BitTorrent Owner Accused of Profiting From Movie Piracy

Post Syndicated from Andy original

In 2018, Justin Sun’s Rainberry Inc. successfully acquired BitTorrent Inc.

While the name Rainberry is rarely used in public, company brands such as BitTorrent, TRON, and TRX are more easily recognized by the public, with controversy rarely far behind.

Developments related to these various brands are usually followed closely by the cryptocurrency press, mainly due to Sun’s voluminous tweets that tend to focus on crypto matters, rather than the file-sharing activities of the uTorrent owner.

This was also the case yesterday when sites including Coindesk began reporting on an employment law dispute that was quietly filed last October by a pair of former Rainberry Inc. employees. However, this development also has an interesting copyright angle that hasn’t been explained in detail.

Richard Hall worked as a product manager at the company while Lukasz Juraszek was employed as an engineer, at least before they were dismissed. Their 70-page lawsuit is a trip through many serious allegations, including racism, threats, the witnessing of physical violence, and a number of closely related matters.

However, concerns over Rainberry’s exposure to copyright infringement issues appear to lie at the root of the legal action.

“Defendant Justin Sun and his hand-picked mainland Chinese-born subordinates were engaged in illegal piracy of copyrighted materials for defendant Rainberry Inc., in order to make a profit from the illegal piracy of those materials, as well as other illegal and unscrupulous activities,” the lawsuit reads.

Both Hall and Juraszek characterize themselves as “whistleblowers” who were subjected to a campaign of harassment after they raised concerns over activity at the company. The lawsuit claims that their employment at Rainberry was terminated following their “outright refusal to engage in criminal violation of state and national statutes concerning piracy of intellectual property”, including Hollywood first-run films.

Hall claims he was assigned by the company to work as Senior Director of Product Management on the emerging file-sharing product known publicly as BitTorrent File System (BTFS). He says he raised concerns with his superiors that depending on the architecture and implementation of caching and delivery algorithms, users of BTFS might be monetarily rewarded (via crypto tokens, such as BTT) for “unknowingly storing and distributing inappropriate content” and/or copyright-infringing material.

These complaints, Hall suggests, resulted in him being demoted in a manner that prevented him from overseeing the BTFS product. Nevertheless, he says he sought out proposals from two law firms specializing in copyright law to provide estimates for a legal review of what Rainberry and TRON were preparing to do, specifically for BTFS and another product called BTFS Movie or BT Movie (the lawsuit uses both).

However, the lawsuit claims that following discussion with Justin Sun, it was determined that no legal review would be carried out. According to Hall, he advised that the ‘Movie’ product should be renamed, so that outsiders wouldn’t be given the impression that the company was encouraging the illegal sharing of movies on the BTFS network.

Shortly after, his employment was terminated on the basis that he was “not a fit” for the company, Hall claims.

“[I]t become clear that Richard Hall was terminated because he raised legitimate legal concerns about the actual or potential for BTFS and associated BTFS Movie projects to be engaged in illegal activity and pirating of copyrighted materials that Justin Sun did not want to have investigated because it would delay the launch and reveal the illegal and nefarious activities in which the company was engaged,” the lawsuit reads.

In July 2019, Lukasz Juraszek reports that he realized that BTFS was no longer a “demo app”. As a result he began to step up his concerns over the application because the company had no control over the content being posted on BTFS “which at the time was entirely hosted on TRON’s infrastructure.”

According to him, the Movie app was then “handed off” to Rainberry’s “Mainland China” office for implementation “by end of July 2019.”

In August 2019, Juraszek says he again raised concerns that illegal content could be downloaded from BTFS, that he was uncomfortable working on the project, and that attorneys should be consulted before further work was done on BT Movie. He later carried out his own investigations by accessing the TRON “BT Movie” website to check if illegal content could be found.

According to him, he found a Chinese-subtitled version of The Lion King (which was still in cinemas) along with Once Upon a Time in Hollywood, Godzilla: King of the Monsters, Hobbs & Shaw, Avengers: Infinity Wars”, and “many, many others.”

On August 20, 2019, following what appears to be several strained interactions with management on a variety of topics, Juraszek was reportedly dismissed for “sharing company information” with a third-party.

How the lawsuit will progress from here is unclear but the former Rainberry employees are demanding $15 million in damages. For his part, Justin Sun is mounting a vigorous defense, demanding that the complaint is dismissed in its entirety and the plaintiffs paying his costs.

The complaint can be found here with answers from Justin Sun and co-defendant Cong Li here and here (all pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Empowering Your Privacy

Post Syndicated from Emily Hancock original

Empowering Your Privacy

Empowering Your Privacy

Happy Data Privacy Day! At Cloudflare, our mission is to help build a better Internet, and we believe data privacy is core to that mission. But we know words are cheap — even data brokers who sell your personal information will tell you that “privacy is important” to them. So we wanted to take the opportunity on this Data Privacy Day to show you how our commitment to privacy crosses all levels of the work we do at Cloudflare to help make the Internet more private and secure — and therefore better — for everyone.

Privacy on the Internet means different things to different people. Maybe privacy means you get to control your personal data — who can collect it and how it can be used. Or that you have the right to access and delete your personal information. Or maybe it means your online life is protected from government surveillance or from ad trackers and targeted advertising. Maybe you think you should be able to be completely anonymous online. At Cloudflare, we think all these flavors of privacy are equally important, and as we describe in more detail below, we’ve taken steps to address each of these privacy priorities.

Governments don’t necessarily take the same view on what privacy should mean either. Europe has its General Data Protection Regulation (GDPR), under which people have the right to control how their information is used, and the protection of data is a fundamental right under the EU Charter of Fundamental Rights. The United States takes a consumer-centric approach focusing on deceptive use of information, the sale of information, and privacy from unwarranted government surveillance. Brazil’s privacy law is similar to that of Europe’s, and Canada, New Zealand, Japan, Australia, China, and Singapore (to name a few) have some variation on the theme of a national, comprehensive privacy law.

Rather than viewing privacy of personal data as an ocean of data to be regulated through the lens of any particular government, we think privacy merits a different approach. To begin with, we don’t think there should be an ocean of personal data. We believe in empowering individuals and entities of all sizes with technological tools to reduce the amount of personal data that gets funneled into the data ocean — regardless of whether you live in a country with laws protecting the privacy of your personal data. If we can build tools to help you share less personal data online, then that’s a win for privacy no matter your privacy priorities or country of residence.

Technologies that Enable the Privacy of Personal Data

We’ve said it before — the Internet was not built with privacy and security in mind. But as the Internet has become more essential to daily life and more central to even the most critical corporate and government systems, the world has needed better tools to provide privacy and security for these online functions. When we talk about building a better Internet, for us that means (re)building the Internet with privacy baked in. Since Cloudflare launched in 2010, we’ve released a number of state-of-the-art, privacy-enhancing technologies that can help individuals, businesses, and governments alike:

  • Universal SSL: In 2014, there were 2 million websites that supported encrypted connections. In September of that year we introduced universal SSL (now called Transport Layer Security) for all of our customers, paying and free, and overnight we were able to make SSL easily available at scale to the millions of websites that use Cloudflare. Supporting SSL means that we support encrypting the content of web pages, which had previously been sent as plain text over the Internet. It’s like sending your private, personal information in a locked box instead of on a postcard.
  • Privacy Pass: Cloudflare supports Privacy Pass, which lets users prove their identity across multiple sites anonymously without enabling tracking. When people use anonymity services or shared IPs, it makes it more difficult for website protection services like Cloudflare to identify their requests as coming from legitimate users and not bots. To help reduce the friction for these users — which include some of the most vulnerable users online — Privacy Pass provides them with a way to prove they are legitimate across multiple sites on the Cloudflare network. This is done without revealing their identity, and without exposing Cloudflare customers to additional threats from malicious bots.
  • ESNI: We announced beta support for encrypted Server Name Identification (ESNI) in 2018. Server Name Identification (SNI) was created to allow multiple websites to exist on the same IP address (something that became necessary with the shortage of IPv4 addresses), but it can reveal which websites users are visiting. As described here, ESNI encrypts the SNI, fixing what has been a glaring privacy hole.
  • Public DNS Resolver: In 2018, we announced our public privacy-focused resolver, the Public DNS Resolver (which also turned out to be the world’s fastest public DNS resolver). It was our first consumer product, it’s free, and we built it because we believe that consumers should have the ability to browse the Internet without providers in the middle monitoring user activity. So our public DNS resolver service will never store public DNS resolver users’ IP addresses (referred to as the source IP address) in non-volatile storage, and we anonymize the source IP addresses of public DNS resolver users before logging any data. This way, we have no information about what website a specific user has looked up using the Public DNS Resolver service. We can’t tell who is visiting any given website, and we don’t want to know.
  • DNS over HTTPS (DoH): Using the Public DNS Resolver means that your ISP won’t get all of your browsing data from acting as your DNS resolver, but they will still get it from provisioning those requests unless you encrypt that channel. For those reasons, we added support for DoH. DNS requests can contain some alarmingly personal data, such as your location, the domains and subdomains you have visited, the time of day requests were submitted, and how long you stayed on certain sites. Encrypting those requests ensures that only the user and the resolver get that information, and that no one involved in the transit in between sees it. In addition to DoH, we’ve partnered with Mozilla to support private web browsing in Firefox. We have also employed query minimization to ensure that those who don’t need to access the full URL you are requesting, simply don’t.
  • Mobile Application with WARP: People are accessing the Internet from their mobile devices more and more, so in 2019 we launched our Mobile Application with WARP. You can enable our mobile application in DNS-only mode to ensure that all of your mobile device’s DNS queries are sent to our Public DNS Resolver using either DNS over HTTPS or DNS over TLS. You can also enable WARP in our mobile application, which includes everything from our DNS-only mode and will also route traffic from your device through the Cloudflare network via encrypted tunnels. This means that even if you are accessing websites or mobile applications that are not using HTTPS, the content transmitted to and from your device will be encrypted if you have WARP enabled and will not be sent as plain text over the Internet.  

How We Do Privacy at Cloudflare

The privacy-enhancing technologies we build are public examples of how we put our money where our mouth is when it comes to privacy. We also want to tell you about the ways — some public, some not — we infuse privacy principles at all levels at Cloudflare.

  • Employee Education and Mindset: An understanding of privacy is core to a Cloudflare employee’s experience right from the start. Employees learn about the role privacy and security play in helping to build a better Internet in their first week at Cloudflare. During the comprehensive employee orientation, we stress the role each employee plays in keeping the company and our customers secure. All employees are required to take annual data protection training, which introduces employees to the fundamentals of the Fair Information Practices (FIPs), GDPR and other applicable laws, and we do targeted training for individual teams, depending on their engagement with personal data, throughout the year.
  • Privacy in Product Development: We have built the FIPs and GDPR requirements into product development. Cloudflare employees take privacy-by-design seriously. We develop products and processes with the principles of data minimization, purpose limitation, and data security always front of mind. We have a product development lifecycle that includes performing privacy impact assessments when we may process personal data. We retain personal data we process for as short a time as necessary to provide our services to our customers. We do not cross-track individual Internet users across sites. We don’t sell personal information. We don’t monetize DNS requests. We detect, deter, and deflect bad actors — we’re not in the business of looking at what any one person (or more specifically, browser) is doing when they browse the Internet. That’s not what we’re about.
  • Internal Compliance with Privacy Regulations: Even before Europe’s watershed GDPR went into effect in 2018 and the California Consumer Privacy Act (CCPA) took effect earlier this month, we were focusing on how to implement the privacy principles embodied in regulations globally. A key part of this has been to minimize our collection of personal data and to only use personal data for the purpose for which it was collected. We view the GDPR and CCPA as a codification of many of the steps we were already taking: only collect the personal data you need to provide the service you’re offering; don’t sell personal information; give people the ability to access, correct, or delete their personal information; and give our customers control over the information that, for example, is cached on our content delivery network (CDN), stored in Workers Key Value Store, or captured by our web application firewall (WAF).
  • Security as a Means to Enhance Privacy: We’re a security company, so naturally we view security as a critical element of ensuring data privacy. In addition to the extensive internal security mechanisms we have in place to protect our customers’ data, we also have become certified under industry standards to demonstrate our commitment to data security. We are ISO 27001 and AICPA SOC 2 Type II certified. Cloudflare’s SOC 2 Type II report covers security, confidentiality, and availability controls to protect customer data. We also maintain a SOC 3 report which is the public report of Security, Confidentiality, and Availability controls. In addition to this, we comply with our obligations under the EU Directive on Security of Network and Information Systems (NIS).
  • Privacy-focused Response to Government and Third-Party Requests for Information: Our respect for our customers’ privacy applies with equal force to commercial requests and to government or law enforcement requests. Any law enforcement requests that we receive must strictly adhere to the due process of law and be subject to judicial oversight. We believe that U.S. law enforcement requests for the personal data of a non-U.S. person that conflict with the privacy laws of that person’s country of residence (such as the EU GDPR) should be legally challenged. Consistent with both the U.S. CLOUD Act and the proceedings in the Microsoft Ireland case,  providers like Cloudflare may ask U.S. courts to quash requests from U.S. law enforcement based on such a conflict. In addition, it is our policy to notify our customers of a subpoena or other legal process requesting their customer or billing information before disclosure of that information, whether the legal process comes from the government or private parties involved in civil litigation, unless legally prohibited. We also publicly report on the types of requests we receive, as well as our responses, in our semi-annual  Transparency Report. Finally, we publicly list certain types of actions that Cloudflare has never taken in response to government requests, and we commit that if Cloudflare were asked to do any of the things on this list, we would exhaust all legal remedies in order to protect our customers from what we believe are illegal or unconstitutional requests.
  • Bringing Privacy and Security to Vulnerable Entities (Project Galileo): Since 2014, we have been providing a wide range of security products to important, yet vulnerable, voices on the internet with Project Galileo. Privacy is essential to the more than 900 organizations receiving free services under the Project, as many face threats from powerful adversaries. These organizations range from humanitarian groups and non-profit organizations, to journalism and media sites that are repeatedly flooded with malicious attacks in an attempt to knock them offline.
  • Spreading the Message on What We Think Privacy Should Look Like: It isn’t enough to build tools with privacy in mind; we also feel a responsibility to share best practices we have learned and work with policymakers to help them understand the implications of regulation on complex technologies. For example, Cloudflare has actively supported efforts to develop a framework for US Federal privacy standards, urging policymakers to adopt technology-neutral approaches that allow standards to change and improve as technology does. In Europe, we are engaged in the ongoing discussions on the draft ePrivacy Regulation, which aims to enshrine the important principle of confidentiality of communications and guides companies on cookie usage and direct marketing. We are also actively contributing to the EU debate on the draft eEvidence Regulation, which seeks to facilitate cross-border access to data. We believe this initiative must fully respect the EU Charter of Fundamental Rights and the EU data protection framework.

So What’s Next?

Protecting the privacy of personal data is an ongoing journey. Our approach has never been to check the boxes of compliance and move on. We are continually evaluating how we handle personal data and looking for ways to minimize the amount of personal data we receive. We will continue to be self-critical and examine our own motivations for the technologies we develop. And we will keep working, just as we have for the past ten years, to find new ways to secure privacy and security for our customers and for the Internet as a whole.

Няма WiFi – да решим въпроса политически!

Post Syndicated from Bozho original

В парламента спира WiFi-ът. Депутатите свикват извънредно заседание, на което да се съгласят, че проблем има. Опозицията обяснява, че по тяхно време WiFi винаги е имало. Управляващите се оправдават, че има кофти рутери, купени с обществена поръчка от опозицията, когато е била на власт, и това в основата на проблема. Все пак депутатите приемат, че WiFi няма и това трябва да се реши.

Председателят на комисията по транспорт, информационни технологии и съобщения свиква работна група – участват заинтересовани депутати, експерти от академичната общност и от ИТ сектора. В рамките на месец работната група се събира три пъти, но дискусията рядко е по същество. Минава се през изграждането на мрежата на държавната администрация НАМДА и кой какво е направил за нейното функциониране, през милионите дадени за инфраструктура, през това как са идвали наскоро гости от САЩ и Израел и какво са казали за WiFi-а в хотелите си.

Накрая работната група стига до заключение, че трябва да има устойчивост в комуникационната инфраструктура и това е национален приоритет. В доклад от една страница (защото по-дълъг би отнел година работа на работната група), се препоръчва приемане на законодателство по въпроса и създаване на държавен орган, който да е натоварен с политиката по изграждане и поддържане на комуникационна инфраструктура.

„Група народни представители“ дават доклада на адвокатска кантора, където няколко стажанти за месец написват законопроект. Депутатите го внасят (както си е – без пълен член и с редица правни неточности). Официално е Закон за комуникационната инфраструктура, но всички го наричат Закон за WiFi-a.

Но WiFi все още няма.

Дебатът на първо четене не е по същество. Говори се за важността на компютрите. За това как не може в 21-ви век една институция да няма WiFi. Един по-технически запознат депутат взема думата и споменава, че е хубаво като тръгне WiFi-ът, да се ползва WPA3, защото WPA2 е несигурен, но бързо бива скастрен от председателя с фразата „не технологизирайте дебата!!“

Между първо и второ четене фирмите, изграждащи мрежи, вкарват свои поправки през депутати, за да могат да продадат старото си оборудване, религиозни организации вкарват текст за освещаване на рутерите, а Менда Стоянова вкарва с преходни и заключителни разпоредби изменения на държавното устройство в Конституцията.

Шест месеца след спирането на WiFi-а законът е приет. Ще се създаде Държавна агенция за електронна и безжична администрация (защото никой не е обърнал внимание какво съкращение се получава), към нея ще има Съвет по комуникационна инфраструктура. Свикана е работна група към Министерски съвет са изготвяне на устройствен правилник и друга – за изработване на наредба към закона. Наредбата включва стандарти като IEEE 802.11, но няколко специалисти по ЗОП настояват да се запише „или еквивалентен“, за да нямало наказателна процедура от Европейската комисия за фаворизиране на един стандарт.

След година и половина агенцията е създадена, но два месеца по-късно все още WiFi няма. Депутатите от опозицията отправят питане до ресорния вицепремиер, а той от трибуната отговаря, че това управление е свършило изключително много за наличието на WiFi, а това, че в момента в сградата няма е неприятно обстоятелство, но важното е, че е отчетен сериозен напредък, покрити са редица индикатори – за наличие на нормативна уредба, за транспониране на европейски норми, за стратегическа рамка, и всеки момент ще стигнат до индивидуални проблеми, които институциите или гражданите може да имат въпреки бляскавия успех на политиките по комуникационната инфраструктура.

На втората година от спирането, в парламента постъпва на работа младши системен администратор (разбира се, племенник на заместник-министър) и рестартира рутера. WiFi-ът тръгва. Управляващите отчитат успеха, по националните медии се изреждат говорители (предимно бивши ченгета), които да величаят колко напредничаво е управлението. „Ето, даже вече мога да отварям сайтове на телефона си“ показва в ефир един депутат.

Междувременно Илон Мъск каца на Марс.

[$] Some 5.5 kernel development statistics

Post Syndicated from corbet original

The 5.5 kernel was released on
January 26. Over the course of this development cycle, it was
occasionally said that the holidays were slowing contributions. At the
end, though, 5.5 saw the merging of 14,350 non-merge changesets from 1,885
developers — not exactly a slow-moving cycle. Indeed, 5.5 just barely
edged out 5.4 as the kernel with the most developers ever. Read on for our
traditional look at where the contributions to 5.5 came from, along with a
digression into the stable-update process.

Update on Amazon Linux AMI end-of-life

Post Syndicated from Julien Simon original

Launched in September 2010, the Amazon Linux AMI has helped numerous customers build Linux-based applications on Amazon Elastic Compute Cloud (EC2). In order to bring them even more security, stability, and productivity, we introduced Amazon Linux 2 in 2017. Adding many modern features, Amazon Linux 2 is backed by long-term support, and we strongly encourage you to use it for your new applications.

As stated in the FAQ, we documented that the last version of the Amazon Linux AMI (2018.03) would be end-of-life on June 30, 2020. Based on customer feedback, we are extending the end-of-life date, and we’re also announcing a maintenance support period.

End-of-life Extension
The end-of-life for Amazon Linux AMI is now extended to December 31, 2020: until then, we will continue to provide security updates and refreshed versions of packages as needed.

Maintenance Support
Beyond December 31, 2020, the Amazon Linux AMI will enter a new maintenance support period that extends to June 30, 2023.

During this maintenance support period:

  • The Amazon Linux AMI will only receive critical and important security updates for a reduced set of packages.
  • It will no longer be guaranteed to support new EC2 platform capabilities, or new AWS features.

Supported packages will include:

  • The Linux kernel,
  • Low-level system libraries such as glibc and openssl,
  • Popular packages that are still in a supported state in their upstream sources, such as MySQL and PHP.

We will provide a detailed list of supported and unsupported packages in future posts.

If you need assistance or have feedback, please reach out to your usual AWS support contacts, or post a message in the AWS Forum for Amazon Linux. Thank you for using Amazon Linux AMI!

– Julien


Quantum Entanglement Meets Superconductivity in Novel Experiment

Post Syndicated from Mark Anderson original

Two mysterious components of quantum technology came together in a lab at Rice University in Houston recently. Quantum entanglement—the key to quantum computing—and quantum criticality—an essential ingredient for high-temperature superconductors—have now been linked in a single experiment.

The preliminary results suggest something approaching the same physics is behind these two essential but previously distinct quantum technologies. The temptation, then, is to imagine a future in which a sort of grand unified theory of entanglement and superconductivity might be developed, where breakthroughs in one field could be translated into the other.

YTS ‘Settles’ Another Movie Piracy Lawsuit, While More Users Get Sued

Post Syndicated from Ernesto original

With millions of users, torrent site YTS is one of the largest pirate sites on the Internet.

The site is a thorn in the side of many filmmakers, several of which dragged the site’s operator to US courts last year.

These types of lawsuits have proven to be lethal in the past, but not for YTS. We previously reported that YTS settled its dispute with movie outfit Wicked Nevada, and late last week it reached a similar agreement with HB Productions, the makers of the film Hellboy.

A new filing submitted at a federal court in Hawaii shows that both parties agreed to a stipulated consent judgment. The order, signed by US District Court Judge Alan Kay, effectively ends the lawsuit.

Senthil Vijay Segaran, the suspected operator of YTS, denies liability but confirms that he is the ‘John Doe’ described in the complaint and admits that people used YTS to share pirated content.

“Defendant SENTHIL VIJAY SEGARAN denies liability but acknowledges that he is Defendant JOHN DOE dba YTS identified in the original complaint and concedes that one or more third parties uploaded the torrent file of Plaintiff’s motion picture to his website YTS.LT,” it reads.

The agreement also comes at a high price for the operator. Similar to the previous settlement, Segaran agrees to pay $150,000 to compensate for the damages suffered by the makers of Hellboy.

In addition, the consent judgment includes a permanent injunction. This prevents YTS’s operator from distributing and/or promoting torrent files that point to the Hellboy film. Thus far this is indeed the case, as no longer lists the movie.

It is quite unusual for a movie company to resolve a lawsuit against a torrent site in this manner. Like the previous settlement, this case was handled by attorney Kerry Culpepper, who is also behind the one remaining lawsuit against YTS.

The fact that YTS remains online is good news for millions of YTS users but not all will be pleased. Around the same time that the filmmakers and YTS resolved their differences, new copyright infringement lawsuits were filed against YTS users.

These cases partly rely on information that appears to have been obtained from the YTS user database. For example, a lawsuit filed against Hawaii resident Puakailima Davis last week states the following;

“Defendant, from Internet Protocol (‘IP’) address, used a registered account associated with the email address “” to access torrent files from YTS.

“Defendant went to torrent sites including the website YTS to upload and download Plaintiffs’ copyrighted Works,” the complaints later adds.

The complaint further mentions at what times the defendant “logged into her email address,” although it’s not clear whether that refers to the website login or that of the email provider.

As mentioned previously, an email address itself is not hard evidence. People who register an account with YTS don’t have to confirm their email, so anyone can sign up with a random address, including those of other people.

It’s not stated how all the referenced information was obtained, which leaves us with little more than speculation.

A possible scenario is that the YTS operator gave up the user information as part of the negotiations. This would not be unprecedented, as the developer of the app CotoMovies shared similar information with the film companies in the past.

TorrentFreak contacted Kerry Culpepper, the attorney in charge, but he informed us that he couldn’t comment on the matter at this time., meanwhile, remains online.

TorrentFreak obtained a copy of the stipulated consent judgment between HB Productions and Senthil Vijay Segaran, which is available here (pdf). Two new complaints against alleged YTS users are available here (pdf) and here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Qt offering changes 2020

Post Syndicated from ris original

The Qt blog has announced some
in how the Qt toolkit is offered to consumers. Notably,
installation of Qt binaries will require a Qt Account and
long-term-supported (LTS) releases and the offline installer will become
available to commercial licensees only. “From February onward, everyone, including open-source Qt users, will require valid Qt accounts to download Qt binary packages. We changed this because we think that a Qt account lets you make the best use of our services and contribute to Qt as an open-source user.

We want open-source users to help improve Qt in one form or another, be that through bug reports, forums, code reviews, or similar. These are currently only accessible from a Qt account, which is why having one will become mandatory.”

Modern Mass Surveillance: Identify, Correlate, Discriminate

Post Syndicated from Bruce Schneier original

Communities across the United States are starting to ban facial recognition technologies. In May of last year, San Francisco banned facial recognition; the neighboring city of Oakland soon followed, as did Somerville and Brookline in Massachusetts (a statewide ban may follow). In December, San Diego suspended a facial recognition program in advance of a new statewide law, which declared it illegal, coming into effect. Forty major music festivals pledged not to use the technology, and activists are calling for a nationwide ban. Many Democratic presidential candidates support at least a partial ban on the technology.

These efforts are well-intentioned, but facial recognition bans are the wrong way to fight against modern surveillance. Focusing on one particular identification method misconstrues the nature of the surveillance society we’re in the process of building. Ubiquitous mass surveillance is increasingly the norm. In countries like China, a surveillance infrastructure is being built by the government for social control. In countries like the United States, it’s being built by corporations in order to influence our buying behavior, and is incidentally used by the government.

In all cases, modern mass surveillance has three broad components: identification, correlation and discrimination. Let’s take them in turn.

Facial recognition is a technology that can be used to identify people without their knowledge or consent. It relies on the prevalence of cameras, which are becoming both more powerful and smaller, and machine learning technologies that can match the output of these cameras with images from a database of existing photos.

But that’s just one identification technology among many. People can be identified at a distance by their heartbeat or by their gait, using a laser-based system. Cameras are so good that they can read fingerprints and iris patterns from meters away. And even without any of these technologies, we can always be identified because our smartphones broadcast unique numbers called MAC addresses. Other things identify us as well: our phone numbers, our credit card numbers, the license plates on our cars. China, for example, uses multiple identification technologies to support its surveillance state.

Once we are identified, the data about who we are and what we are doing can be correlated with other data collected at other times. This might be movement data, which can be used to “follow” us as we move throughout our day. It can be purchasing data, Internet browsing data, or data about who we talk to via email or text. It might be data about our income, ethnicity, lifestyle, profession and interests. There is an entire industry of data brokers who make a living analyzing and augmenting data about who we are ­– using surveillance data collected by all sorts of companies and then sold without our knowledge or consent.

There is a huge ­– and almost entirely unregulated ­– data broker industry in the United States that trades on our information. This is how large Internet companies like Google and Facebook make their money. It’s not just that they know who we are, it’s that they correlate what they know about us to create profiles about who we are and what our interests are. This is why many companies buy license plate data from states. It’s also why companies like Google are buying health records, and part of the reason Google bought the company Fitbit, along with all of its data.

The whole purpose of this process is for companies –­ and governments ­– to treat individuals differently. We are shown different ads on the Internet and receive different offers for credit cards. Smart billboards display different advertisements based on who we are. In the future, we might be treated differently when we walk into a store, just as we currently are when we visit websites.

The point is that it doesn’t matter which technology is used to identify people. That there currently is no comprehensive database of heartbeats or gaits doesn’t make the technologies that gather them any less effective. And most of the time, it doesn’t matter if identification isn’t tied to a real name. What’s important is that we can be consistently identified over time. We might be completely anonymous in a system that uses unique cookies to track us as we browse the Internet, but the same process of correlation and discrimination still occurs. It’s the same with faces; we can be tracked as we move around a store or shopping mall, even if that tracking isn’t tied to a specific name. And that anonymity is fragile: If we ever order something online with a credit card, or purchase something with a credit card in a store, then suddenly our real names are attached to what was anonymous tracking information.

Regulating this system means addressing all three steps of the process. A ban on facial recognition won’t make any difference if, in response, surveillance systems switch to identifying people by smartphone MAC addresses. The problem is that we are being identified without our knowledge or consent, and society needs rules about when that is permissible.

Similarly, we need rules about how our data can be combined with other data, and then bought and sold without our knowledge or consent. The data broker industry is almost entirely unregulated; there’s only one law ­– passed in Vermont in 2018 ­– that requires data brokers to register and explain in broad terms what kind of data they collect. The large Internet surveillance companies like Facebook and Google collect dossiers on us are more detailed than those of any police state of the previous century. Reasonable laws would prevent the worst of their abuses.

Finally, we need better rules about when and how it is permissible for companies to discriminate. Discrimination based on protected characteristics like race and gender is already illegal, but those rules are ineffectual against the current technologies of surveillance and control. When people can be identified and their data correlated at a speed and scale previously unseen, we need new rules.

Today, facial recognition technologies are receiving the brunt of the tech backlash, but focusing on them misses the point. We need to have a serious conversation about all the technologies of identification, correlation and discrimination, and decide how much we as a society want to be spied on by governments and corporations — and what sorts of influence we want them to have over our lives.

This essay previously appeared in the New York Times.

EDITED TO ADD: Rereading this post-publication, I see that it comes off as overly critical of those who are doing activism in this space. Writing the piece, I wasn’t thinking about political tactics. I was thinking about the technologies that support surveillance capitalism, and law enforcement’s usage of that corporate platform. Of course it makes sense to focus on face recognition in the short term. It’s something that’s easy to explain, viscerally creepy, and obviously actionable. It also makes sense to focus specifically on law enforcement’s use of the technology; there are clear civil and constitutional rights issues. The fact that law enforcement is so deeply involved in the technology’s marketing feels wrong. And the technology is currently being deployed in Hong Kong against political protesters. It’s why the issue has momentum, and why we’ve gotten the small wins we’ve had. (The EU is considering a five-year ban on face recognition technologies.) Those wins build momentum, which lead to more wins. I should have been kinder to those in the trenches.

If you want to help, sign the petition from Public Voice calling on a moratorium on facial recognition technology for mass surveillance. Or write to your US congressperson and demand similar action. There’s more information from EFF and EPIC.

Свободата, Санчо…

Post Syndicated from Григор original

Няколко неотдавнашни случки ми напомниха един запис в блога на Андрей Шипилов, който бях превел преди време.

В този запис Шипилов описва какво точно прави ватенкаджията на Запад. (За по-младите, „ватенкаджия“ ще рече човек, който дори ако го извадят от комунизма, няма да успеят да извадят комунизма от него.) И много точно отбелязва защо постъпва така – защото не може да разбере, че в западната страна я няма тази всеобхващаща всичко йерархия, която е вплетена в цялото съществуване на човека в комунистическата държава, и от нея зависи абсолютно всичко. (Пояснение: ако една държава нарича себе си не-комунистическа, това не я прави не-комунистическа, дори ако някои хора ѝ вярват. Точно както парче тоалетна хартия с надраскано „100 лева“ на него не става пари, дори ако съществуват наивници, които биха го повярвали. Прави я не-комунистическа истинската, реална а не имитирана промяна на някои отношения в нея.) В която това да отстъпиш предимство на кръстовище на някого означава да отстъпиш място в йерархията, с последствия за целия ти живот – или поне такова чувство имаш.

Друго, което Шипилов описва, е поведението на Запад на некадърниците емигранти, които изпадат до дъното. Те се чувстват на дъното на социалната йерархия, и това им тежи много повече, отколкото икономическото им положение. (В повечето западни страни на социални помощи се живее по-добре, отколкото средният здраво работещ в Русия.) Много често започват да са руски ура-патриоти, да се бият в гърдите и да разправят грандиозни небивалици за Русия, които биха засрамили дори платените тролове от Агенцията за интернет влияние в Санкт Петербург. И съответно биват очуквани от тези руснаци, които не са чак такива некадърници и са успели да намерят място в живота. А и от останалите в Русия – те, странно защо, хич не са петимни да приемат патриотизма им…

Това, което Шипилов не засяга обаче, е откъде идва тази всеобхващаща йерархия в (пост-)комунистическата реалност, и защо я няма на Запад. А от анализа на това нещо излизат няколко много интересни извода.

Буквално преди десет дни се върнах от САЩ, след месец и половина там. Грижих се за болни роднини, нямах време за нищо друго. Но забелязах – не за пръв път – куп интересни неща, които се свързват с анализа на Шипилов.

Едно от тях е разликата в хората. Можете да я видите буквално на улицата, по пътя от жилището до магазина и обратно. Масовият българин ходи по улицата унил, намусен, мрачен и прегърбен. Отстъпите ли му път, може да промърмори някое хладно „мерси“, но най-често ви подминава като бърз влак селска гаричка. Усмихнете ли му се, ви поглежда с недоумение и забързва да се отдалечи. Недай боже да му кажете някоя подкрепяща или топла дума – моментално ви категоризира при лудите, и се измъква колкото по-бързо може… Масовият американец ходи по улицата спокоен, най-често усмихнат, със самочувствие. Отстъпите ли му път, ви благодари и продължава с усмивка. Усмихнете ли му се, се усмихва в отговор и кимва – дори ако не ви познава. А ако го заговорите приятелски и с добра дума, направо грейва от щастие – ако има време, с удоволствие ще си поговори с вас и ще ви каже нещо окуражаващо и топло в отговор. Нищо, че не ви познава… Заговорете масовия американец – той ще се похвали, не с фукня а с добро настроение, ако ще да е с колко хубаво е времето. Масовият българин ще мрънка до последно, дори ако буквално няма за какво – няма да миряса, докато не ви напълни душата с чернилка и отврат… Да, и на двете места има изключения – но правилото е това.

Чувал съм българи да казват, че американците са такива, понеже са лицемерни. (Като правило българи, които не са стъпвали там.) Реално американците си имат не по-малко проблеми то нас. Те просто знаят, че околните не са длъжни да се товарят с проблемите им и да търпят мрънкането им. И че ако вместо да мрънкат кажат нещо слънчево и топло, вероятно ще получат също такъв отговор, и това ще повдигне и техния дух… Но истинската разлика тръгва отдругаде.

Шипилов отбелязва и още нещо – фактът, че Русия всъщност е не страна, а концлагер, в доста буквален смисъл на думата. Че там населението се дели не на жители и обслужваща ги администрация, а на затворници и командваща ги администрация. Че там шофьорът на трети помощник-прокурор стои несравнимо над академика и лауреат на Нобелова награда, понеже шофьорът е част от админстрацията, а академикът е просто затворник, ако и по-прославен от повечето. Че шофьорът може да прегази и убие академика, и вероятно няма даже да го разследват, а ако академикът каже дума напреки на шофьора, жална му майка. Дори ако е прав – всъщност, особено ако е прав…

(Да ви напомня това една друга държава? Мила и родна?… И още нещо. Като живеещ вече от доста години на Запад, Шипилов е учтив и използва термините „администрация“ и „затворници“. Аз си предпочитам по-директните – пастири и добитък. По-обидни са за добитъка, но са по-верни.)

Шипилов не споменава, че именно това е положението, което създава тази йерархия и нуждата от нея в хората – публикацията му е с таргет руснаците, те си го знаят. Но, като по-така от тях, ние не го разбираме, и трябва да ни се каже малко по-директно и право в очите. И да ни се повтаря често, понеже някои неща стигат до нас трудно. Както знаем, природата не търпи празно пространство – липсата на мозък се компенсира с дебелина на главата.

На теория и на думи, средният руснак (чети: българин) има пълните възможности да постигне всичко, което иска – просто трябва да се пребори. Живее в свободна страна, сред капитализъм, управлява го дясно и консервативно правителство, и т.н… В реалността обаче той живее сред феодализъм, в страна, в която няма да бъде допуснат да надскочи отреденото му ниво – да е добитък, който бива доен, стриган и при нужда от месо клан. Надежда за по-добро в такава страна може да има само идиот, който не е наясно с реалността. Тъй като идиотизмът обикновено е на ниво съзнание, а подсъзнанието има добра връзка с реалността и начини да се меси на съзнанието, често такива идиоти оцеляват въпреки илюзиите си. Единствено клиничните случаи обаче могат да са реално обнадеждени и оптимистични, и дълбоко да вярват в по-добро бъдеще. Бившата политическа полиция / Държавна сигурност (днес мафията в България) е друга приказка, тя държи и притежава на практика всичко, нейните членове имат всички поводи да са оптимисти. Те като правило са или скоро ще бъдат на социално ниво далеч над това, което отговаря на способностите им и приносите им към обществото. Ако обаче не сте от тях, постигането на нещо по-добро е твърде малко вероятно да ви се случи, така че оптимизмът е признак на обикновена неадекватност.

В западните държави положението е съвсем друго. Дори в най-свободните да постигнеш нещо по-добро от сегашното изисква огромен труд, и често немалко талант и/или късмет. Но разделението на обществото на „чичови“ и добитък, с непробиваема стена между тези две касти, го няма. Имаш ли трудолюбието и таланта, може да не станеш чак Рокфелер или Джеф Безос, но ще постигнеш повече от сега – и хората го знаят и виждат наоколо. Не случайно американецът прави зад граница впечатление на човек, който мисли, че всичко му е позволено и посилно – в САЩ просто това е положението, каквото не вреди на другите е позволено и обикновено е посилно…

Затова и масовият западняк е оптимист. Подсъзнателната му връзка с реалността казва – хвърлиш ли усилията, ще успееш, може би не баснословно, но ще си по-добре от днес. Докато масовият българин е песимист, по точно същата причина. Подсъзнателната му връзка с реалността казва – колкото и да се пънеш, утре няма да си по-добре. Дори случайно да успееш да постигнеш нещо, много бързо ще те усетят и ще ти го отнемат някак… Не знаем как става така, на теория не би трябвало. Не можем да обясним откъде идва, принципно няма причина да се случва. Всеки от нас познава по някои хора, които са успели тук в България, че и преуспели – но ако се опита да повтори техния успех, някак не му се получава, колкото и точно да спазва рецептата. Някак все се случва така, че тези врати, които за едни други хора са отворени, за нас са затворени. Някак си тези други хора сключват сделки при условия, при които печелят и разширяват инициативата си, докато получените от нас условия в добрия случай ни позволяват да оцелеем. Случват се и редки изключения, но някак си правилото е това… Някои от нас дори познават хора, които успяват не чрез принадлежност към „едни кръгове“, а чрез нечовешки труд и феноменален талант – и такива има, но са изключението, и обикновено след пет или десет години някак си се случва така, че успехът им пресъхва. Въпреки че трудът и талантът им са си същите…

Разбира се, Западът също не е ваксиниран срещу този ефект, ако и той там да е изключението, а не правилото. И понякога това изключение тежи доста. Примерно е интересна ролята му в тероризма. Един френски професор по социология беше направил преди време масивен анализ на всички актове на ислямски тероризъм във Франция за последното десетилетие, дори напълно неуспешните – над 100 броя – и беше анализирал извършителите им. Към една трета се бяха оказали „оригинални“ французи, приели исляма. От останалите буквално нямаше имигранти първо поколение. На практика без изключение извършителите от имигрантски произход бяха второ поколение, родено и израсло във Франция, като правило без фанатични родители и прочее. И на практика всички извършители, без значение на произхода им, бяха пълни некадърници, несмогнали да постигнат нищо в живота, проваляли се неведнъж, повечето от тях стари познайници на полицията. (Първото поколение като правило са хора с инициатива и хъс, щом са смогнали да имигрират, така че не са неудачници и не стават терористи. Нищо, че сред тях дълбоко религиозните са по-висок процент, отколкото сред родените и израсли в Европа техни чеда.)

Какво отпраща тези хора – било имигранти, било местни – към религиозния фундаментализъм, и оттам към тероризма? Същото, което Шипилов описва как праща някои към ура-патриотизма и нац(ионал)изма. Тоталният неуспех, дори ако е основателен, до степен да загубиш надежда, че някога ще постигнеш по-добър живот. Иначе казано – загубата на вътрешната им свобода. Тя отпраща психически нестабилните – било по начало, било осакатени от липса на свобода в обществото им – към търсене на някоя яка банда, към която да се прилепят, та да се крепят поне на нейния авторитет. И ако намерят „подходящо“ място, като правило се опитват да извоюват позиции в него чрез ултра-правоверност и крайност – това е, което умеят и най-некадърните. Ако мястото не цени крайния фанатизъм, те обикновено разбират, че нямат перспектива там, и продължават търсенето, докато не намерят къде го ценят. Ако имат късмета мястото да има разбиране на човешките проблеми и опит с грижата за тях (най-често при някой мъдър духовник или психолог по душа), с много търпение и внимателно обучение те могат да бъдат докарани до кадърност в някакво полезно отношение. Това обикновено им дава вътрешната опора на увереността в себе си и надеждата за по-добро утре, и така прекъсва пропадането им.

Повечето обаче нямат този късмет. Някои стават доносници и слухари (в страни, където тази професия е търсена), и топят и клепат всеки по-свестен от тях със садистично удоволствие, щастливи от властта си над него / положението си в обществото над него, готови за тази власт на всяка без изключение гадост. (Да ви е позната картинката?) Други стават членове на криминални банди, където обикновено са готови за име и „уважение“ да вършат от каквото и бандит би се погнусил. Някои попадат в крайнодесни групировки, където са ценни пак със същото (в повечето бели страни крайнодесните извършват повече престъпления с повече жертви от ислямските терористи). Някои биват уловени от разузнавания и други тайни служби, които ги използват като „актив“. Някои попадат на култове и секти, които ги „утилизират“ според нуждата от хора, готови на всичко.

Ислямският тероризъм е именно в последната категория. Жълтите медии и популистите-измамници го възвеличават като страшилище, плашат хората с него и т.н. По този начин те го правят привлекателен за търсещите опора на всякаква цена. Придават му образа на „най-яката банда“, и това привлича изгубилите надежда неудачници. Те се лепват към него и влизат в „употреба“, вършат каквото някой им е казал, че ще им донесе слава / рай / уважение / …, и дават още храна на рупорите на страха. Кръгът се затваря – къде върху исляма, къде върху циганите, къде върху злите комунисти / капиталисти / цесекари / левскари.

А когато хората се наплашим достатъчно, ставаме склонни да изберем измамници или некадърници, които обещават решаване на проблема с мрака чрез още по-тъмен мрак. И ручаме ли ручаме жабета, и търсим под дърво и камък кой ни сра в гащите. И повтаряме „Съсипаха я тая държава“ – сякаш я е съсипал някой друг, а не именно и точно ние. С глупостта да избираме да сме несвободни, дори при малкото шансове да изберем да сме свободни. Не, не само на избори – те са най-малкият шанс, веднъж на години са. А да сме несвободни отвътре, от предразсъдъците и заблудите си, доста от нас избираме всеки ден. И после търсим ключа към изхода от положението си не където сме го захвърлили, а където ни свети който ни е видял как го хвърляме и си го е прибрал.

И като теглим чертата под всичко, пак опираме до прастарото „Свободата, Санчо…“. И за кой ли път се оказва, че където има свобода, има и салам на масата – а където не разбират важността на свободата, саламът го има в телевизора.

JavaScript Libraries Are Almost Never Updated Once Installed

Post Syndicated from Zack Bloom original

JavaScript Libraries Are Almost Never Updated Once Installed

Cloudflare helps run CDNJS, a very popular way of including JavaScript and other frontend resources on web pages. With the CDNJS team’s permission we collect anonymized and aggregated data from CDNJS requests which we use to understand how people build on the Internet. Our analysis today is focused on one question: once installed on a site, do JavaScript libraries ever get updated?

Let’s consider jQuery, the most popular JavaScript library on Earth. This chart shows the number of requests made for a selected list of jQuery versions over the past 12 months:

JavaScript Libraries Are Almost Never Updated Once Installed

Spikes in the CDNJS data as you see with version 3.3.1 are not uncommon as very large sites add and remove CDNJS script tags.

We see a steady rise of version 3.4.1 following its release on May 2nd, 2019. What we don’t see is a substantial decline of old versions. Version 3.2.1 shows an average popularity of 36M requests at the beginning of our sample, and 29M at the end, a decline of approximately 20%. This aligns with a corpus of research which shows the average website lasts somewhere between two and four years. What we don’t see is a decline in our old versions which come close to the volume of growth of new versions when they’re released. In fact the release of 3.4.1, as popular as it quickly becomes, doesn’t change the trend of old version deprecation at all.

If you’re curious, the oldest version of jQuery CDNJS includes is 1.10.0, released on May 25, 2013. The project still gets an average of 100k requests per day, and the sites which use it are growing in popularity:

JavaScript Libraries Are Almost Never Updated Once Installed

To confirm our theory, let’s consider another project, TweenMax:

JavaScript Libraries Are Almost Never Updated Once Installed

As this package isn’t as popular as jQuery, the data has been smoothed with a one week trailing average to make it easier to identify trends.

Version 1.20.4 begins the year with 18M requests, and ends it with 14M, a decline of about 23%, again in alignment with the loss of websites on the Internet. The growth of 2.1.3 shows clear evidence that the release of a new version has almost no bearing on the popularity of old versions, the trend line for those older versions doesn’t change even as 2.1.3 grows to 29M requests per day.

JavaScript Libraries Are Almost Never Updated Once Installed

Clearly the new version cannot be replacing many of the legacy installations.

The clear conclusion is whatever libraries you publish will exist on websites forever. The underlying web platform consequently must support aged conventions indefinitely if it is to continue supporting the full breadth of the web. Cloudflare is also, of course, very interested in how we can contribute to a web which is kept up-to-date. Please make suggestions in the comments below.

Security updates for Monday

Post Syndicated from ris original

Security updates have been issued by Debian (jsoup and slirp), Fedora (community-mysql, elog, fontforge, libuv, libvpx, mingw-podofo, nodejs, opensc, podofo, thunderbird-enigmail, transfig, and xfig), openSUSE (arc, libssh, and libvpx), Red Hat (git, java-1.8.0-openjdk, java-11-openjdk, python-reportlab, and sqlite), Slackware (thunderbird), and SUSE (java-1_8_0-openjdk, python, and samba).

How India, the World’s Largest Democracy, Shuts Down the Internet

Post Syndicated from Jeremy Hsu original

When government officials in India decided to shut down the Internet, software engineers working for an IT and data analytics firm lost half a day of work and fell behind in delivering a project for clients based in London. A hotel was unable to pay its employees or manage online bookings for tourists. A major hospital delayed staff salary payments and restricted its medical services to the outpatient and emergency departments.  

The 5.5 kernel is out

Post Syndicated from corbet original

In the end, Linus decided to release the 5.5
rather than going for another prepatch. “So despite the
slight worry that the holidays might have affected the schedule, 5.5 ended
up with the regular rc cadence and is out now.
” Some of the significant
features in this release are
iopl() emulation,
many new io_uring commands,
state tracking
type checking for BPF tracepoint programs,
a new CPU
load-balancing algorithm
the KUnit unit-testing framework,
airtime queue limits for WiFi,
and much more. See the
KernelNewbies 5.5 changelog
for more information.

Chicken Droppings Can Make Graphene More Catalytic

Post Syndicated from Charles Q. Choi original

Practically any kind of crap can boost graphene’s properties as a catalyst—even chicken droppings, say the authors of a new tongue-in-cheek study.

Graphene is often hailed as a wonder material—flexible, transparent, light, strong, and electrically and thermally conductive. Such qualities have led researchers worldwide to consider weaving these one-atom-thick sheets of carbon into advanced devices. Scientists have also explored graphene’s properties as a catalyst for the kinds of oxygen reduction reactions often used in fuel cells and the hydrogen evolution reactions used to split apart water molecules to generate hydrogen fuel.

To further enhance graphene’s catalytic properties, researchers have tried doping it with a variety of elements. Seemingly all such studies have claimed graphene’s catalytic abilities improved, regardless of whether the doping materials had contrasting properties with each other. This is “contrary to what any material scientist might expect,” says Martin Pumera, a materials scientist at the University of Chemistry and Technology in Prague.

The collective thoughts of the interwebz

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.