An anonymous reader writes: The VTech hack just got a little worse. Reports say that in addition to the 4.8 million records with parents' names, home addresses, passwords and the identities of 227k kids, the hackers also have hundreds of gigabytes worth of pictures and chat logs belonging to children. ZDNet reports: "Tens of thousands of pictures — many blank or duplicates — were thought to have been taken from from Kid Connect, an app that allows parents to use a smartphone app to talk to their children through a VTech tablet. Motherboard was able to verify a portion of the images, and the chat logs, which date as far back as late-2014. Details about the intrusion are not fully known yet. The hacker, who for now remains nameless, told Motherboard that the Hong Kong-based company 'left other sensitive data exposed on its servers.'"

New submitter lorenzofb writes: A hacker broke into the site of the popular toy company VTech and was able to easily get 4.8 million credentials, and 227k kids' identities using SQL injection. The company didn't find out about the breach until Motherboard told them. According to Have I Been Pwned, this is the fourth largest consumer data breach ever. "[Security specialist Troy Hunt] said that VTech doesn't use SSL web encryption anywhere, and transmits data such as passwords completely unprotected. ... Hunt also found that the company's websites "leak extensive data" from their databases and APIs—so much that an attacker could get a lot of data about the parents or kids just by taking advantage of these flaws."

A few weeks ago you had the chance to ask Alan Donovan and Brian Kernighan about programming and their upcoming book, The Go Programming Language (available as an eBook Friday the 20th). Below you'll find their answers to your questions.

New submitter charliehotel writes: The Irish Aviation Authority announced that it will have its drone registry up and running by December 21st this year. This registry will be the first of its kind in Europe, and the Irish Aviation Authority will require all RPA / drones that weigh over 1kg to be registered; this includes model aircraft. I hope that the U.S.'s gathering storm of regulation doesn't start quite that small.

theodp writes: Mattel came under fire last November over its portrayal of Computer Engineer Barbie as incompetent. But the toymaker is now drawing kudos for its new Imagine the Possibilities Barbie ad campaign (video), which shows little girls pretending to be professionals in real-life settings, including a college professor lecturing students about the brain. Ad Age, however, is cynical of the empowering spin on Barbie, which it says "comes across as a manipulative way to silence criticism." Interestingly, some of that criticism may have come from the White House.

WH Visitor Records show that Barbie's brainy makeover came after Mattel execs — Evelyn Mazzocco, Julia Pistor, Heather Lazarus — were summoned to the White House last April to meet with the White House Council on Women and Girls. A little Googling suggests other attendees at the sit-down included representatives of the nation's leading toy makers (Disney Consumer, Nickelodeon, Hasbro, American Girl), media giants (Disney Channels, Viacom, TIME, Scholastic, Univision, Participant Media, Cartoon Network, Netflix), retailers (Walmart, Target), educators, scientists, the U.S. Dept. of Education (including the Deputy Director of Michelle Obama's Reach Higher Initiative), philanthropists (Rockefeller, Harnisch Foundations) — and Google. Representing Google was CS Education in Media Program Manager Julie Ann Crommett, who has worked with Disney to shape programming to inspire girls to pursue CS in conjunction with the search giant's $50 million Made With Code initiative.

The April White House meeting appears to be a reschedule of a planned March meeting that was to have included other Mattel execs, including Stephanie Cota, Venetia Davie, and Lori Pantel, to whom the task of apologizing for Computer Engineer Barbie fell last November. For the first time in over a decade, Barbie was no longer the most popular girls' toy last holiday season, having lost her crown to Disney Princesses Elsa and Anna, who coincidentally teamed up with Google-backed Code.org last December to "teach President Obama to code" at a widely-publicized White House event.

An anonymous reader writes: Unmanned aerial vehicles — so-called drones — can be helpful, malicious, or simply disruptive, depending on the intentions of those who use them. But while regular folks have to be worried about law suits if they shoot one down, law enforcement officers have a better solution, and one that's currently legal (for them): stop one mid-flight. This can be achieved with DroneDefender, a recently made available "gun" that uses radio control frequency disruption technologies to safely stop drones in the air, before they can pose a threat to military or civilian safety.

the_newsbeagle writes: This is a parlor trick, not neuroscience," writes this DIY brain hacker — but it sure is a nifty trick. The hacker put electrodes on his scalp, fed the resulting EEG data into a specialized processor that makes sense of brain signals, and modified the remote control for a helium-filled shark balloon. Soon, he and his buddies were steering the shark around the room. Why did it take his buddies, too? "EEG interpretation is not easy because, to be technical, EEG signals are a crazy mess. EEG recordings are a jumble of the signatures of many brain processes. Detecting conscious thoughts like “Shark, please swim forward” is way beyond even state-of-the-art equipment. The electrical signature of a single thought is lost in the furious chatter of 100 billion neurons." So builder Chip Audette settled on the simplest control system he could, and divvied up the actual controls (left, right, forward, etc.) among several users, so each one's brain signals could be interpreted separately.

minstrelmike writes: Mattel is coming out with a Talking Barbie designed by a huge team and pre-scripted with thousands of responses controlled by an AI, with designs to be your best friend. The design team remembers the "Math is hard" debacle of the 1990s and if a girl asks if she's pretty, Barbie will respond, "Yes. And you're smart, too." If she asks if Barbie believes in God, she says a person's beliefs are personal. And suggests talking to grownups about some problems. The linked New York Times' article ("Barbie Wants to Get to Know Your Child") even discusses trying to avoid edited vids on YouTube by scripting out words such as "cockroach."

An anonymous reader writes: A relative of mine has been hinting that he'd like me to take over his model railroad collection in the event of his death (or even before that, to make this a bit less morbid-sounding). I'm intrigued by the idea, because I've been interested in model railroads for years, but too commitment shy and too transient to actually start a collection. That's changed enough that I'd like to start planning a train system, and am looking for advice from people who have been at it for a while. A couple of parameters: 1) I'm only interested for now in HO-scale stuff, so I am not all that interested in the relative merits of the other kinds, cool as they might be. 2) Related, I am somewhat less interested in the rolling stock than I am in the construction and control of the track and surrounding landscape. Interested in learning from experienced model railroad enthusiasts what lessons you've learned over the years that would be useful for a newbie, especially if you've made some cool automation for your system, or have built extensive support structures. This includes negative lessons, too, if you've overloaded circuits or floorboards. I'd *like* to integrate some interesting sensors and control systems, and I see some interesting open source software for this. So: What advice would you give to a late-start railroader? For reference: this set-up may end up living in an unfinished suburban basement.

An anonymous reader writes: Nintendo's line of amiibo figurines are coveted by fans and collectors, even scalpers and robbers, with some harder to come by models fetching high sums on auction sites. But as a new article points out, every model suffers from similar technical drawbacks when it comes to interacting with the Japanese games giant's Wii U and 3DS consoles: there is currently only one game for instance that uses the write function of each figure's NFC chip, rather than simply reading it. But if there were more, Nintendo would be faced with another problem: where to store the data for each, since amiibo can currently only store one title's data at a time. The company may be looking to solve some of these issues with its upcoming NX system, but will it be too little too late?

rtoz writes: A Japanese engineer has developed a portable transporter small enough to be carried in a backpack that he says is the world's first 'car in a bag'. The lithium battery-powered "WalkCar" device is the size of a laptop and resembles a skateboard more than a car. According to the Reuters report, the slender WalkCar is made from aluminum and weighs between two and three kilograms , depending on whether it is an indoor or outdoor version. The aluminum board and can take loads of up to 120kg., and it reaches top speeds of 10 kilometers per hour, for distances of up to 12 kilometers after three hours of charging. When a rider stands on it, the WalkCar starts automatically, while simply stepping off stops the vehicle. To change direction, the user just shifts their weight.

theodp writes: VentureBeat's Ruth Read casts a skeptical eye at the current rage of toy segregation meant to inspire tomorrow's leaders in STEM: "Toys geared at girls serve to get them interested in coding and building when they're young, hopefully inspiring their educational interests down the road. But these gendered toys may be hurting women by perpetuating a divide between men and women." Read concludes, "Ultimately, girls (who will become women) are going to have to learn and work in a world where genders are not segregated; as will men. That means they need to learn how to interact with one another as much as they need to be introduced to the same educational opportunities. If STEM education is as much for girls as it is for boys, perhaps we should be equally concerned with getting boys and girls to play together with the same toys and tools, as we are with creating learning opportunities for girls."

sciencehabit writes: Scientists have built small devices that generate electricity by harnessing changes in the ambient humidity. This is done through the use of dormant bacterial spores which expand when they absorb moisture from the air. To prove the concept, researchers attached the spores to one side of a curved polymer sheet, and when the spores absorbed humidity from the air, the sheet straightened out. Coupling this movement with an electromagnetic generator allowed them to harvest enough energy to power small devices like an LED and a 100-gram toy car.

Trailrunner7 writes: It may be time to upgrade your garage door opener. Security researcher Samy Kamkar has developed a new technique that enables him to open almost any garage door that uses a fixed code–and he implemented it on a $12 child's toy. The attack Kamkar devised, known as OpenSesame, reduces the amount of time it takes to guess the fixed code for a garage door from several minutes down to less than 10 seconds. Most openers in commercially available garage door openers have a set of 12 dip switches, which are binary, and provide a total of 4,096 possible code combinations. This is a highly limited keyspace and is open to brute-force attacks. But even on such a small keyspace, those attacks take some time.

With a simple brute-force attack, that would take 29 minutes, Kamkar said. To begin reducing that time, he eliminated the retransmission of each code, bringing the time down to about six minutes. He then removed the wait period after each code is sent, which reduced the time even further, to about three minutes. Looking to further reduce the time, Kamkar discovered that many garage door openers use a technique known as a bit shift register. This means that when the opener receives a 12-bit code, it will test that code, and if it's incorrect, the opener will then shift out one bit and pull in one bit of the next code transmitted.

Kamkar implemented an algorithm known as the De Bruijn sequence to automate this process and then loaded his code onto a now-discontinued toy called the Mattel IM-ME. The toy was designed as a short-range texting device for kids, but Kamkar reprogrammed it using the GoodFET adapter built by Travis Goodspeed. Once that was done, Kamkar tested the device against a variety of garage door openers and discovered that the technique worked on systems manufactured by several companies, including Nortek and NSCD. It also works on older systems made by Chamberlain, Liftmaster, Stanley, Delta-3, and Moore-O-Matic.

New submitter expert464 writes: I just purchased an external USB battery for the main purpose of charging smartphones. I've also thought of using it to power a USB lamp and charge a bluetooth speaker. What other things am I missing that would be useful and/or interesting to power when not near an electrical outlet?

jones_supa points out the news (also at Ars Technica, and -- paywalled -- at the Wall Street Journal) that clothing and music retailer Hot Topic has announced plans to buy Geeknet, parent company of ThinkGeek and ThinkGeek Solutions, for $117.3 million. ThinkGeek Solutions is a distributor of video-game themed merchandise through licensed web stores. Hot Topic Inc. will pay $17.50 per Geeknet share. Privately held Hot Topic, based in Los Angeles, has more than 650 stores in the U.S. and Canada. Geeknet will become a Hot Topic subsidiary. This news inspires some nostalgia here; ThinkGeek was for a long time one of Slashdot's sister sites under the umbrella of VA Linux, and I had some fun years back helping to set up the ThinkGeek booth at LinuxWorld in New York.

jan_jes writes: UC Berkeley researchers turned to a branch of artificial intelligence known as deep learning for developing algorithms that enable robots to learn motor tasks through trial and error. It's a process that more closely approximates the way humans learn, marking a major milestone in the field of artificial intelligence. Their demonstration robot completes tasks such as "putting a clothes hanger on a rack, assembling a toy plane, screwing a cap on a water bottle, and more" without pre-programmed details about its surroundings. The challenge of putting robots into real-life settings (e.g. homes or offices) is that those environments are constantly changing. The robot must be able to perceive and adapt to its surroundings, so this type of learning is an important step.

HughPickens.com writes: Time Magazine reports that Google has designed and patented an "anthropomorphic device" that could take the form of a "doll or toy" and interact both with people as well as tech gadgets echoing the "super toy" teddy bear featured in Stephen Spielberg's 2001 movie AI. This could be one of Google's creepiest patents yet — especially if movies like "Chuckie" still give you nightmares. The patent filing diagrams a stuffed teddy bear and a bunny rabbit outfitted with microphones, speakers, cameras and motors as well as a wireless connection to the internet. If it senses you're looking at it, the fuzzy toy will rotate its head and look back at you. Once it receives and recognizes a voice command prompt, you can then tell it to control media devices in your home (e.g. turn on your music or TV). According to the patent filing: "To express interest, an anthropomorphic device may open its eyes, lift its head, and/or focus its gaze on the user or object of its interest. To express curiosity, an anthropomorphic device may tilt its head, furrow its brow, and/or scratch its head with an arm. To express boredom, an anthropomorphic device may defocus its gaze, direct its gaze in a downward fashion, tap its foot, and/or close its eyes. To express surprise, an anthropomorphic device may make a sudden movement, sit or stand up straight, and/or dilate its pupils."

The patent adds that making the device look "cute" should encourage even the youngest members of a family to interact with it. But Mikhail Avady, from SmartUp, said he thought it belonged in "a horror film", and the campaign group Big Brother Watch has also expressed dismay. "When those devices are aimed specifically at children, then for many this will step over the creepy line," says Avady. "Children should be able to play in private and shouldn't have to fear this sort of passive invasion of their privacy."

itwbennett writes: The FTC has weighed in on the contentious issue of the proposed sale of consumer data by RadioShack, recommending that a settlement with failed online toy retailer Toysmart.com be adopted as a model for dealings going forward. Director of the FTC's bureau of consumer protection Jessica L. Rich wrote in a letter to a court-appointed consumer privacy ombudsman that the agency's concerns about the transfer of customer information inconsistent with RadioShack's privacy promises "would be greatly diminished if certain conditions were met." These include: that the data was not sold standalone, and if the buyer is in the same lines of business, they agree to be bound by the same privacy policies.

An anonymous reader writes with news that Mark Shuttleworth plans to have a Ubuntu smartphone that can be used as a PC out sometime this year. "Despite the recent announcement that Windows 10 phones will be able to be used as PCs when connected to an external monitor, Ubuntu—the first operating system to toy with the idea—hasn't conceded the smartphone-PC convergence race to Microsoft just yet. 'While I enjoy the race, I also like to win,' Ubuntu Foundation founder Mark Shuttleworth said during a Ubuntu Online Summit keynote, before announcing that Canonical will partner with a hardware manufacturer to release a Ubuntu Phone with smartphone-PC convergence features this year.