‘Repeat Copyright Infringer’ Case Against Cloudflare Can Continue, Court Rules

Post Syndicated from Ernesto original https://torrentfreak.com/repeat-copyright-infringer-case-against-cloudflare-can-continue-court-rules-190716/

Popular CDN and DDoS protection service Cloudflare has come under a lot of pressure from copyright holders in recent years.

The company offers its services to millions of sites, including some of the world’s leading pirate sites.

Many rightsholders are not happy with this. They accuse Cloudflare of facilitating copyright infringement by continuing to provide access to these platforms. At the same time, they call out the CDN service for masking the true hosting locations of these ‘bad actors’.

Cloudflare’s activities have also triggered some lawsuits. Just last week, we reported that an Italian court ordered the company to terminate the accounts of several pirate sites. In the U.S. there’s an ongoing copyright infringement case as well, which brought more bad news for the company a few days ago.

The case in question wasn’t filed by any of the major entertainment industry players, but by two manufacturers and wholesalers of wedding dresses. Not a typical “piracy” lawsuit, but it’s a copyright case that could have broad effects.

In a complaint filed at a federal court in California last year, Mon Cheri Bridals and Maggie Sottero Designs argued that even after multiple warnings, Cloudflare fails to terminate sites operated by counterfeit vendors. This makes Cloudflare liable for the associated copyright infringements, they said.

Cloudflare responded to the allegations and in April it filed a motion to dismiss the complaint. The company said that the rightsholders failed to state a proper claim, as the takedown notices were not proof of infringement, among other things. In addition, the notices were not formatted properly. 

“Plaintiffs characterize their notifications as ‘credible’ without stating any facts that demonstrate their credibility. In any event, defective notifications, like those the plaintiffs sent to Cloudflare, cannot support any claim of actual knowledge,” Cloudflare argued.

According to Cloudflare, the notifications “may or may not be true”. Without a court determining whether they are accurate or not, the company says they don’t “convey actual knowledge of infringement.” As such, the company doesn’t believe it can be held liable.

District Judge Vince Chhabria disagrees, however. In an order signed a few days ago he denies the motion to dismiss. According to the Judge, the allegations and claims made by the wedding dress manufacturers are sufficient at this stage of the case.

“Cloudflare’s main argument – that contributory liability cannot be based on a defendant’s knowledge of infringing conduct and continued material contribution to it – is wrong,” Judge Chhabria writes.

“Allegations that Cloudflare knew its customer-websites displayed infringing material and continued to provide those websites with faster load times and concealed identities are sufficient to state a claim,” he adds.

Cloudflare also pointed out other deficiencies in the notices, and stressed that it’s not a hosting provider, but these comments were countered too. At this stage of the case, it’s enough to show that Cloudflare was aware of the alleged infringements, the Court notes.

“The notices allegedly sent by the plaintiffs gave Cloudflare specific information, including a link to the offending website and a link to the underlying copyrighted material, to plausibly allege that Cloudflare had actual knowledge of the infringing activity,” Judge Chhabria writes.

The denial of Cloudflare’s motion to dismiss means that the case will move forward. While the case has nothing to do with traditional pirate sites, any rulings could spill over, which means that other copyright holders will watch this case closely.

Mon Cheri Bridals and Maggie Sottero ultimately hope to recoup damages for the losses they’ve suffered as well preliminary and permanent injunctive relief to stop all infringing activity.

Cloudflare, for its part, will argue that it’s not actively participating in any infringing activity and that it merely has a role as a third-party intermediary, which is not liable for the alleged infringing activities of its customers.

A copy of District Judge Vince Chhabria’s order is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

AWS Security Profile: Rustan Leino, Senior Principal Applied Scientist

Post Syndicated from Supriya Anand original https://aws.amazon.com/blogs/security/aws-security-profile-rustan-leino-senior-principal-applied-scientist/

Author


I recently sat down with Rustan from the Automated Reasoning Group (ARG) at AWS to learn more about the prestigious Computer Aided Verification (CAV) Award that he received, and to understand the work that led to the prize. CAV is a top international conference on formal verification of software and hardware. It brings together experts in this field to discuss groundbreaking research and applications of formal verification in both academia and industry. Rustan received this award as a result of his work developing program-verification technology. Rustan and his team have taken his research and applied it in unique ways to protect AWS core infrastructure on which customers run their most sensitive applications. He shared details about his journey in the formal verification space, the significance of the CAV award, and how he plans to continue scaling formal verification for cloud security at AWS.

Congratulations on your CAV Award! Can you tell us a little bit about the significance of the award and why you received it?

Thanks! I am thrilled to jointly receive this award with Jean-Christophe Filliâtre, who works at the CNRS Research Laboratory in France. The CAV Award recognizes fundamental contributions to program verification, that is, the field of mathematically proving the correctness of software and hardware. Jean-Christophe and I were recognized for the building of intermediate verification languages (IVL), which are a central building block of modern program verifiers.

It’s like this: the world relies on software, and the world relies on that software to function correctly. Software is written by software engineers using some programming language. If the engineers want to check, with mathematical precision, that a piece of software always does what it is intended to do, then they use a program verifier for the programming language at hand. IVLs have accelerated the building of program verifiers for many languages. So, IVLs aid the construction of program verifiers which, in turn, improve software quality that, in turn, makes technology more reliable for all.

What is your role at AWS? How are you applying technologies you’ve been recognized by CAV for at AWS?

I am building and applying proof tools to ensure the correctness and security of various critical components of AWS. This lets us deliver a better and safer experience for our customers. Several tools that we apply are based on IVLs. Among them are the SideTrail verifier for timing-based attacks, the VCC verifier for concurrent systems code, and the verification-aware programming language Dafny, all of which are built on my IVL named Boogie.

What does an automated program verification tool do?

An automated program verifier is a tool that checks if a program behaves as intended. More precisely, the verifier tries to construct a correctness proof that shows that the code meets the given specification. Specifications include things like “data at rest on disk drives is always encrypted,” or “the event-handler always eventually returns control back to the caller,” or “the API method returns a properly formatted buffer encrypted under the current session key.” If the verifier detects a discrepancy (that is, a bug), the developer responds by fixing the code. Sometimes, the verifier can’t determine what the answer is. In this case, the developer can respond by helping the tool with additional information, so-called proof hints, until the tool is able to complete the correctness proof or find another discrepancy.

For example, picture a developer who is writing a program. The program is like a letter written in a word processor, but the letter is written in a language that the computer can understand. For cloud security, say the program manages a set of data keys and takes requests to encrypt data under those keys. The developer writes down the intention that each encryption request must use a different key. This is the specification: the what.

Next, the developer writes code that instructs the computer how to respond to a request. The code separates the keys into two lists. An encryption request takes a key from the “not used” list, encrypts the given data, and then places the key on the “used” list.

To see that the code in this example meets the specification, it is crucial to understand the roles of the two lists. A program verifier might not figure this out by itself and would then indicate the part of the code it can’t verify, much like a spell-checker underlines spelling and grammar mistakes in a letter you write. To help the program verifier along, the developer provides a proof hint that says that the keys on the “not used” list have never been returned. The verifier checks that the proof hint is correct and then, using this hint, is able to construct the proof that the code meets the specification.

You’ve designed several verification tools in your career. Can you share how you’re using verification tools such as Dafny and Boogie to provide higher assurances for AWS infrastructure?

Dafny is a Java-like programming language that was designed with verification in mind. Whereas most programming languages only allow you to write code, Dafny allows you to write specifications and code at the same time. In addition, Dafny allows you to write proof hints (in fact, you can write entire proofs). Having specifications, code, and proofs in one language sets you up for an integrated verification experience. But this would remain an intellectual exercise without an automated program verifier. The Dafny language was designed alongside its automated program verifier. When you write a Dafny program, the verifier constantly runs in the background and points out mistakes as you go along, very much like the spell-checker underlines I alluded to. Internally, the Dafny verifier is based on the Boogie IVL.

At AWS, we’re currently using Dafny to write and prove a variety of security-critical libraries. For example: encryption libraries. Encryption is vital for keeping customer data safe, so it makes for a great place to focus energy on formal verification.

You spent time in scientific research roles before joining AWS. Has your experience at AWS caused you to see scientific challenges in a different way now?

I began my career in 1989 in the Microsoft Windows LAN Manager team. Based on my experiences helping network computers together, I became convinced that formally proving the correctness of programs was going to go from a “nice to have” to a “must have” in the future, because of the need for more security in a world where computers are so interconnected. At the time, the tools and techniques for proving programs correct were so rudimentary that the only safe harbor for this type of work was in esoteric research laboratories. Thus, that’s where I could be found. But these days, the tools are increasingly scalable and usable, so finally I made the jump back into development where I’m leading efforts to apply and operationalize this approach, and also to continue my research based on the problems that arise as we do so.

One of the challenges we had in the 1990s and 2000s was that few people knew how to use the tools, even if they did exist. Thus, while in research laboratories, an additional focus of mine has been on making tools that are so easy to use that they can be used in university education. Now, with dozens of universities using my tools and after several eye-opening successes with the Dafny language and verifier, I’m scaling these efforts up with development teams in AWS that can hire the students who are trained with Dafny.

I alluded to continuing research. There are still scientific challenges to make specifications more expressive and more concise, to design programming languages more streamlined for verification, and to make tools more automated, faster, and more predictable. But there’s an equally large challenge in influencing the software engineering process. The two are intimately linked, and cannot be teased apart. Only by changing the process can we hope for larger improvements in software engineering. Our application of formal verification at AWS is teaching us a lot about this challenge. We like to think we’re changing the software engineering world.

What are the next big challenges that we need to tackle in cloud security? How will automated reasoning play a role?

There is a lot of important software to verify. This excites me tremendously. As I see it, the only way we can scale is to distribute the verification effort beyond the verification community, and to get usable verification tools into the hands of software engineers. Tooling can help put the concerns of security engineers into everyday development. To meet this challenge, we need to provide appropriate training and we need to make tools as seamless as possible for engineers to use.

I hear your YouTube channel, Verification Corner, is loved by engineering students. What’s the next video you’ll be creating?

[Rustan laughs] Yes, Verification Corner has been a fun way for me to teach about verification and I receive appreciation from people around the world who have learned something from these videos. The episodes tend to focus on learning concepts of program verification. These concepts are important to all software engineers, and Verification Corner shows the concepts in the context of small (and sometimes beautiful) programs. Beyond learning the concepts in isolation, it’s also important to see the concepts in use in larger programs, to help engineers apply the concepts. I want to devote some future Verification Corner episodes to showing verification “in the trenches;” that is, the application of verification in larger, real-life (and sometimes not so beautiful) programs for cloud security, as we’re continuing to do at AWS.

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.

Author

Supriya Anand

Supriya is a Senior Digital Strategist at AWS.

Zoom Vulnerability

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/07/zoom_vulnerabil.html

The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer’s camera.

It’s a bad vulnerability, made worse by the fact that it remains even if you uninstall the Zoom app:

This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.

On top of this, this vulnerability would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call.

Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.

Zoom didn’t take the vulnerability seriously:

This vulnerability was originally responsibly disclosed on March 26, 2019. This initial report included a proposed description of a ‘quick fix’ Zoom could have implemented by simply changing their server logic. It took Zoom 10 days to confirm the vulnerability. The first actual meeting about how the vulnerability would be patched occurred on June 11th, 2019, only 18 days before the end of the 90-day public disclosure deadline. During this meeting, the details of the vulnerability were confirmed and Zoom’s planned solution was discussed. However, I was very easily able to spot and describe bypasses in their planned fix. At this point, Zoom was left with 18 days to resolve the vulnerability. On June 24th after 90 days of waiting, the last day before the public disclosure deadline, I discovered that Zoom had only implemented the ‘quick fix’ solution originally suggested.

This is why we disclose vulnerabilities. Now, finally, Zoom is taking this seriously and fixing it for real.

Intuit: Serving Millions of Global Customers with Amazon Connect

Post Syndicated from Annik Stahl original https://aws.amazon.com/blogs/architecture/intuit-serving-millions-of-global-customers-with-amazon-connect/

Recently, Bill Schuller, Intuit Contact Center Domain Architect met with AWS’s Simon Elisha to discuss how Intuit manages its customer contact centers with AWS Connect.

As a 35-year-old company with an international customer base, Intuit is widely known as the maker of Quick Books and Turbo Tax, among other software products. Its 50 million customers can access its global contact centers not just for password resets and feature explanations, but for detailed tax interpretation and advice. As you can imagine, this presents a challenge of scale.

Using Amazon Connect, a self-service, cloud-based contact center service, Intuit has been able to provide a seamless call-in experience to Intuit customers from around the globe. When a customer calls in to Amazon Connect, Intuit is able to do a “data dip” through AWS Lambda out to the company’s CRM system (in this case, SalesForce) in order to get more information from the customer. At this point, Intuit can leverage other services like Amazon Lex for national language feedback and then get the customer to the right person who can help. When the call is over, instead of having that important recording of the call locked up in a proprietary system, the audio is moved into an S3 bucket, where Intuit can do some post-call processing. It can also be sent it out to third parties for analysis, or Intuit can use Amazon Transcribe or Amazon Comprehend to get a transcription or sentiment analysis to understand more about what happened during that particular call.

Watch the video below to understand the reasons why Intuit decided on this set of AWS services (hint: it has to do with the ability to experiment with speed and scale but without the cost overhead).

*Check out more This Is My Architecture video series.

About the author

Annik StahlAnnik Stahl is a Senior Program Manager in AWS, specializing in blog and magazine content as well as customer ratings and satisfaction. Having been the face of Microsoft Office for 10 years as the Crabby Office Lady columnist, she loves getting to know her customers and wants to hear from you.

A (Very) Close Look at Carbon Capture and Storage

Post Syndicated from Mark Anderson original https://spectrum.ieee.org/energywise/energy/environment/a-very-close-look-at-carbon-capture-and-storage

A material called ZIF-8 swells up when carbon dioxide molecules are trapped inside, new images reveal

A new kind of molecular-scale microscope has been trained for the first time on a promising wonder material for carbon capture and storage. The results, researchers say, suggest a few tweaks to this material could further enhance its ability to scrub greenhouse gases from emissions produced by traditional power plants.

The announcement comes in the wake of a separate study concerning carbon capture published in the journal Nature. The researchers involved in that study found that keeping the average global temperature change to below 1.5 degrees C (the goal of the Paris climate accords) may require more aggressive action than previously anticipated. It will not be enough, they calculated, to stop building new greenhouse-gas-emitting power stations and allow existing plants to age out of existence. Some existing plants will also need to be shuttered or retrofitted with carbon capture and sequestration technology.

More From Our Annual Survey: Choosing the Best Cloud for Backing Up

Post Syndicated from Roderick Bauer original https://www.backblaze.com/blog/choosing-the-best-cloud-for-backing-up/

plugging a cord into the cloud

Which cloud is best for backing up?

This is one of the most common questions we get asked at Backblaze, and we’ve addressed it many times on this blog, on our website, and at trade shows and conferences.

There are many uses for the cloud, and many services that provide storage drives, sync, backup, and sharing. It’s hard for computer users to know which service is best for which use.

Every spring for the past twelve years we’ve commissioned an online survey conducted by The Harris Poll to help us understand if and how computer users are backing up. We’ve asked the same question, “How often do you backup all the data on your computer?” every year. We just published the results of the latest poll, which showed that more surveyed computer owners are backing up in 2019 than when we conducted our first poll in 2008. We’re heartened that more people are protecting their valuable files, photos, financial records, and personal documents.

This year we decided to ask a second question that would help us understand how the cloud compares to other backup destinations, such as external drives and NAS, and which cloud services are being used for backing up.

This was the question we asked:

What is the primary method you use to backup all of the data on your computer?

1 Cloud backup (e.g., Backblaze, Carbonite, iDrive)
2 Cloud drive (e.g., Google Drive, Microsoft OneDrive)
3 Cloud sync (e.g., Dropbox, iCloud)
4 External hard drive (e.g., Time Machine, Windows Backup and Restore)
5 Network Attached Storage (NAS) (e.g., QNAP, Synology)
6 Other
7 Not sure

Where Computer Users are Backing Up

More than half of those who have ever backed up all the data on their computer (58 percent) indicated that they are using the cloud as one of the primary methods to back up all of the data on their computer. Nearly two in five (38 percent) use an external hard drive, and just 5 percent use network attached storage (NAS). (The total is greater than 100 percent because respondents were able to select multiple destinations.)

Backup Destinations
(Among Those Who Have Ever Backed Up All Data on Their Computer)

2019 survey backing up destinations
Among Those Who Have Ever Backed Up All Data On Computer — Primary Method Used

What Type of Cloud is Being Used?

The survey results tell us that the cloud has become a popular destination for backing up data.
Among those who have ever backed up all data on their computer, the following indicated what type of cloud service they used:

  • 38 percent are using cloud drive (such as Google Drive or Microsoft OneDrive)
  • 21 percent are using cloud sync (such as Dropbox or Apple iCloud)
  • 11 percent are using cloud backup (such as Backblaze Computer Backup)

Cloud Destinations
(Among Those Who Have Ever Backed Up All Data on Their Computer)

2019 survey cloud destinations

Choosing the Best Cloud for Backups

Backblaze customers or regular readers of this blog will immediately recognize the issue in these responses. There’s a big difference in what type of cloud service you select for cloud backup. Both cloud drive and cloud sync services can store data in the cloud, but they’re not the same as having a real backup. We’ve written about these differences in our blog post, What’s the Diff: Sync vs Backup vs Storage, and in our guide, Online Storage vs. Online Backup.

Put simply, those who use cloud drive or cloud sync are missing the benefits of real cloud backup. These benefits can include automatic backup of all data on your computer, not being limited to just special folders or directories that can be backed up, going back to earlier versions of files, and not having files lost when syncing, such as when a shared folder gets deleted by someone else.

Cloud backup is specifically designed to protect your files, while the purpose of cloud drives and sync is to make it easy to access your files from different computers and share them when desired. While there is overlap in what these services offer and how they can be used, obtaining the best results requires selecting the right cloud service for your needs. If your goal is to back up your files, you want the service to seamlessly protect your files and make sure they’re available when and if you need to restore them due to data loss on your computer.

As users have more time and experience with their selected cloud service(s), it will be interesting in future polls to discover how happy they are with the various services and how well their needs are being met. We plan to cover this topic in our future polls.

•  •  •

Survey Method
This survey was conducted online within the United States by The Harris Poll on behalf of Backblaze from June 6-10, 2019 among 2,010 U.S. adults ages 18 and older, among whom 1,858 own a computer and 1,484 have ever backed up all data on their computer. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated. For complete survey methodology, including weighting variables and subgroup sample sizes, please contact Backblaze.

The post More From Our Annual Survey: Choosing the Best Cloud for Backing Up appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Security updates for Tuesday

Post Syndicated from ris original https://lwn.net/Articles/793852/rss

Security updates have been issued by Fedora (expat and radare2), Oracle (thunderbird), Red Hat (389-ds-base, keepalived, libssh2, perl, and vim), Scientific Linux (thunderbird), SUSE (bzip2, kernel, podofo, systemd, webkit2gtk3, and xrdp), and Ubuntu (bash, nss, redis, squid, squid3, and Zipios).

Revolutionize Your Design and Test Workflow

Post Syndicated from IEEE Spectrum Recent Content full text original https://spectrum.ieee.org/whitepaper/want-to-innovate-with-testops-learn-how

Revolutionize Your Design and Test Workflow

Agile software development profoundly transformed software development in the 1900s. Far more than a process; Agile created a new way to work.

Today, a similar transformation is happening in test and measurement. TestOps is an innovative approach to product design and test which improves workflow efficiency and speeds product time to market.

Learn more about TestOps and how to accelerate your product development workflow.

pic

Raspberry Pi mineral oil tank with added pizzazz

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/raspberry-pi-mineral-oil-tank-with-added-pizzazz/

This isn’t the first mineral oil bath we’ve seen for the Raspberry Pi, but it’s definitely the first we’ve seen with added fish tank decorations.

Using the see-through casing of an old Apple PowerMac G4, Reddit user u/mjh2901 decided to build a mineral oil tank for their Raspberry Pi, and it looks fabulous. Renamed Apple Pi, this use of mineral oil is a technique used by some to manage the heat produced by tech. Oil is able to transfer heat up to five times more efficiently than air, with some mineral oil projects using a separate radiator to dissipate the heat back into the air.

So, how did they do it?

“Started with a PowerMac G4 case I previously used as a fish tank, then a candy dish. I had cut a piece of acrylic and glued it into the bottom.”


They then placed a Raspberry Pi 3 attached to a 2-line 16 character LCD into the tank, along with various decorations, and began to fill with store-bought mineral oil. Once full, the project was complete, the Raspberry Pi forever submerged.

You can find more photos here. But, one question still remains…

…who would use an old fish tank as a candy bowl?! 🤢

The post Raspberry Pi mineral oil tank with added pizzazz appeared first on Raspberry Pi.

Premier League Wins New ISP Piracy Blocking Order

Post Syndicated from Andy original https://torrentfreak.com/premier-league-wins-new-isp-piracy-blocking-order-190716/

Blocking websites associated with piracy is one of the most common tools deployed against unauthorized content distribution involving movies, TV shows, and music.

However, the rising consumption of pirate sources of live TV, particularly sports, has presented broadcasters with a new challenge.

The Premier League has been attempting to solve this problem in the UK with so-called ‘dynamic’ blocking injunctions, one which allows servers to be blocked in real-time by ISPs, as matches are underway.

Earlier this month it was reported that the League had filed an application to expand this effort to Ireland. Targeting major ISPs Eircom, Sky, Virgin Media, and Vodafone, the League sought permission to have these companies quickly respond to blocking demands.

On Monday in the Commercial Court, after ISPs either supported or failed to oppose the application, the proposal was converted into Ireland’s first dynamic blocking injunction. It will aim to prevent consumers from accessing ‘pirate’ streams via IPTV services, websites, apps, and third-party Kodi addons.

Counsel for the Premier League told the Court that the bulk of those the company is seeking to block access the company’s matches via set-top boxes.

According to a report from Irish Times, the IP addresses of streaming hosts will be updated at least twice while matches are underway so that ISPs are able to prevent their subscribers from accessing the locations. Once the matches have ended, the blocking measures are supposed to stop.

There is also a nod to due process, with hosting companies being told of the existence of the order enabling them to notify their customers (the alleged infringers) that their streams will be blocked.

Targeted suppliers, almost certainly IPTV providers, are also given permission to apply to the court to have their servers unblocked, if any of their legitimate content is rendered inaccessible as a result of the injunction.

In common with the applications in the UK, the order granted in Ireland was in part based on “confidential information” that only the court and the parties involved have access to in order to prevent technical circumvention of the order.

The precise nature of that information isn’t clear but we’re informed that the blocking process is already well understood by outside parties, with providers able to take countermeasures and, if all else fails, end-users able to deploy VPNs.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

10 неща, които трябва да знаете за #НАПЛийкс и едно, за което не искате да мислите

Post Syndicated from Боян Юруков original https://yurukov.net/blog/2019/napleaks-10-neshta/

  1. Масивът на #НАПЛийкс съдържа данни за 6 млн. български граждани – 4.66 млн. живи и 1.38 починали. Основната част от данните обхващат последните 10 години
  2. В мейла си до медиите хакерите дават да се разбере, че имат още толкова данни изтеглени от сървърите
  3. Има 57 папки, някои от които са системна информация за базата данни на НАП
  4. Някои от таблиците включват потребителски имена, пароли и други данни за работата на служители на НАП и други държавни структури. Има и доста лични сертификати на граждани
  5. Освен данъчни декларации, данните включват плащания по заеми, номера на превозни средства, граждански договори, данни на много българи зад граница получавали пенсии или отказали се от здравно осигуряване, IP адреси и информация дали играете хазарт
  6. Ако сте работили или плащали някакъв данък в последните 10 години, то почти сигурно, че най-малкото ЕГН-то, името, адреса и дохода ви е в базата
  7. Базата съдържа индикации за сигнали и елементи от разследвания между НАП и европейски институции
  8. Течът на данните е бил възможен заради неспазването на елементарни мерки за сигурност в администрацията – нещо, за което предупреждаваме отдавна
  9. Макар данните да не донесат пряка вреда за повечето хора, те може да навредят на текущи данъчни разследвания, както и да се използват от телефонни измамници или за изнудване.
  10. В същото време публичността на тази информация, колкото и вредно да е за националната сигурност, ще даде възможност на изследователи да направят по-добра картина за доходите на населението, безработицата и социалните придобивки. Също така ще подпомогнат журналистически разследвания в имотното състояние на публични лица и отказът от проверки на самите служби в злоупотреби като #АпартаментГейт

Първото, което следва да се направи сега, е да се понесе политическата и професионалната отговорност. Горанов следва да подаде незабавно оставка заедно с ръководителите на отговорните за този пропуск структури. Трябва да има криминално разследване как се е допуснало това и обвинения, макар това да е малко вероятно предвид в какво се е превърнала прокуратурата ни в момента.

Паралелно с това следва да се направи одит на цялата информационна структура на обществения сектор. Правила и закони, които определят как следва да се пазят данните, кой следва да има достъп до какво има, но не се спазва, както стана ясно. Време е да започне администрацията сериозно да мисли за електронно управление и съпътстващите мерки за сигурност, системи за проверка и достъп.

Не на последно място обаче, трябва да разберем, че този теч на данни е стряскащ само защото вече не може да си затваряме очите за състоянието на държавните бази данни. Истината е, че почти всеки в администрацията е имал достъп до същата информация, а заедно с тях и познатите им. Хазарта започва една от последните си песни с „Имам човек в НАП…“. Е, доста хора имат човек тук и там. Един мой приятел разказваше как започнал успешен консултантски бизнес в България и скоро след това дошли „гости“ заедно със служител на НАП в неприкрит опит да разберат какво прави фирмата и дали може да се присвои.

Сега вече няма нужда да „имаш човек“ или поне не за доходите от 2007-ма насам. Въпрос на време е някой да пусне публична търсачка за информацията. Не съм съгласен, че трябва да се направи, но толкова хора имат вече архива, че е неизбежно.

И тук идваме към точката, за която не искате да мислите – какво правим с тази информация? Не тази, че са хакнали НАП, а с това, че всички ще знаят доходите ви. Нормално е да сте бесни. Трябва да сте бесни. Ако не защото личната ви информация е навсякъде, то най-малкото защото администрация за милиарди е позволила това. Само бесните хора могат да свършат нещо.

По-важен е въпроса дали следва всички да го знаем това? Не само сега и занапред Дали го искаме? В Швеция техният аналог на НАП прави публични всички данъчни декларации в края на годината. Отделни може да се видят с телефонно обаждане, но условието е, че отсрещната страна ще разбере, че сте видели декларацията им. Заедно с това публикуват детайлни справки за доходите по възрастови групи, региони, професии, нива на квалификация и прочие. Тази прозрачност в доходите е помогнала на много компании да поемат инициативата и сами да информират служителите си колко взимат колегите им на същото ниво.

Ние обаче не сме Швеция и това не е прозрачност. Това е престъпно нехайство. Макар голяма част от данните наистина да не заплашват пряко населението, части от тях и цялата им съвкупност наистина са проблем за националната сигурност.

Някой ще направи портал позволяващ лесна проверка. Всеки ще може да види доходите на съседа, колегата, известни и небезизвестни личности. Как това ще се отрази на взаимоотношенията ни, на обществения и политическия живот?

Какво следва от тук?

Chip Hall of Fame: MOS Technology 6581

Post Syndicated from Stephen Cass original https://spectrum.ieee.org/tech-history/silicon-revolution/chip-hall-of-fame-mos-technology-6581

A synthesizer that defined the sound of a generation

1982 was a big year for music. Not only did Michael Jackson release Thriller, the bestselling album of all time, but Madonna made her debut. And it saw the launch of the Commodore 64 microcomputer. Thanks to the C64, millions of homes were equipped with a programmable electronic synthesizer, one that’s still in vogue.

The C64 became the bestselling computer of all time (some 17 million were sold) largely because it had graphics and sound capabilities that punched way above the system’s price tag: US $600 on release, soon falling to $149. Like many machines from that era, the C64 has a devoted following in the retrocomputing community, and emulators are available that let you run nearly all its software on modern hardware. What’s unusual is that a specific supporting chip inside the C64 has also retained its own dedicated following: the 6581 SID sound chip.

The C64 was developed by MOS Technology in 1981. MOS had already had a hit in the microcomputing world with its creation of the 6502 CPU in 1975. That chip—and a small family of variants—was used to power popular home computers and game consoles such as the Apple II and Atari 2600. As recounted in IEEE Spectrum’s March 1985 design case history [PDF] of the C64 by Tekla S. Perry and Paul Wallich, MOS originally intended just to make a new graphics chip and a new sound chip. The idea was to sell them as components to microcomputer manufacturers. But those chips turned out to be so good that MOS decided to make its own computer.

Creation of the sound chip fell to a young engineer called Robert Yannes. He was the perfect choice for the job, motivated by a long-standing interest in electronic sound. Although there were some advanced microcomputer-controlled synthesizers available, including the Super Sound board designed for use with the Cosmac VIP system, the built-in sound generation tech in home computers was relatively crude. Yannes had higher ambitions. “I’d worked with synthesizers, and I wanted a chip that was a music synthesizer,” Yannes told Spectrum in 1985. His big advantage was that MOS had a manufacturing fab on-site. This allowed for cheap and fast experimentation and testing: “The actual design only took about four or five months,” said Yannes.

On a hardware level, what made the 6581 SID stand out was better frequency control of its internal oscillators and, critically, an easy way for programmers to control what’s known as the sound envelope. Early approaches to using computers to generate musical tones (starting with one by Alan Turing himself) produced sound that was either off or on at a fixed intensity, like a buzzer. But most musical instruments don’t work that way: Think of how a piano note can be struck sharply or softly, and how a note can linger before decaying into silence. The sound envelope defines how a note’s intensity rises and falls. Some systems allowed the volume to be adjusted as the note played, but this was awkward to program. Yannes incorporated data registers into the 6581 SID so a developer could define an envelope and then leave it to the chip to control the intensity, rather than adjusting the intensity by programming the CPU to send volume-control commands as notes played (something few developers bothered to attempt).

The SID chip has three sound channels that can play simultaneously using three basic waveforms, plus a fourth “noise” waveform that produces rumbling to hissing static sounds, depending on the frequency. The chip has the ability to filter and modulate the channels to produce an even wider range of sounds. Some programmers discovered they could tease the chip into doing things it was never designed to do, such as speech synthesis. This was perhaps most famously used in Ghostbusters, a 1984 game based on the movie of the same name in which the C64 would utter low-fidelity catchphrases from the movie, such as “He slimed me!”

But stunts like speech synthesis aside, the SID chip’s design meant that home computer games could have truly musical soundtracks. Developers started hiring composers to create original works for C64 games—indeed, some titles today are solely remembered because of a catchy soundtrack.

Unlike in modern game development, in which soundtrack creation is technically similar to conventional music recording (up to, and including, using orchestras and choirs), these early composers had to be familiar with how the SID chip was programmed at the hardware level, as well as its behavioral quirks. (Because the chip got to market so quickly, MOS’s documentation of the 6581 SID was notoriously lousy, with Yannes acknowledging to Spectrum in 1985 that “the spec sheet got distributed and copied and rewritten by various people until it made practically no sense anymore.”)

At the time, these composers were generally unknown outside the games industry. Many of them moved on to other things after the home computer boom faded and their peculiar hybrid combination of musical and programming expertise was less in demand. In more recent years however, some of them have been celebrated, such as the prolific Ben Daglish, who composed the music for dozens of popular games.

Daglish (who created my favorite C64 soundtrack, for 1987’s Re-Bounder) was initially bemused that people in the 21st century were still interested in music created for, and by, the SID chip, but he became a popular guest at retrocomputing and so-called chiptunes events before his untimely death in late 2018.

Chiptunes (also known as bitpop) is a genre of original music that leans into the distinctive sound of 1980s computer sound chips. Some composers use modern synthesizers programmed to replicate that sound, but others like to use the original hardware, especially the SID chips (with or without the surrounding C64 system). Because the 6581 SID hasn’t been in production for many years, this has resulted in a brisk aftermarket for old chips—and one that’s big enough that crooks have made fake chips, or reconditioned dead chips, to sell to enthusiasts. Other people have created modern drop-in replacements for the SID chip, such as the SwinSID.

There are several options if you’d like to listen to a classic C64 game soundtrack or a modern chiptune without investing in hardware. You can find many on YouTube, and projects like SOASC= are dedicated to playing tunes on original SID chips and recording the output using modern audio formats. But for a good balance between modern convenience and hard-core authenticity, I’d recommend using a player like Sidplay, which emulates the SID chip and can play music data extracted from original software code. Even after the last SID chip finally burns out, its sound will live on.

An abridged version of this article appears in the July 2019 print issue as “Chip Hall of Fame: SID 6581.”

Watch World Champion Soccer Robots Take on Humans at RoboCup

Post Syndicated from Evan Ackerman original https://spectrum.ieee.org/automaton/robotics/robotics-hardware/watch-world-champion-soccer-robots-take-on-humans-at-robocup

Humans may not be doomed at soccer quite yet

RoboCup 2019 took place earlier this month down in Sydney, Australia. While there are many different events including [email protected], RoboCup Rescue, and a bunch of different soccer leagues, one of the most compelling events is middle-size league (MSL), where mobile robots each about the size of a fire hydrant play soccer using a regular size FIFA soccer ball. The robots are fully autonomous, making their own decisions in real time about when to dribble, pass, and shoot.

The long-term goal of RoboCup is this:

By the middle of the 21st century, a team of fully autonomous humanoid robot soccer players shall win a soccer game, complying with the official rules of FIFA, against the winner of the most recent World Cup.

While the robots are certainly not there yet, they’re definitely getting closer.

New Mobile App Brings the Power of IEEE Xplore to Your Smartphone

Post Syndicated from Casey Schwartz original https://spectrum.ieee.org/the-institute/ieee-products-services/new-mobile-app-brings-the-power-of-ieee-xplore-to-your-smartphone

Other improvements include easier access to complex searching, new author information pages, and support for research reproducibility

THE INSTITUTEIEEE Xplore recently added several features that make it easier to find what you need in its collection of nearly 5 million content items.

NEW MOBILE APP

The free MyXplore app, available for iOS and Android phones, helps you stay current on the latest research in your field, at any time and from anywhere. MyXplore gives you the same powerful search as the desktop IEEE Xplore. Search results include article titles, abstracts, and other bibliography, along with links to the full document in IEEE Xplore.

MyXplore also lets you easily set up automatic notifications on newly published content in your areas of interest. You can download the app from the App Store or Google Play

AUTHOR INFORMATION PAGES

As an added service to the IEEE author community, IEEE Xplore now provides author information pages. Each page includes the author’s photo if provided, a short biography, research interests, affiliations, a list of the author’s publications in IEEE Xplore, and links to co-authors.

The pages are optimized for indexing by Web search engines like Google and Google Scholar to help IEEE authors improve their visibility on public search engines. Author information pages can be accessed by clicking the author’s name in a search result, an abstract page, or a table of contents page.

SUPPORTING RESEARCH REPRODUCIBILITY

Research reproducibility—the ability to replicate or reproduce the results of a scientific experiment or study—is a crucial element in advancing science. IEEE Xplore aids research reproducibility by enabling access to algorithms, code, datasets, and other supplemental data associated with research articles.

Through a partnership with Code Ocean, a cloud-based research collaboration platform, IEEE makes it easy for authors to submit supplemental data associated with their research. Intuitive icons in IEEE Xplore search results identify articles with accompanying code and the “Supplemental Items” filter in the left column makes it easy to isolate search results for articles with code. Abstract pages for articles with code include information about the code along with a link to the Code Ocean site.

As part of IEEE’s commitment to foster research reproducibility, IEEE Xplore includes a visual badge to indicate that submitted code or other material has been reviewed by a qualified IEEE member or volunteer.

COMPLEX SEARCHES MADE EASIER

IEEE Xplore global search now supports complex queries that use Boolean operators like AND, OR, NOT, NEAR, and ONEAR. The operators can now be included in the global search box on the homepage. Wildcards such as an asterisk or question mark can also be used when searching for two or more words.   

Contact IEEE Xplore with any feedback, comments, or questions.

Casey Schwartz is associate director for IEEE Xplore.

The collective thoughts of the interwebz

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close