How Effective is The UK Pirate Bay Blockade?

Post Syndicated from Ernesto original https://torrentfreak.com/how-effective-is-the-uk-pirate-bay-blockade-180527/

blocked-censorWebsite blocking is without a doubt one of the favorite anti-piracy tools of the entertainment industries.

The UK is a leader on this front after the High Court ordered the largest ISPs to block access to popular file-sharing sites. Over time the number of blocked URLs in the UK has grown to well over 1,000, including many popular torrent, streaming, and direct download sites.

The Pirate Bay is arguably the biggest target of all. Not only is the site itself blocked by major ISPs, many proxy sites and proxy linking sites are blacklisted as well. The goal of these efforts is to prevent people from accessing the notorious torrent site, but that’s easier said than done.

This week, we decided to take a look at the most visited ‘pirate’ sites in the UK. For this quest, we used data from the traffic monitoring company Alexa, which is often cited by copyright holders as well. Despite the blocking efforts, we spotted quite a few pirate sources among the UK’s top sites.

As it stands, Pirateproxy.sh tops the list. This Pirate Bay proxy is the 115th most-visited site in the UK, which is good for an estimated fifteen million visits per month.

Looking at the list of the 500 most-visited sites in the UK, Pirateproxy.sh is just one of the many Pirate Bay oriented sites. The proxy indexer Unblocked.mx is ranked 227th, for example, while Piratebays.be, Proxybay.bz, Unblocked.lat, Piratebayproxylist.net and Proxyof.com all make an appearance as well.

Most surprising, perhaps, is that the regular ThePirateBay.org still gets a decent amount of traffic too, as it’s currently ranked 319th. That’s more popular than in some other countries where there are no ISP restrictions. This traffic comes in part from VPNs.

Pirateproxy.sh

Does this mean that the blockades have no effect at all? No, that’s impossible to conclude based on these observations. What it does show, however, is that there is still plenty of Pirate Bay traffic in the UK, even to the original site.

Pirateproxy.sh, for example, is part of the ‘Unblocked‘ team which operates a series of proxies and proxy indexes. Since 2013, they’ve been actively providing people with workarounds for blocked sites and continuously launch new domains when theirs are added to the blocklists.

The Unblocked operator believes that while some people may be deterred by the ISP blocks, many are not.

“Although the blocks have had the intended effect of blocking popular file-sharing sites, I don’t believe they are effective since users have access to many workarounds to access these sites,” he explains.

“For any given blocked site, there will be countless proxy sites available with new domains constantly being created.”

Unblocked regularly updates its domains after they are added to the blocklist, which is usually once a month. Just a few weeks ago the main proxy index moved from Unblocked.mx to Unblocked.lat, and that’s probably not the last change.

The new domains are accessible for a few weeks, or sometimes months, and if they are blocked, other ones will simply replace them.

This is not limited to The Pirate Bay and its proxies either. Looking more closely at the most-visited sites in the UK we see more ‘pirate’ sites, some of which are supposed to be blocked.

An overview of the ten most-used pirate sites in the UK is presented below. Some of these will likely be added to the ISP blocklists in the near future, if they aren’t already.

However, similar to regular takedown notices and domain seizures, ISPs blockades have also turned into a game of whack-a-mole.

The label “pirate site” applies to sites that have been classified as such by entertainment industry groups. Unblocked.mx already started redirecting to a new domain name.

Site Alexa rank Type Original site blocked?
torrentfreak.com
Pirateproxy.sh 115 Torrent proxy No
Openload.co 194 Cyberlocker Yes
0123movies.com 215 Streaming Yes
Rutracker.org 222 Torrents No
Unblocked.mx 227 Proxy links Yes
Piratebays.be 255 Torrent proxy No
Kissanime.ru 310 Streaming No
Thepiratebay.org 319 Torrents Yes
Solarmoviez.ru 327 Streaming No
Proxybay.bz 338 Proxy links No

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

MPAA Revenue Drops 20% as Movie Studios Cut Back

Post Syndicated from Ernesto original https://torrentfreak.com/mpaa-revenue-drops-20-as-movie-studios-cut-back-180527/

As a united front for Hollywood, the MPAA has booked many anti-piracy successes in recent years.

Through its involvement in the shutdowns of Popcorn Time, YIFY, isoHunt, Hotfile, Megaupload and several other platforms, the organization has worked hard to get results.

Less visibly but at least as important, the MPAA uses its influence to lobby lawmakers, while orchestrating and managing anti-piracy campaigns both in the United States and abroad.

All this work doesn’t come for free, obviously. To pay the bills the MPAA relies on six major movie studios for financial support. Over the past several years, these revenues had stabilized, but according to its latest tax filing, they are dropping now.

The IRS filing, covering the fiscal year 2016, puts total revenue at $57 million, down from $73 million. The Hollywood studios paid the bulk of this sum through membership fees which total $50 million. That’s a 22% reduction compared to a year earlier.

At the end of the year, this resulted in a significant loss of $8 million. While that’s a lot of money, the MPAA is not in imminent danger, as the organization still has over $10 million in net assets and funds.

We haven’t seen any explanation for the lower membership fees. It could be more permanent, but it may also be an agreed decision, as there’s enough money in the bank.

Going over the numbers, we see that salaries make up a large chunk of the expenses. Chris Dodd, the former MPAA Chairman and CEO, was the highest paid employee with a total income of more than $3.4 million, including a $275,000 bonus.

This compensation was for Dodd’s last full year as CEO. He was replaced by Charles Rivkin last year, another political heavyweight, who previously served as Assistant Secretary of State for Economic and Business Affairs in the Obama administration.

Dodd’s compensation took up nearly 10% of the entire salary budget. The rest is divided over the MPAA’s other 196 employees. This brings the total workforce to 197, which is down as well, from 224 employees a year earlier.

Moving on, it’s always interesting to see where the MPAA’s grants and other types of funding go to.

As reported previously, the group donates handsomely to various research initiatives. This includes a recurring million dollar grant for Carnegie Mellon’s ‘Initiative for Digital Entertainment Analytics’ (IDEA), which focuses on piracy related topics.

Another major beneficiary is the Copyright Alliance, a non-profit that represents copyright holders large and small on a variety of issues. The group was co-founded by the MPAA and received $750,000 in support according to the latest filing.

The total grants budget is $3.1 million and includes many smaller payments, which is not that different from previous years. Other large cost items are the lobbying budget, which totaled $3.6 million, and $5.3 million in legal fees.

Aside from the big dip in revenues, there are no real outliers in the filing.

A copy of the MPAA’s latest form 990 is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Putin Asked to Investigate Damage Caused By Telegram Web-Blocking

Post Syndicated from Andy original https://torrentfreak.com/putin-asked-to-investigate-damage-caused-by-telegram-web-blocking-180526/

After a Moscow court gave the go-ahead for Telegram to be banned in Russia last month, the Internet became a battleground.

On the instructions of telecoms watchdog Roscomnadzor, ISPs across Russia tried to block Telegram by blackholing millions of IP addresses. The effect was both dramatic and pathetic. While Telegram remained stubbornly online, countless completely innocent services suffered outages as Roscomnadzor charged ahead with its mission.

Over the past several weeks, Roscomnadzor has gone some way to clean up the mess, partly by removing innocent Google and Amazon IP addresses from Russia’s blacklist. However, the collateral damage was so widespread it’s called into question the watchdog’s entire approach to web-blockades and whether they should be carried out at any cost.

This week, thanks to an annual report presented to President Vladimir Putin by business ombudsman Boris Titov, the matter looks set to be escalated. ‘The Book of Complaints and Suggestions of Russian Business’ contains comments from Internet ombudsman Dmitry Marinichev, who says that the Prosecutor General’s Office should launch an investigation into Roscomnadzor’s actions.

Marinichev said that when attempting to take down Telegram using aggressive technical means, Roscomnadzor relied upon “its own interpretation of court decisions” to provide guidance, TASS reports.

“When carrying out blockades of information resources, Roskomnadzor did not assess the related damage caused to them,” he said.

More than 15 million IP addresses were blocked, many of them with functions completely unrelated to the operations of Telegram. Marinichev said that the consequences were very real for those who suffered collateral damage.

“[The blocking led] to a temporary inaccessibility of Internet resources of a number of Russian enterprises in the Internet sector, including several banks and government information resources,” he reported.

In advice to the President, Marinichev suggests that the Prosecutor General’s Office should look into “the legality and validity of Roskomnadzor’s actions” which led to the “violation of availability of information resources of commercial companies” and “threatened the integrity, sustainability, and functioning of the unified telecommunications network of the Russian Federation and its critical information infrastructure.”

Early May, it was reported that in addition to various web services, around 50 VPN, proxy and anonymization platforms had been blocked for providing access to Telegram. In a May 22 report, that number had swelled to more than 80 although 10 were later unblocked after they stopped providing access to the messaging platform.

This week, Roscomnadzor has continued with efforts to block access to torrent and streaming platforms. In a new wave of action, the telecoms watchdog ordered ISPs to block at least 47 mirrors and proxies providing access to previously blocked sites.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Директивата за авторско право: ход на ревизията: да се действа сега

Post Syndicated from nellyo original https://nellyo.wordpress.com/2018/05/26/copyright-5/

Ново развитие в ревизията на авторското право в ЕС – става ясно от  съобщенията на българското председателство, участници в ревизията и Юлия Реда – защото тя имаше много ясен възглед какво иска да се промени в правната рамка (общ режим на изключенията, актуализиране – за да имаме правна рамка, адекватна на технологичното развитие) – и сега следи ангажирано законодателния процес.

Правителствата на държавите от ЕС  са приели позиция  относно реформата на авторските права  без съществени промени по чл.11 (новото право за издателите)  и чл.13 (филтрите на входа), проектът е на сайта на Реда,  Politico дава измененията, засягащи правото на издателите, в цвят.

Сега Парламентът трябва да ги спре, пише Реда.

 Сега имате шанса да окажете влияние – шанс, който ще изчезне след две години, когато всички “изведнъж” ще се сблъскат с предизвикателството да се  внедряват филтри   и link tax.  Експертите почти единодушно се съгласяват, че проектът за реформата на авторското право е наистина лош.

Update: Member State governments have just adopted their position on #copyright, with no significant changes to the #CensorshipMachines and #LinkTax provisions. It is now up to Parliament to stop them and #FixCopyright. https://t.co/1JwNvQn24n pic.twitter.com/KAgqV3YYG1

https://platform.twitter.com/widgets.js

Две графики от сайта на Реда – за двата текста,  против които се събира подкрепа (вж и преподавателите) – за  отношението по държави и по партии в ЕП:

 

 

Social Media Sites Are Full of Pirate Champions League Streamers

Post Syndicated from Ernesto original https://torrentfreak.com/social-media-sites-are-full-of-pirate-champions-league-streamers-180526/

This evening, Liverpool and Real Madrid will go head to head in the Champions League final, one of the biggest sports events of the year.

Hundreds of millions of football fans from around the world will be glued to their televisions to follow the spectacle, while the hashtags #RMALIV and #UCLfinal are trending on social media.

While Twitter, Facebook and other social media are great ways to keep fans engaged and generate traction, they also present a threat. According to data released by the global anti-piracy outfit Irdeto, social media rivals traditional pirate streaming sites.

The company analyzed the number of pirated streams it ran into during the knockout stages of the Champions League and found 5,100 unique illegal streams that were rebroadcasting the matches.

Roughly 40 percent of these unauthorized broadcasts came from ‘social’ platforms including Periscope, Facebook and Twitch. Irdeto found 2,093 streams on these sites with an estimated 4,893,902 viewers.

Regular web-based streams on traditional sports pirate sites were the most popular (2,121), followed by ones found through Kodi-addons (886).

“These viewing figures combined with the number of UEFA Champions League streams detected across a variety of channels suggests that more needs to be done to stop the illegal distribution of high profile live European football matches,” the company writes.

Red card…

Rory O’Connor, Irdeto’s Senior Vice President of Cybersecurity Services, notes that criminals are “earning a fortune” from these activities. At the same time, he stresses that people who stream the matches on social media could face criminal action.

“The criminals who profit from these illegal streams have little regard for their viewers and are exposing them to cybercrime, inappropriate content and malware infection. Also, viewers of illegal content can face criminal penalties if they decide to share content with friends on social media,” O’Connor says.

Besides sharing infographics and reporting interesting statistics, including that Real Madrid was the most viewed team with 2,856,011 viewers of illegal social media streams during the knock out stage, Irdeto can also take action.

Whether they already work for UEFA or if this is an unsolicited application is not known to us, but they do work for other rightsholders.

So instead of tuning into the final tonight, they will probably be busy tracking down pirate broadcasts on social media and elsewhere, hoping to shut them down as soon as possible.

The game is on.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Прозрачност на политическата реклама

Post Syndicated from nellyo original https://nellyo.wordpress.com/2018/05/26/polit_ad_fb_twitter/

Как решавате проблем като този с руската пропаганда? Как  предпазвате от намеса в изборите? c|net информира за нови стъпки на интернет компаниите.

Отговорът на Facebook и Twitter е повече прозрачност относно политическата реклама: двете компании предприемат мерки да се вижда кой плаща политическа реклама. Google също се подготвя за подобна политика на прозрачност.

Facebook създава и архив на данните за политическа реклама на адрес facebook.com/politicalcontentads . Подобен  Ads Transparency Center  предстои да бъде създаден и в Twitter.

В САЩ има проект за закон –  the Honest Ads Act –  ако бъде приет,  прозрачността на политическата реклама онлайн ще е законово задължение.

Текст и обяснение от сайта на Конгреса, мотивите: Законът за честните реклами би попречил на чуждестранните участници да повлияят върху нашите избори, като гарантира, че политическите реклами, продавани онлайн, ще бъдат обхванати от същите правила като рекламите, продавани по телевизията, радиото и сателита.  Въвежда

  •  изискване на цифрови платформи с най-малко 50 000 000 месечни зрители да поддържат публичен архив  – всеки файл  ще съдържа цифрово копие на рекламата, описание на аудиторията, която рекламата цели, броя на генерираните показвания, датите и часовете на публикуване, таксуваните тарифи и информацията за връзка на купувача;
  • изискване  онлайн платформите да положат всички разумни усилия, за да гарантират, че чуждестранни физически и юридически лица не купуват политически реклами, за да повлияят на американския електорат.

 

Security and Human Behavior (SHB 2018)

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/05/security_and_hu_7.html

I’m at Carnegie Mellon University, at the eleventh Workshop on Security and Human Behavior.

SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, neuroscientists, designers, lawyers, philosophers, anthropologists, business school professors, and a smattering of others. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.

The goal is to maximize discussion and interaction. We do that by putting everyone on panels, and limiting talks to 7-10 minutes. The rest of the time is left to open discussion. Four hour-and-a-half panels per day over two days equals eight panels; six people per panel means that 48 people get to speak. We also have lunches, dinners, and receptions — all designed so people from different disciplines talk to each other.

I invariably find this to be the most intellectually stimulating conference of my year. It influences my thinking in many different, and sometimes surprising, ways.

This year’s program is here. This page lists the participants and includes links to some of their work. As he does every year, Ross Anderson is liveblogging the talks. (Ross also maintains a good webpage of psychology and security resources.)

Here are my posts on the first, second, third, fourth, fifth, sixth, seventh, eighth, ninth, and tenth SHB workshops. Follow those links to find summaries, papers, and occasionally audio recordings of the various workshops.

Next year, I’ll be hosting the event at Harvard.

Welcome Jack — Data Center Tech

Post Syndicated from Yev original https://www.backblaze.com/blog/welcome-jack-data-center-tech/

As we shoot way past 500 petabytes of data stored, we need a lot of helping hands in the data center to keep those hard drives spinning! We’ve been hiring quite a lot, and our latest addition is Jack. Lets learn a bit more about him, shall we?

What is your Backblaze Title?
Data Center Tech

Where are you originally from?
Walnut Creek, CA until 7th grade when the family moved to Durango, Colorado.

What attracted you to Backblaze?
I had heard about how cool the Backblaze community is and have always been fascinated by technology.

What do you expect to learn while being at Backblaze?
I expect to learn a lot about how our data centers run and all of the hardware behind it.

Where else have you worked?
Garrhs HVAC as an HVAC Installer and then Durango Electrical as a Low Volt Technician.

Where did you go to school?
Durango High School and then Montana State University.

What’s your dream job?
I would love to be a driver for the Audi Sport. Race cars are so much fun!

Favorite place you’ve traveled?
Iceland has definitely been my favorite so far.

Favorite hobby?
Video games.

Of what achievement are you most proud?
Getting my Eagle Scout badge was a tough, but rewarding experience that I will always cherish.

Star Trek or Star Wars?
Star Wars.

Coke or Pepsi?
Coke…I know, it’s bad.

Favorite food?
Thai food.

Why do you like certain things?
I tend to warm up to things the more time I spend around them, although I never really know until it happens.

Anything else you’d like to tell us?
I’m a friendly car guy who will always be in love with my European cars and I really enjoy the Backblaze community!

We’re happy you joined us Out West! Welcome aboard Jack!

The post Welcome Jack — Data Center Tech appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

openSUSE Leap 15 released

Post Syndicated from ris original https://lwn.net/Articles/755670/rss

OpenSUSE Leap 15 has been released.
With a brand new look developed by the community, openSUSE Leap 15
brings plenty of community packages built on top of a core from SUSE Linux
Enterprise (SLE) 15 sources, with the two major releases being built in
parallel from the beginning for the first time. Leap 15 shares a common
core with SLE 15, which is due for release in the coming months. The first
release of Leap was version 42.1, and it was based on the first Service
Pack (SP1) of SLE 12. Three years later SUSE’s enterprise version and
openSUSE’s community version are now aligned at 15 with a fresh
rebase.
” Leap 15 will receive maintenance and security updates for
at least 3 years.

TRON Cryptocurrency Founder Plans to Buy BitTorrent Inc

Post Syndicated from Ernesto original https://torrentfreak.com/tron-founder-plans-to-buy-bittorrent-inc-180525/

Founded by BitTorrent inventor Bram Cohen, BitTorrent Inc. is best known for its torrent client uTorrent, which has more than 100 million users.

Despite this massive userbase, however, the company never transformed into the next billion-dollar tech giant, as some as the early investors had hoped.

In fact, it has only gone downhill in recent years, in part due to questionable management practices. Things have calmed down since, but according to new information gathered by TorrentFreak, there is a major change afoot.

A few weeks ago we reported that BitTorrent Inc. quietly renamed its company to “Rainberry” last year. The company informed us that this was “purely a corporate decision.” While that may be the case, it could also be related to the company’s plans to be acquired.

Legal paperwork filed earlier this year reveals that Rainberry was sued because it allegedly violated a “No Shop” clause in an agreement with a potential buyer. This potential buyer, who signed a letter of intent, is none other than TRON founder Justin Sun.

TRON is one of the hottest and controversial cryptocurrencies. After a successful ICO, it now has a market cap of more than $4 billion, only surpassed by a few others. And with Sun at the helm, it makes headlines nearly every day.

The TRON mainnet, which will go live in a few days, has the ultimate goal to “decentralize the web.” BitTorrent would fit well in this picture, and the TRON whitepaper mentions torrents as one of the pillars.

TRON

Sun first began pursuing the acquisition of BitTorrent Inc.’s assets in September last year. In January 2018, both parties finalized a letter of intent for the acquisition, of which Sun returned a signed copy.

While it appeared that things were moving along nicely, BitTorrent Inc. CEO Ro Choy came back with a surprising reply.

“Within literally hours after the parties agreed to the Letter of Intent, and after Ro Choy began performing the terms of the Letter of Intent, Defendant claims it received three ‘superior’ bids from companies that David Chao admitted they had been communicating with,” Sun claims in the lawsuit.

Sun asked the court for a restraining order to prevent BitTorrent from talking to other potential buyers, as was agreed in the letter of intent. The case was swiftly dismissed by the court, but not without leaving a paper trail.

While it is clear that TRON’s founder is eager to acquire BitTorrent, less is known about what happened afterward. Did both parties throw their letter of intent in the trash mid-February, or was the deal still on?

Then, our research pointed out another interesting fact which suggests that the deal is going forward. At the end of February, right when the exclusivity period set in the letter of intent ended, a holding company named “Rainberry Acquisition” was registered in California.

This company is registered to none other than TRON founder Justin Sun, who completed the statement of information last month, as can be seen below.

Rainberry Acquisition paperwork

TorrentFreak reached out to Justin Sun, but TRON’s founder did not immediately reply to our request for comment.

When we confronted BitTorrent Inc. with the information, the company confirmed our findings and the interest from Sun, but it noted that the acquisition is not 100% finalized yet. More information will likely be released at a later stage, if all goes well.

At this point, Sun’s plans for BitTorrent Inc. remain unclear. He has not spoken about the acquisition in public, obviously, but it’s likely that it will be used to the advantage of TRON.

Interestingly, BitTorrent Inc. founder Bram Cohen has also taken an interest in cryptocurrencies, with the goal of creating a superior one called Chia. As far as we know, he is not part of TRON’s future in any way.

A copy of Sun’s complaint against Rainberry (f/k/a BitTorrent) is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Security updates for Friday

Post Syndicated from ris original https://lwn.net/Articles/755667/rss

Security updates have been issued by Arch Linux (bind, libofx, and thunderbird), Debian (thunderbird, xdg-utils, and xen), Fedora (procps-ng), Mageia (gnupg2, mbedtls, pdns, and pdns-recursor), openSUSE (bash, GraphicsMagick, icu, and kernel), Oracle (thunderbird), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, and thunderbird), Scientific Linux (thunderbird), and Ubuntu (curl).

Steal This Show S03E16: The TAO of the DAO Pt. 2

Post Syndicated from Ernesto original https://torrentfreak.com/steal-show-s03e16-tao-dao-pt-2/

stslogo180If you enjoy this episode, consider becoming a patron and getting involved with the show. Check out Steal This Show’s Patreon campaign: support us and get all kinds of fantastic benefits!

This is the second part of our interview with Chris Beams, founder of the decentralised cryptocurrency exchange, Bisq. We discuss the inner workings of the Bisq service, how it compares to the widely used platform Local Bitcoins, and the intricacies of designing decentral P2P systems for financial operations.

From there, we move into some of the political/philosophical implications of Bisq as a Distributed Autonomous Organisation (DAO): are we evolving, with Bitcoin and other P2P networks, functionalities which parallel certain present-day institutions, and which could one day eliminate the need for establishment altogether?

And could a future democracy be composed of “opt-in” components that actually do better at providing for our basic human needs?

Steal This Show aims to release bi-weekly episodes featuring insiders discussing copyright and file-sharing news. It complements our regular reporting by adding more room for opinion, commentary, and analysis.

The guests for our news discussions will vary, and we’ll aim to introduce voices from different backgrounds and persuasions. In addition to news, STS will also produce features interviewing some of the great innovators and minds.

Host: Jamie King

Guest: Chris Beams

Produced by Jamie King
Edited & Mixed by Riley Byrne
Original Music by David Triana
Web Production by Siraje Amarniss

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Enchanting images with Inky Lines, a Pi‑powered polargraph

Post Syndicated from Helen Lynn original https://www.raspberrypi.org/blog/enchanting-images-inky-lines-pi-powered-polargraph/

A hanging plotter, also known as a polar plotter or polargraph, is a machine for drawing images on a vertical surface. It does so by using motors to control the length of two cords that form a V shape, supporting a pen where they meet. We’ve featured one on this blog before: Norbert “HomoFaciens” Heinz’s video is a wonderfully clear introduction to how a polargraph works and what you have to consider when you’re putting one together.

Today, we look at Inky Lines, by John Proudlock. With it, John is creating a series of captivating and beautiful pieces, and with his most recent work, each rendering of an image is unique.

The Inky Lines plotter draws a flock of seagulls in blue ink on white paper. The print head is suspended near the bottom left corner of the image, as the pen inks the wing of a gull

An evolving project

The project isn’t new – John has been working on it for at least a couple of years – but it is constantly evolving. When we first spotted it, John had just implemented code to allow the plotter to produce mesmeric, spiralling patterns.

A blue spiral pattern featuring overlapping "bubbles"
A dense pink spiral pattern, featuring concentric circles and reminiscent of a mandala
A blue spirograph-type pattern formed of large overlapping squares, each offset from its neighbour by a few degrees, producing a four-spiral-armed "galaxy" shape where lines overlap. The plotter's print head is visible in a corner of the image

But we’re skipping ahead. Let’s go back to the beginning.

From pixels to motor movements

John starts by providing an image, usually no more than 100 pixels wide, to a Raspberry Pi. Custom software that he wrote evaluates the darkness of each pixel and selects a pattern of a suitable density to represent it.

The two cords supporting the plotter’s pen are wound around the shafts of two stepper motors, such that the movement of the motors controls the length of the cords: the program next calculates how much each motor must move in order to produce the pattern. The Raspberry Pi passes corresponding instructions to two motor circuits, which transform the signals to a higher voltage and pass them to the stepper motors. These turn by very precise amounts, winding or unwinding the cords and, very slowly, dragging the pen across the paper.

A Raspberry Pi in a case, with a wide flex connected to a GPIO header
The Inky Lines plotter's print head, featuring cardboard and tape, draws an apparently random squiggle
A large area of apparently random pattern drawn by the plotter

John explains,

Suspended in-between the two motors is a print head, made out of a new 3-d modelling material I’ve been prototyping called cardboard. An old coat hanger and some velcro were also used.

(He’s our kind of maker.)

Unique images

The earlier drawings that John made used a repeatable method to render image files as lines on paper. That is, if the machine drew the same image a number of times, each copy would be identical. More recently, though, he has been using a method that yields random movements of the pen:

The pen point is guided around the image, but moves to each new point entirely at random. Up close this looks like a chaotic squiggle, but from a distance of a couple of meters, the human eye (and brain) make order from the chaos and view an infinite number of shades and a smoother, less mechanical image.

An apparently chaotic squiggle

This method means that no matter how many times the polargraph repeats the same image, each copy will be unique.

A gallery of work

Inky Lines’ website and its Instagram feed offer a collection of wonderful pieces John has drawn with his polargraph, and he discusses the different techniques and types of image that he is exploring.

A 3 x 3 grid of varied and colourful images from inkylinespolargraph's Instagram feed

They range from holiday photographs, processed to extract particular features and rendered in silhouette, to portraits, made with a single continuous line that can be several hundred metres long, to generative images spirograph images like those pictured above, created by an algorithm rather than rendered from a source image.

The post Enchanting images with Inky Lines, a Pi‑powered polargraph appeared first on Raspberry Pi.

Protecting your API using Amazon API Gateway and AWS WAF — Part I

Post Syndicated from Chris Munns original https://aws.amazon.com/blogs/compute/protecting-your-api-using-amazon-api-gateway-and-aws-waf-part-i/

This post courtesy of Thiago Morais, AWS Solutions Architect

When you build web applications or expose any data externally, you probably look for a platform where you can build highly scalable, secure, and robust REST APIs. As APIs are publicly exposed, there are a number of best practices for providing a secure mechanism to consumers using your API.

Amazon API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management.

In this post, I show you how to take advantage of the regional API endpoint feature in API Gateway, so that you can create your own Amazon CloudFront distribution and secure your API using AWS WAF.

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.

As you make your APIs publicly available, you are exposed to attackers trying to exploit your services in several ways. The AWS security team published a whitepaper solution using AWS WAF, How to Mitigate OWASP’s Top 10 Web Application Vulnerabilities.

Regional API endpoints

Edge-optimized APIs are endpoints that are accessed through a CloudFront distribution created and managed by API Gateway. Before the launch of regional API endpoints, this was the default option when creating APIs using API Gateway. It primarily helped to reduce latency for API consumers that were located in different geographical locations than your API.

When API requests predominantly originate from an Amazon EC2 instance or other services within the same AWS Region as the API is deployed, a regional API endpoint typically lowers the latency of connections. It is recommended for such scenarios.

For better control around caching strategies, customers can use their own CloudFront distribution for regional APIs. They also have the ability to use AWS WAF protection, as I describe in this post.

Edge-optimized API endpoint

The following diagram is an illustrated example of the edge-optimized API endpoint where your API clients access your API through a CloudFront distribution created and managed by API Gateway.

Regional API endpoint

For the regional API endpoint, your customers access your API from the same Region in which your REST API is deployed. This helps you to reduce request latency and particularly allows you to add your own content delivery network, as needed.

Walkthrough

In this section, you implement the following steps:

  • Create a regional API using the PetStore sample API.
  • Create a CloudFront distribution for the API.
  • Test the CloudFront distribution.
  • Set up AWS WAF and create a web ACL.
  • Attach the web ACL to the CloudFront distribution.
  • Test AWS WAF protection.

Create the regional API

For this walkthrough, use an existing PetStore API. All new APIs launch by default as the regional endpoint type. To change the endpoint type for your existing API, choose the cog icon on the top right corner:

After you have created the PetStore API on your account, deploy a stage called “prod” for the PetStore API.

On the API Gateway console, select the PetStore API and choose Actions, Deploy API.

For Stage name, type prod and add a stage description.

Choose Deploy and the new API stage is created.

Use the following AWS CLI command to update your API from edge-optimized to regional:

aws apigateway update-rest-api \
--rest-api-id {rest-api-id} \
--patch-operations op=replace,path=/endpointConfiguration/types/EDGE,value=REGIONAL

A successful response looks like the following:

{
    "description": "Your first API with Amazon API Gateway. This is a sample API that integrates via HTTP with your demo Pet Store endpoints", 
    "createdDate": 1511525626, 
    "endpointConfiguration": {
        "types": [
            "REGIONAL"
        ]
    }, 
    "id": "{api-id}", 
    "name": "PetStore"
}

After you change your API endpoint to regional, you can now assign your own CloudFront distribution to this API.

Create a CloudFront distribution

To make things easier, I have provided an AWS CloudFormation template to deploy a CloudFront distribution pointing to the API that you just created. Click the button to deploy the template in the us-east-1 Region.

For Stack name, enter RegionalAPI. For APIGWEndpoint, enter your API FQDN in the following format:

{api-id}.execute-api.us-east-1.amazonaws.com

After you fill out the parameters, choose Next to continue the stack deployment. It takes a couple of minutes to finish the deployment. After it finishes, the Output tab lists the following items:

  • A CloudFront domain URL
  • An S3 bucket for CloudFront access logs
Output from CloudFormation

Output from CloudFormation

Test the CloudFront distribution

To see if the CloudFront distribution was configured correctly, use a web browser and enter the URL from your distribution, with the following parameters:

https://{your-distribution-url}.cloudfront.net/{api-stage}/pets

You should get the following output:

[
  {
    "id": 1,
    "type": "dog",
    "price": 249.99
  },
  {
    "id": 2,
    "type": "cat",
    "price": 124.99
  },
  {
    "id": 3,
    "type": "fish",
    "price": 0.99
  }
]

Set up AWS WAF and create a web ACL

With the new CloudFront distribution in place, you can now start setting up AWS WAF to protect your API.

For this demo, you deploy the AWS WAF Security Automations solution, which provides fine-grained control over the requests attempting to access your API.

For more information about deployment, see Automated Deployment. If you prefer, you can launch the solution directly into your account using the following button.

For CloudFront Access Log Bucket Name, add the name of the bucket created during the deployment of the CloudFormation stack for your CloudFront distribution.

The solution allows you to adjust thresholds and also choose which automations to enable to protect your API. After you finish configuring these settings, choose Next.

To start the deployment process in your account, follow the creation wizard and choose Create. It takes a few minutes do finish the deployment. You can follow the creation process through the CloudFormation console.

After the deployment finishes, you can see the new web ACL deployed on the AWS WAF console, AWSWAFSecurityAutomations.

Attach the AWS WAF web ACL to the CloudFront distribution

With the solution deployed, you can now attach the AWS WAF web ACL to the CloudFront distribution that you created earlier.

To assign the newly created AWS WAF web ACL, go back to your CloudFront distribution. After you open your distribution for editing, choose General, Edit.

Select the new AWS WAF web ACL that you created earlier, AWSWAFSecurityAutomations.

Save the changes to your CloudFront distribution and wait for the deployment to finish.

Test AWS WAF protection

To validate the AWS WAF Web ACL setup, use Artillery to load test your API and see AWS WAF in action.

To install Artillery on your machine, run the following command:

$ npm install -g artillery

After the installation completes, you can check if Artillery installed successfully by running the following command:

$ artillery -V
$ 1.6.0-12

As the time of publication, Artillery is on version 1.6.0-12.

One of the WAF web ACL rules that you have set up is a rate-based rule. By default, it is set up to block any requesters that exceed 2000 requests under 5 minutes. Try this out.

First, use cURL to query your distribution and see the API output:

$ curl -s https://{distribution-name}.cloudfront.net/prod/pets
[
  {
    "id": 1,
    "type": "dog",
    "price": 249.99
  },
  {
    "id": 2,
    "type": "cat",
    "price": 124.99
  },
  {
    "id": 3,
    "type": "fish",
    "price": 0.99
  }
]

Based on the test above, the result looks good. But what if you max out the 2000 requests in under 5 minutes?

Run the following Artillery command:

artillery quick -n 2000 --count 10  https://{distribution-name}.cloudfront.net/prod/pets

What you are doing is firing 2000 requests to your API from 10 concurrent users. For brevity, I am not posting the Artillery output here.

After Artillery finishes its execution, try to run the cURL request again and see what happens:

 

$ curl -s https://{distribution-name}.cloudfront.net/prod/pets

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Request blocked.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: [removed]
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>

As you can see from the output above, the request was blocked by AWS WAF. Your IP address is removed from the blocked list after it falls below the request limit rate.

Conclusion

In this first part, you saw how to use the new API Gateway regional API endpoint together with Amazon CloudFront and AWS WAF to secure your API from a series of attacks.

In the second part, I will demonstrate some other techniques to protect your API using API keys and Amazon CloudFront custom headers.

[$] Notes from the 2nd Operating-System-Directed Power-Management Summit

Post Syndicated from corbet original https://lwn.net/Articles/754923/rss

The second Operating-System-Directed Power-Management (OSPM18) Summit took
place at the ReTiS Lab of the Scuola Superiore Sant’Anna in Pisa between
April 16 and April 18, 2018. Like last
year
, the summit was organized as a collection of collaborative
sessions focused on trying to improve how operating-system-directed power
management and the kernel’s task scheduler work together to achieve the
goal of reducing energy consumption while still meeting performance and
latency requirements. Read on for an extensive set of notes collected by a
number of the participants to the summit.

Detecting Lies through Mouse Movements

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/05/detecting_lies_.html

Interesting research: “The detection of faked identity using unexpected questions and mouse dynamics,” by Merulin Monaro, Luciano Gamberini, and Guiseppe Sartori.

Abstract: The detection of faked identities is a major problem in security. Current memory-detection techniques cannot be used as they require prior knowledge of the respondent’s true identity. Here, we report a novel technique for detecting faked identities based on the use of unexpected questions that may be used to check the respondent identity without any prior autobiographical information. While truth-tellers respond automatically to unexpected questions, liars have to “build” and verify their responses. This lack of automaticity is reflected in the mouse movements used to record the responses as well as in the number of errors. Responses to unexpected questions are compared to responses to expected and control questions (i.e., questions to which a liar also must respond truthfully). Parameters that encode mouse movement were analyzed using machine learning classifiers and the results indicate that the mouse trajectories and errors on unexpected questions efficiently distinguish liars from truth-tellers. Furthermore, we showed that liars may be identified also when they are responding truthfully. Unexpected questions combined with the analysis of mouse movement may efficiently spot participants with faked identities without the need for any prior information on the examinee.

Boing Boing post.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close