world.

One of the most powerful properties of the internet is that it allows things to scale. This is true for our ability to access data or control systems or do any of the cool things we use the internet for, but it’s also true for attacks. In general, fewer attackers can do more damage because of better technology. It’s not just that these modern attackers are more efficient, it’s that the internet allows attacks to scale to a degree impossible without computers and networks.

This is fundamentally different from what we’re used to. When securing my home against burglars, I am only worried about the burglars who live close enough to my home to consider robbing me. The internet is different. When I think about the security of my network, I have to be concerned about the best attacker possible, because he’s the one who’s going to create the attack tool that everyone else will use. The attacker that discovered the vulnerability used to attack Dyn released the code to the world, and within a week there were a dozen attack tools using it.

Truism No. 5: Laws inhibit security research.

The Digital Millennium Copyright Act is a terrible law that fails at its purpose of preventing widespread piracy of movies and music. To make matters worse, it contains a provision that has critical side effects. According to the law, it is a crime to bypass security mechanisms that protect copyrighted work, even if that bypassing would otherwise be legal. Since all software can be copyrighted, it is arguably illegal to do security research on these devices and to publish the result.

Although the exact contours of the law are arguable, many companies are using this provision of the DMCA to threaten researchers who expose vulnerabilities in their embedded systems. This instills fear in researchers, and has a chilling effect on research, which means two things: (1) Vendors of these devices are more likely to leave them insecure, because no one will notice and they won’t be penalized in the market, and (2) security engineers don’t learn how to do security better.
Unfortunately, companies generally like the DMCA. The provisions against reverse-engineering spare them the embarrassment of having their shoddy security exposed. It also allows them to build proprietary systems that lock out competition. (This is an important one. Right now, your toaster cannot force you to only buy a particular brand of bread. But because of this law and an embedded computer, your Keurig coffee maker can force you to buy a particular brand of coffee.)

**********
In general, there are two basic paradigms of security. We can either try to secure something well the first time, or we can make our security agile. The first paradigm comes from the world of dangerous things: from planes, medical devices, buildings. It’s the paradigm that gives us secure design and secure engineering, security testing and certifications, professional licensing, detailed preplanning and complex government approvals, and long times-to-market. It’s security for a world where getting it right is paramount because getting it wrong means people dying.

The second paradigm comes from the fast-moving and heretofore largely benign world of software. In this paradigm, we have rapid prototyping, on-the-fly updates, and continual improvement. In this paradigm, new vulnerabilities are discovered all the time and security disasters regularly happen. Here, we stress survivability, recoverability, mitigation, adaptability, and muddling through. This is security for a world where getting it wrong is okay, as long as you can respond fast enough.

These two worlds are colliding. They’re colliding in our cars -­ literally -­ in our medical devices, our building control systems, our traffic control systems, and our voting machines. And although these paradigms are wildly different and largely incompatible, we need to figure out how to make them work together.

So far, we haven’t done very well. We still largely rely on the first paradigm for the dangerous computers in cars, airplanes, and medical devices. As a result, there are medical systems that can’t have security patches installed because that would invalidate their government approval. In 2015, Chrysler recalled 1.4 million cars to fix a software vulnerability. In September 2016, Tesla remotely sent a security patch to all of its Model S cars overnight. Tesla sure sounds like it’s doing things right, but what vulnerabilities does this remote patch feature open up?

**********
Until now we’ve largely left computer security to the market. Because the computer and network products we buy and use are so lousy, an enormous after-market industry in computer security has emerged. Governments, companies, and people buy the security they think they need to secure themselves. We’ve muddled through well enough, but the market failures inherent in trying to secure this world-size robot will soon become too big to ignore.

Markets alone can’t solve our security problems. Markets are motivated by profit and short-term goals at the expense of society. They can’t solve collective-action problems. They won’t be able to deal with economic externalities, like the vulnerabilities in DVRs that resulted in Twitter going offline. And we need a counterbalancing force to corporate power.

This all points to policy. While the details of any computer-security system are technical, getting the technologies broadly deployed is a problem that spans law, economics, psychology, and sociology. And getting the policy right is just as important as getting the technology right because, for internet security to work, law and technology have to work together. This is probably the most important lesson of Edward Snowden’s NSA disclosures. We already knew that technology can subvert law. Snowden demonstrated that law can also subvert technology. Both fail unless each work. It’s not enough to just let technology do its thing.

Any policy changes to secure this world-size robot will mean significant government regulation. I know it’s a sullied concept in today’s world, but I don’t see any other possible solution. It’s going to be especially difficult on the internet, where its permissionless nature is one of the best things about it and the underpinning of its most world-changing innovations. But I don’t see how that can continue when the internet can affect the world in a direct and physical manner.

**********

I have a proposal: a new government regulatory agency. Before dismissing it out of hand, please hear me out.

We have a practical problem when it comes to internet regulation. There’s no government structure to tackle this at a systemic level. Instead, there’s a fundamental mismatch between the way government works and the way this technology works that makes dealing with this problem impossible at the moment.

Government operates in silos. In the U.S., the FAA regulates aircraft. The NHTSA regulates cars. The FDA regulates medical devices. The FCC regulates communications devices. The FTC protects consumers in the face of “unfair” or “deceptive” trade practices. Even worse, who regulates data can depend on how it is used. If data is used to influence a voter, it’s the Federal Election Commission’s jurisdiction. If that same data is used to influence a consumer, it’s the FTC’s. Use those same technologies in a school, and the Department of Education is now in charge. Robotics will have its own set of problems, and no one is sure how that is going to be regulated. Each agency has a different approach and different rules. They have no expertise in these new issues, and they are not quick to expand their authority for all sorts of reasons.

Compare that with the internet. The internet is a freewheeling system of integrated objects and networks. It grows horizontally, demolishing old technological barriers so that people and systems that never previously communicated now can. Already, apps on a smartphone can log health information, control your energy use, and communicate with your car. That’s a set of functions that crosses jurisdictions of at least four different government agencies, and it’s only going to get worse.

Our world-size robot needs to be viewed as a single entity with millions of components interacting with each other. Any solutions here need to be holistic. They need to work everywhere, for everything. Whether we’re talking about cars, drones, or phones, they’re all computers.

This has lots of precedent. Many new technologies have led to the formation of new government regulatory agencies. Trains did, cars did, airplanes did. Radio led to the formation of the Federal Radio Commission, which became the FCC. Nuclear power led to the formation of the Atomic Energy Commission, which eventually became the Department of Energy. The reasons were the same in every case. New technologies need new expertise because they bring with them new challenges. Governments need a single agency to house that new expertise, because its applications cut across several preexisting agencies. It’s less that the new agency needs to regulate -­ although that’s often a big part of it -­ and more that governments recognize the importance of the new technologies.

The internet has famously eschewed formal regulation, instead adopting a multi-stakeholder model of academics, businesses, governments, and other interested parties. My hope is that we can keep the best of this approach in any regulatory agency, looking more at the new U.S. Digital Service or the 18F office inside the General Services Administration. Both of those organizations are dedicated to providing digital government services, and both have collected significant expertise by bringing people in from outside of government, and both have learned how to work closely with existing agencies. Any internet regulatory agency will similarly need to engage in a high level of collaborate regulation -­ both a challenge and an opportunity.

I don’t think any of us can predict the totality of the regulations we need to ensure the safety of this world, but here’s a few. We need government to ensure companies follow good security practices: testing, patching, secure defaults -­ and we need to be able to hold companies liable when they fail to do these things. We need government to mandate strong personal data protections, and limitations on data collection and use. We need to ensure that responsible security research is legal and well-funded. We need to enforce transparency in design, some sort of code escrow in case a company goes out of business, and interoperability between devices of different manufacturers, to counterbalance the monopolistic effects of interconnected technologies. Individuals need the right to take their data with them. And internet-enabled devices should retain some minimal functionality if disconnected from the internet

I’m not the only one talking about this. I’ve seen proposals for a National Institutes of Health analog for cybersecurity. University of Washington law professor Ryan Calo has proposed a Federal Robotics Commission. I think it needs to be broader: maybe a Department of Technology Policy.

Of course there will be problems. There’s a lack of expertise in these issues inside government. There’s a lack of willingness in government to do the hard regulatory work. Industry is worried about any new bureaucracy: both that it will stifle innovation by regulating too much and that it will be captured by industry and regulate too little. A domestic regulatory agency will have to deal with the fundamentally international nature of the problem.

But government is the entity we use to solve problems like this. Governments have the scope, scale, and balance of interests to address the problems. It’s the institution we’ve built to adjudicate competing social interests and internalize market externalities. Left to their own devices, the market simply can’t. That we’re currently in the middle of an era of low government trust, where many of us can’t imagine government doing anything positive in an area like this, is to our detriment.

Here’s the thing: Governments will get involved, regardless. The risks are too great, and the stakes are too high. Government already regulates dangerous physical systems like cars and medical devices. And nothing motivates the U.S. government like fear. Remember 2001? A nominally small-government Republican president created the Office of Homeland Security 11 days after the terrorist attacks: a rushed and ill-thought-out decision that we’ve been trying to fix for over a decade. A fatal disaster will similarly spur our government into action, and it’s unlikely to be well-considered and thoughtful action. Our choice isn’t between government involvement and no government involvement. Our choice is between smarter government involvement and stupider government involvement. We have to start thinking about this now. Regulations are necessary, important, and complex; and they’re coming. We can’t afford to ignore these issues until it’s too late.

We also need to start disconnecting systems. If we cannot secure complex systems to the level required by their real-world capabilities, then we must not build a world where everything is computerized and interconnected.

There are other models. We can enable local communications only. We can set limits on collected and stored data. We can deliberately design systems that don’t interoperate with each other. We can deliberately fetter devices, reversing the current trend of turning everything into a general-purpose computer. And, most important, we can move toward less centralization and more distributed systems, which is how the internet was first envisioned.

This might be a heresy in today’s race to network everything, but large, centralized systems are not inevitable. The technical elites are pushing us in that direction, but they really don’t have any good supporting arguments other than the profits of their ever-growing multinational corporations.

But this will change. It will change not only because of security concerns, it will also change because of political concerns. We’re starting to chafe under the worldview of everything producing data about us and what we do, and that data being available to both governments and corporations. Surveillance capitalism won’t be the business model of the internet forever. We need to change the fabric of the internet so that evil governments don’t have the tools to create a horrific totalitarian state. And while good laws and regulations in Western democracies are a great second line of defense, they can’t be our only line of defense.

My guess is that we will soon reach a high-water mark of computerization and connectivity, and that afterward we will make conscious decisions about what and how we decide to interconnect. But we’re still in the honeymoon phase of connectivity. Governments and corporations are punch-drunk on our data, and the rush to connect everything is driven by an even greater desire for power and market share. One of the presentations released by Edward Snowden contained the NSA mantra: “Collect it all.” A similar mantra for the internet today might be: “Connect it all.”

The inevitable backlash will not be driven by the market. It will be deliberate policy decisions that put the safety and welfare of society above individual corporations and industries. It will be deliberate policy decisions that prioritize the security of our systems over the demands of the FBI to weaken them in order to make their law-enforcement jobs easier. It’ll be hard policy for many to swallow, but our safety will depend on it.

**********

The scenarios I’ve outlined, both the technological and economic trends that are causing them and the political changes we need to make to start to fix them, come from my years of working in internet-security technology and policy. All of this is informed by an understanding of both technology and policy. That turns out to be critical, and there aren’t enough people who understand both.

This brings me to my final plea: We need more public-interest technologists.

Over the past couple of decades, we’ve seen examples of getting internet-security policy badly wrong. I’m thinking of the FBI’s “going dark” debate about its insistence that computer devices be designed to facilitate government access, the “vulnerability equities process” about when the government should disclose and fix a vulnerability versus when it should use it to attack other systems, the debacle over paperless touch-screen voting machines, and the DMCA that I discussed above. If you watched any of these policy debates unfold, you saw policy-makers and technologists talking past each other.

Our world-size robot will exacerbate these problems. The historical divide between Washington and Silicon Valley -­ the mistrust of governments by tech companies and the mistrust of tech companies by governments ­- is dangerous.

We have to fix this. Getting IoT security right depends on the two sides working together and, even more important, having people who are experts in each working on both. We need technologists to get involved in policy, and we need policy-makers to get involved in technology. We need people who are experts in making both technology and technological policy. We need technologists on congressional staffs, inside federal agencies, working for NGOs, and as part of the press. We need to create a viable career path for public-interest technologists, much as there already is one for public-interest attorneys. We need courses, and degree programs in colleges, for people interested in careers in public-interest technology. We need fellowships in organizations that need these people. We need technology companies to offer sabbaticals for technologists wanting to go down this path. We need an entire ecosystem that supports people bridging the gap between technology and law. We need a viable career path that ensures that even though people in this field won’t make as much as they would in a high-tech start-up, they will have viable careers. The security of our computerized and networked future ­ meaning the security of ourselves, families, homes, businesses, and communities ­ depends on it.

This plea is bigger than security, actually. Pretty much all of the major policy debates of this century will have a major technological component. Whether it’s weapons of mass destruction, robots drastically affecting employment, climate change, food safety, or the increasing ubiquity of ever-shrinking drones, understanding the policy means understanding the technology. Our society desperately needs technologists working on the policy. The alternative is bad policy.

**********

The world-size robot is less designed than created. It’s coming without any forethought or architecting or planning; most of us are completely unaware of what we’re building. In fact, I am not convinced we can actually design any of this. When we try to design complex sociotechnical systems like this, we are regularly surprised by their emergent properties. The best we can do is observe and channel these properties as best we can.

Market thinking sometimes makes us lose sight of the human choices and autonomy at stake. Before we get controlled ­ or killed ­ by the world-size robot, we need to rebuild confidence in our collective governance institutions. Law and policy may not seem as cool as digital tech, but they’re also places of critical innovation. They’re where we collectively bring about the world we want to live in.

While I might sound like a Cassandra, I’m actually optimistic about our future. Our society has tackled bigger problems than this one. It takes work and it’s not easy, but we eventually find our way clear to make the hard choices necessary to solve our real problems.

The world-size robot we’re building can only be managed responsibly if we start making real choices about the interconnected world we live in. Yes, we need security systems as robust as the threat landscape. But we also need laws that effectively regulate these dangerous technologies. And, more generally, we need to make moral, ethical, and political decisions on how those systems should work. Until now, we’ve largely left the internet alone. We gave programmers a special right to code cyberspace as they saw fit. This was okay because cyberspace was separate and relatively unimportant: That is, it didn’t matter. Now that that’s changed, we can no longer give programmers and the companies they work for this power. Those moral, ethical, and political decisions need, somehow, to be made by everybody. We need to link people with the same zeal that we are currently linking machines. “Connect it all” must be countered with “connect us all.”

This essay previously appeared in New York Magazine.

More Pirated Movie Screeners Leak Online

Post Syndicated from Ernesto original https://torrentfreak.com/more-pirated-movie-screeners-leak-online-170115/

scrTowards the end of the year, movie screeners are sent out to industry insiders who have to cast their votes for the Oscars and other awards.

Usually, quite a few of these films start to leak on various pirate sites around Christmas, but this year it remained surprisingly quiet.

In fact, it took until early January before the first pirated screener showed up, a copy of the Denzel Washington movie Fences.

While the slow start remains largely unexplained, it appears that at least some pirate groups have become a bit more cautious with their release strategies. The infamous Hive-CM8, which put out the lion’s share of screeners last year, said it would no longer release any films before their theatrical release, for example.

Cautious or not, this week the screener ball started to get rolling again when five DVD screeners appeared online. ‘Hidden Figures’ and ‘Patriots Day’ were the first two to become available, followed by ‘La La Land,’ ‘Moonlight’ and ‘Arrival’ this weekend.

dvdscr

The copies were released and distributed by various P2P pirate groups, not just a single source. The most popular Arrival copy is tagged by the unknown group “4rrived,” for example, and Hive-CM8 is also back in the game with screener copies of La La Land and Moonlight.

Arrival screener

arrived

A few weeks ago, Hive-CM8 said they were ready to release screeners and a few hours ago they uploaded their first copy of the year.

“Finally first quality release, we do think this is a hot title and we decided to share it with the public,” the group writes in the release note of La La Land.

While some people believe that the group already has access to additional disks, they are still in the market for more material. They hope that insiders with access to screeners are in a sharing mood.

“We are looking for the guys sitting at home with all the 30 discs and posting pictures all over the net, but not sharing with anyone. Not sure why you are hiding it can be done safe and secure, for private viewing only if requested. Just msg us if you need help, we dont bite.”

Pirates will certainly welcome all the activity, but it’s unlikely that we’ll see a leak-fest similar to last year. Not from Hive-CM8 at least, who say that they don’t plan to share everything they have with the public this year.

It will be interesting to see how many screeners will leak during the weeks to come. With five releases so far this year, the leaked screener count is still at an all time low for now.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.