Tag Archives: cox

Major US ISPs Refuse to Discuss Repeat Infringer Policies

Post Syndicated from Andy original https://torrentfreak.com/major-us-isps-refuse-to-discuss-repeat-infringer-policies-190912/

Every single week, Internet users in the United States take to Reddit and other discussion forums seeking advice about copyright infringement notices.

Whether the claims against them are true is often hard to assess, but many speak of receiving notices from their ISP which state that a third-party has caught them torrenting something they shouldn’t – usually movies, TV shows, or music.

While any and all of them are able to speak directly to their ISP to find out what the notices are all about and what the consequences might be, many seem confused. Are they going to be sued, for example, or perhaps their Internet might get suspended or cut off completely?

Most advice dished out by fellow internet users is (and I’m paraphrasing), “Dumbass – use a VPN”, but while that comprehensively solves the problem, it doesn’t answer the big questions.

A common topic is how many notices a customer can receive from their ISP before things get serious. One might think this basic information would be easy to find but despite most major ISPs in the US stating that they don’t allow infringement and there could be consequences for receiving multiple complaints, more often than not their information pages aren’t specific.

So, in an effort to cut through all the jargon and put all the relevant information into one article, on August 27 we approached several of the major ISPs in the United States – Comcast, AT&T, Charter/Spectrum, Verizon, and CenturyLink – with a list of questions, detailed below;

  • Your company forwards copyright complaints from rightsholders, based on their claims. How many complaints can a subscriber have made against their account before some action is taken by you, beyond simply forwarding the notice to the subscriber?
  • What is the nature of that action, i.e requiring to confirm receipt of the notice, taking a copyright lesson, promising not to infringe again, etc?
  • Once this stage has been completed, how many more complaints against an account will trigger any subsequent action, i.e a more serious warning, warning that an account could be suspended etc?
  • At what point would a customer with multiple complaints against their account be considered a ‘repeat infringer’?
  • At what point could an account holder expect a temporary account suspension? At this point, how would that suspension be lifted?
  • At what point could an account holder expect a complete termination of his or her service?
  • In respect of points 5 and 6, is the number of complaints a deciding factor or does a subscriber’s negative or positive responses and actions in respect of your efforts to prevent infringement also play a part?
  • Are you able to confirm that accounts have been temporarily suspended for repeat infringement and if so, how many?
  • Are you able to confirm that accounts have been permanently shut down for repeat infringement and if so, how many?

We told the ISPs exactly why we were asking these questions and indicated that a response within seven days would guarantee their inclusion in this article. We extended the deadline to two weeks and beyond but not a single company listed above responded to any of our questions.

In fact, none even acknowledged receipt of our initial email, despite one ISP requiring us to send emails to at least three people involved in their media communications team. It seems fairly clear this potato is simply too hot to pick up.

That being said, we thought we should press on with at least trying to help subscribers.

There are usually very few valid excuses for receiving multiple copyright infringement complaints. Some do exist, of course, but not knowing the precise mechanism for being dealt with under various ISPs’ ‘repeat infringer’ rulesets only makes matters worse.

What we can do here is give relevant snippets/quotes from each ISP’s website and link to the page(s) in question, with a comment here and there. In no particular order:

AT&T: In accordance with the DMCA and other applicable laws, AT&T maintains a policy that provides for the termination of IP Services, under appropriate circumstances, if Customers are found to be a repeat infringer and/or if Customers’ IP Services are used repeatedly for infringement (the ‘Repeat Infringer Policy’). AT&T may terminate IP Services at any time with or without notice to Customers.

AT&T has no obligation to investigate possible copyright infringements with respect to materials transmitted by Customer or any other users of the IP Services. However, AT&T will process valid notifications of claimed infringement under the DMCA, and continued receipt of infringement notifications for Customer’s account will be used as a factor in determining whether Customer is a repeat infringer.

TF note on AT&T: We can find no “Repeat Infringer Policy”

CenturyLink: Company respects the intellectual property rights of others and is committed to complying with U.S. copyright laws, including the Digital Millennium Copyright Act of 1998 (‘DMCA’). Company reserves the right to suspend or terminate, in appropriate circumstances, the service of users whose accounts are repeatedly implicated in allegations of copyright infringement involving the use of Company’s network.

TF note: We have no idea what constitutes “appropriate circumstances.”

Comcast/Xfinity: Any infringement of third party copyright rights violates the law. We reserve the right to treat any customer account for whom we receive multiple DMCA notifications from content owners as a repeat infringer.

We reserve the right to move a customer account to the next step of the policy upon receiving any number of DMCA notifications from content owners in a given month, or upon learning that the account holder is a repeat infringer.

You may receive an email alert to the preferred email address on your account or a letter to your home address. You may also receive an in-browser notification, a recorded message to your telephone number on file, a text message to your mobile telephone number on file, or another form of communication.

Triggering steps under this policy may result in the following: a persistent in-browser notification or other form of communication that requires you to log in to your account or call us; a temporary suspension of, or other interim measures applied to, your service; or the termination of your Xfinity Internet service as well as your other Xfinity services (other than Xfinity Mobile).

TF note on Comcast: The ‘repeat infringer’ policy is quite detailed and worth the long read.

Cox Communications: Cox encourages responsible internet use. Our internet use policy is consistent with the Digital Millennium Copyright Act and allows us to take steps when we receive notifications of claimed infringement.

Repeated notifications of claimed violations on your account could lead to Internet service suspension or termination.

If you continue to receive copyright infringement notifications on your account, Cox suspends your Internet service. In the Customer Portal, you may reactivate your Internet service up to two times.

If your account continues to receive copyright infringement notifications, your Internet service is terminated.

TF note on Cox: The repeat infringer policy is worth a read and is quite specific in parts, less so in others.

Spectrum/Charter: TF initial note: The company doesn’t appear to have a dedicated ‘repeat infringer’ policy outside of its published “copyright violation” advice. While this is both detailed and helpful in many respects, it doesn’t give specifics on alleged ‘repeat infringers’.

After noting that “Charter may suspend or disconnect your service as a result of repeat copyright violations,” users are sent to its Acceptable Use Policy page, which reads in part as follows:

Spectrum reserves the right to investigate violations of this AUP, including the gathering of information from the Subscriber or other Users involved and the complaining party, if any, and the examination of material on Spectrum’s servers and network.

Spectrum prefers to advise Users of AUP violations and any necessary corrective action but, if Spectrum, in its sole discretion, determines that a User has violated the AUP, Spectrum will take any responsive action that is deemed appropriate without prior notification. Such action includes but is not limited to: temporary suspension of service, reduction of service resources, and termination of service.

Verizon: Pursuant to Section 512 of the DMCA, it is Verizon’s policy to terminate the account of repeat copyright infringers in appropriate circumstances.

TF note: This appears to be the shortest ‘repeat infringer’ policy of all the ISPs and is a good example of why we decided to ask all of the companies for their precise steps, so we could offer a little more detail to their customers.

Sorry, we failed, but there’s probably a good reason for that.

Summary: With several ISPs up to their necks in lawsuits filed by the RIAA alleging that they haven’t done enough to deal with “repeat infringers”, it’s perhaps no surprise that the companies ignored our requests for information.

That being said, it’s of interest that several appear to be acting in a particularly vague manner – perhaps they’re already worrying that they’ll be next on the music industry’s list.

In the meantime and in most cases, users will remain largely in the dark unless they do a lot of reading and research. And even that might not be enough.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Cox Attacks ‘Proof’ in Piracy Liability Case, Requests Summary Judgment

Post Syndicated from Ernesto original https://torrentfreak.com/cox-attacks-proof-in-piracy-liability-case-requests-summary-judgment-190910/

Last year Cox settled its piracy liability lawsuit with music rights company BMG.

The ink on this agreement was barely dry when the ISP faced a similar and additional complaint. This time, it was up against 53 music companies, including Capitol Records, Warner Bros, and Sony Music.

The rightsholders complained that Cox categorically failed to terminate repeat copyright infringers and that it substantially profited from this ongoing ‘piracy’ activity. All at the expense of the record labels and other rightsholders.

A year later, thousands of pages of legal paperwork have been processed and the case is gearing up to a trial. However, if it’s up to Cox, there is little left to discuss there because the music companies’ evidence is fatally flawed.

A few days ago, the ISP submitted a motion for summary judgment, requesting summary judgment on several key elements. Among other things, Cox argues that it’s not vicariously liable or directly liable for any copyright-infringing activity carried out by its users.

Cox’s arguments are in large part directed at the proof the music companies have. Or to be more specific, the lack thereof. The company points out that the infringement notices, which were sent on behalf of the RIAA, are far from solid. In addition, the ISP says it never received any proper notices for more of the allegedly-infringed works.

“Plaintiffs’ claims suffer from a fundamental and fatal flaw: a distinct paucity of proof. They simply cannot prove their case,” Cox writes.

“In short, Plaintiffs seek damages for works they cannot prove were infringed, based on notices that did not identify fully 80% of those works. Moreover, they have no evidence that Cox knew about the infringement, obtained any direct financial benefit from it, or had the practical ability to prevent it, such that it could be secondarily liable.”

Cox’s arguments can be quite technical at times, and some pages are completely redacted, but there are some interesting observations.

For example, the company argues that the file-sharing evidence from BitTorrent users can’t prove that any subscriber actually distributed the infringing files. The evidence, provided by BitTorrent tracking outfit MarkMonitor, only ‘shows’ the metadata of a file in possession of a subscriber, matches that of a copyrighted track.

“Here, Plaintiffs cannot prove ‘actual dissemination’ of any work to anyone—including their agent, MarkMonitor,” Cox notes.

Another issue Cox raises is that for many of the claimed infringements in the suit, Cox never received a single notice.

“Although Plaintiffs seek damages for alleged direct infringements of 7,057 sound recordings and 3,421 compositions, the RIAA Notices for recordings sent during the Claims Period contain only 1,998 unique Title and Artist combinations.”

Based on these and a variety of other arguments, the ISP requests summary judgment. This means that, if granted, these will no longer be contested at trial.

However, the pendulum, in this case, can swing the other way as well. The 53 music companies also filed a request for summary judgment. They ask the court to rule that Cox is contributory and vicariously liable for its pirating subscribers.

The companies wave away any concerns and say that Cox willingly kept pirates on board to increase its profits.

“[T]he record is clear that Cox had knowledge of its subscribers’ blatant infringement of Plaintiffs’ works and nonetheless assisted them with it. By consciously continuing to provide Internet service to known infringers, while ignoring its own copyright policies as written, Cox materially contributed to that infringing activity, and reaped substantial financial benefits as a result,” their request reads.

“Accordingly, summary judgment should be granted holding Cox liable for contributory infringement and vicarious infringement, and the Court should reject its frivolous defenses.”

Both sides’ arguments directly oppose each other and it will be up to the US District Court for the Eastern District of Virginia to determine if it grants any of the motions. If the Court grants neither motion, it will be up to a jury to decide during trial.

A copy of Cox’s motion for summary judgment is available here (pdf) and the music companies’ motion can be found here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

RIAA Refuses to Share Results of ‘Six Strikes’ Anti-Piracy Scheme

Post Syndicated from Ernesto original https://torrentfreak.com/riaa-refuses-to-share-results-of-six-strikes-anti-piracy-scheme-190827/

The so-called ‘Six-Strikes’ Copyright Alert System was once praised as an excellent tool to address online piracy.

Under the agreement, which involved the MPAA and RIAA, several large Internet providers in the US sent copyright infringement warnings to pirating customers.

After repeated alerts, these subscribers would face a variety of ‘mitigation’ measures but their accounts would not be terminated. Although rightsholders and ISPs appeared happy with the deal, it was shut down two years ago.

Instead of cooperating with ISPs, several RIAA labels then took another approach. They filed lawsuits against Internet providers for not doing enough to curb piracy. Specifically, companies such as Charter and Cox were sued for failing to disconnect repeat infringers.

The lawsuit between several music companies and Cox is ongoing and currently scheduled to go to trial later this year. Both parties are conducting discovery and the ISP has shown a keen interest in the aforementioned Copyright Alert System (CAS).

Cox itself didn’t take part in the voluntary anti-piracy scheme, but it believes that its existence can help the company’s defense. As such, it obtained a subpoena and repeatedly requested the RIAA to hand over relevant documents that show how effective it was.

However, the RIAA is not eager to cooperate. Thus far it has denied all of the requests, which prompted Cox to take the matter to court this week. The ISP asks the District of Columbia federal court to order the music industry group to comply with the subpoena and hand over the requested data.

“This motion to compel concerns the production of the reports and data generated by ISPs and sent to the RIAA regarding the number of copyright infringement notices forwarded to unique subscribers on a monthly basis that were intended to allow the RIAA to assess the effectiveness of CAS over time,” Cox writes.

Thus far the RIAA has refused to produce any documents concerning the Copyright Alert System, stating that these are irrelevant. However, Cox clearly disagrees and, in its motion, the company suggests that the data are crucial.

The ISP believes that its own measures could have been more effective than the CAS. Cox had, at least on paper, a twelve-strike policy which it said could lead to actual account terminations.

“Cox has taken the position that its graduated response was a more effective method for combating alleged copyright infringement than the CAS because, among other things, it provided for the termination of certain
‘repeat infringers’,” the ISP writes.

This would be at odds with the music labels claims in the lawsuit which state that Cox’s policy was insufficient, especially since the RIAA and other music industry insiders praised the CAS as ‘a model for success.’

With the requested documents, Cox likely wants to compare the effectiveness of the CAS with its own measures. If the company can show that its own policy was more effective than the music industry-backed scheme, it has an interesting point to make.

“The effectiveness of the measures detailed in the CAS and that the ISPs implemented for responding to the copyright infringement notices endorsed by the RIAA and the Sony plaintiffs—is therefore highly relevant to the Sony litigation,” Cox writes.

The ISP stresses that it’s crucial to get all the relevant information, not least because there’s $1.5 billion in possible copyright infringement damages hanging over its head. As such, it urges the Court to grant the motion.

Cox Communications’s motion to compel the RIAA to comply with the subpoena is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Cox Asks Court to Sanction Labels Over Destroyed Tracking Evidence

Post Syndicated from Ernesto original https://torrentfreak.com/cox-asks-court-to-sanction-labels-over-destroyed-tracking-evidence-190820/

Last year, Cox ended its piracy liability lawsuit with music company BMG, agreeing to a “substantial settlement.”

The ISP is now in the clear, however, Cox is still caught up in another lawsuit filed by a group of major music companies, all members of the RIAA.

The music outfits, including Capitol Records, Warner Bros, and Sony Music, argue that Cox categorically failed to terminate repeat copyright infringers and that the ISP substantially profited from this ongoing ‘piracy’ activity. All at the expense of the record labels and other rightsholders.

Over the past several months, both parties have conducted discovery and the case is currently scheduled to go to trial in December. While there were talks of a potential settlement a few weeks ago, things look rather different now.

Last week we reported that the ISP canceled a scheduled settlement discussion. As a result, the music outfits called for sanctions, accusing the ISP of gamesmanship. Now, it’s Cox’s turn to ask for sanctions, this time with a formal request.

Cox submitted a motion for discovery sanctions at the Virginia federal court, where it accuses the plaintiffs of relying on unsubstantiated evidence.

The concerns relate to the piracy evidence which the music companies are relying on. This is the data that was used to send copyright infringement notices to Cox, pointing out how its subscribers allegedly shared infringing material. As such, it is the basis of the “repeat infringer” claims that are central to the lawsuit.

The data in question was collected by the anti-piracy firm MarkMonitor, which keeps a close eye on global BitTorrent activity. For the lawsuit, these infringement allegations were summarized in two spreadsheets. However, Cox notes that underlying evidence has since been deleted.

“MarkMonitor failed to retain critical portions of this evidence, and the document that Plaintiffs intend to rely on is, at best, a partial and inaccurate summary of these analyses,” Cox informs the Court.

As such, Cox requests sanctions. Specifically, it asks the court for a ruling that the piracy evidence in question can’t be used to back up any claims.

“Because Plaintiffs’ agent destroyed the underlying data, leaving no way to assess the accuracy of this summary, Cox respectfully requests that the Court enter discovery sanctions against Plaintiffs in the form of a preclusion order prohibiting Plaintiffs from relying on the incomplete and unreliable MarkMonitor evidence.”

According to Cox, MarkMonitor deleted data which showed that claimed copyright infringements were indeed linked to copyrighted files. These data concern the “matching” logs it received from the fingerprinting service Audible Magic.

During discovery, Cox learned that MarkMonitor used data from Audible Magic to reach its infringement conclusions. A subsequent subpoena explained how this worked, and a deposition of Audible Magic later revealed that MarkMonitor deleted the transaction logs.

“Ultimately, Cox learned in a deposition on the last day of discovery that MarkMonitor did not produce the transaction logs at issue or the relevant database because it had destroyed them,” Cox informs the Court.

The deleted data was crucial according to the ISP, as it’s the only way to prove that the alleged infringements detailed in the spreadsheet are correct. In addition, the routinely deleted data “strongly suggests” that MarkMonitor’s spreadsheet is inaccurate.

“The destroyed Audible Magic data was undeniably material and foundational to the MarkMonitor Spreadsheet,” Cox notes.

The ISP backs up its ‘inaccuracy’ claims in redacted parts of its memorandum, mentioning that it was a “coin flip” whether or not a claimed infringement actually took place.

Coin flip

Cox argues that the record labels withheld unfavorable information so sees no other option than to scrap the spreadsheets as evidence. In their current form, they can’t be backed up.

“Because Plaintiffs failed to preserve and produce the best and most complete—indeed, the only—evidence of the alleged direct infringements, the Court should preclude Plaintiffs from relying on the ‘236 and ‘431 Spreadsheets, and any derivative documents, which are merely incomplete and inaccurate summaries of what the data would have shown,” Cox concludes.

It the Court agrees with Cox and excludes the piracy data as evidence, the case could be severely impacted.

Interestingly, this isn’t the first time that Cox has complained about spoilt evidence. The company did the same a few years ago in the BMG case, after it found out that anti-piracy company Rightscorp destroyed older versions of its piracy tracking code.

At the time the Court ruled that sanctions were indeed appropriate. However, the copyright infringement claims were not disregarded and Cox’s request to dismiss the case in its entirety was denied.

A copy of Cox’s memorandum in support of the motion for discovery sanctions and to preclude the MarkMonitor evidence is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Music Companies Accuse Cox of Gamesmanship, Asks Court for Sanctions

Post Syndicated from Ernesto original https://torrentfreak.com/music-companies-accuse-cox-of-gamesmanship-asks-court-for-sanctions-190813/

Regular Internet providers are being put under increasing pressure for not doing enough to curb copyright infringement.

Music rights company BMG got the ball rolling a few years ago when it won its piracy liability lawsuit against Cox
Communications.

Following this defeat, several major record labels including Capitol Records, Warner Bros, and Sony Music followed suit by filing a similar lawsuit in a Virginia District Court. With help from the RIAA, they also sued Cox for allegedly turning a blind eye to its pirating subscribers.

According to the rightsholders, the Internet provider knew that some of its subscribers were frequently distributing copyrighted material, accusing the company of failing to take any meaningful action in response.

Over the past months, both parties have conducted discovery and the case is currently scheduled to go to trial in December. For a moment it appeared that things wouldn’t get that far. In June, both parties indicated that there were open to a settlement discussion which was scheduled to take place in Court last week.

While the music companies and the ISP both agreed to the hearing, Cox canceled it two days in advance, with its attorney stating that his client does not believe the settlement discussions would be productive.

This cancellation didn’t go down well with the music companies. In a status report, they now complain about Cox’s behavior. According to the filing, several of the music company representatives incurred traveling costs and one person was already in the air at the time the hearing was canceled.

The music companies don’t buy the ISP’s explanation either. They say nothing has changed since Cox agreed to the settlement discussions several weeks ago.

“Between the final pretrial conference and Cox’s unilateral cancelation yesterday, absolutely nothing had happened between the parties to justify Cox’s about-face,” the plaintiffs inform the court.

“Had Cox taken this process seriously, it would have known long before yesterday that it thought settlement discussions would not be productive. Instead, Cox misled the Court and Plaintiffs for more than six weeks, forcing both to expend resources and distract from other important matters,” they add.

According to the music companies, Cox is deliberately delaying and obstructing the case. In the status report, they accuse the Internet provider of gamesmanship.

“Throughout the case, Cox has demonstrated a consistent pattern of obstruction, delay and gamesmanship. Plaintiffs thus have concern that Cox’s approach to the settlement conference was just a ruse to distract Plaintiffs at a critical time. In discovery, Cox took absurd positions, objecting to basic discovery,” they write.

Taken together, Cox’s actions deserve a sanction from the court, the music companies argue. While they haven’t submitted a formal motion for sanctions, they point out that this situation warrants one.

“The Court has broad discretion to enter sanctions pursuant to its inherent authority, including without the formality of a motion. This situation clearly calls for it,” the music companies conclude.

If the court doesn’t wish to take any actions of its own accord, the music companies are willing to submit a formal request for sanctions. However, they note that this would only be an added distraction to them.

Whether Cox is sanctioned or not, it is clear that both parties are not on speaking terms at the moment. That will only raise the tension leading up to the forthcoming trial.

A copy of the status report, filed by the music companies, is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Cox Business Subscriber Doesn’t Want Identity Revealed in Piracy Lawsuit

Post Syndicated from Ernesto original https://torrentfreak.com/cox-business-subscriber-doesnt-want-identity-revealed-in-piracy-lawsuit/

Last year a group of prominent record labels, all members of the RIAA, filed a lawsuit against ISP Cox Communications. 

The labels argue that Cox categorically failed to terminate repeat copyright infringers and that it substantially profited from this ongoing ‘piracy’ activity. All at the expense of the record labels and other rightsholders.

As part of the discovery phase, both parties requested relevant information from each other. The labels, for example, were interested in finding out the names and addresses of Cox business subscribers that received copyright infringement warnings. 

In addition to regular households, Cox also offers Internet connections to business clients and many of these – 2,793 to be precise – were flagged as pirates.

After some back and forth Cox and the record labels agreed on a stipulated court order, requiring the ISP to disclose this information. While the court signed off on this, not all affected subscribers are happy with this decision. One of them objected in court this week. 

The company in question appeared as “John Doe” and explained that it’s a  non-profit corporation that provides hospital and medical care facilities outside of Virginia. 

As is quite common today, the non-profit operates a secured network that’s only accessible to its employees. In addition, it offers public WiFi access to patients and visitors. The latter was provided by Cox in the relevant time period.

“Like other medical care providers, John Doe provides an unsecured, public
wireless network that can be accessed by patients and other visitors who agree to abide by John Doe’s terms of use for the Public WiFi network. Cox is the internet service provider for this Public WiFi network,” the company notes

It was this unsecured network that triggered the referenced copyright infringement notifications. This, despite the fact that all users had to agree to the terms of service, which specifically prohibited illegal downloading.

From the ToS

The health care provider doesn’t refute that visitors or patients may have used the network to share copyright-infringing content. However, it notes that there’s not much it can do to identify these infringers. Not then and not now.

The health care provider doesn’t track MAC addresses of people who connected to the network, and even if it did, that would only identify a device, not a person. 

Given this background, the “John Doe” company doesn’t see any reason why its details should be shared with the record labels. That won’t help to identify any copyright infringers. However, it does breach the health care provider’s privacy rights. 

“Thus, disclosure of John Doe’s subscriber information will not lead to the discovery of the individual(s) who are alleged by Plaintiffs to have engaged in copyright infringement through the misuse of John Doe’s network in violation of the access agreement,” the company informs the court.

“All disclosure will accomplish is a breach of John Doe’s privacy rights under the Cable Communications Privacy Act, 47 USC § 551, and the imposition of time and expense burdens on John Doe, all without furthering any claim or defense in this case.”

It is now up to the court to decide whether the details of the company can be handed over by Cox. Meanwhile, it remains unclear why the record labels are interested in this information at all, and how this will help their case.

A copy of John Doe’s objection to the disclosure is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Cox Will Share Names of ‘Pirating’ Business Subscribers With Record Labels

Post Syndicated from Ernesto original https://torrentfreak.com/cox-has-to-share-names-of-pirating-business-subscribers-with-record-labels-190508/

Last summer, Cox ended its piracy liability lawsuit with music company BMG, agreeing to a “substantial settlement.”

That didn’t mean an end to the ISP’s legal trouble though. Cox remains caught up in another lawsuit filed by a group of major music labels, all members of the RIAA.

The labels argue that Cox categorically failed to terminate repeat copyright infringers and that it substantially profited from this ongoing ‘piracy’ activity. All at the expense of the record labels and other rightsholders.

Most of these alleged copyright-infringers are situated in regular households. However, Cox also offers Internet connections to business clients and many of these – 2,793 to be precise – were also flagged as pirates.

This essentially means that the ISP received copyright infringement notices for activity that took place on the IP-addresses that were assigned to these companies. This is a group of customers the RIAA labels are particularly interested in. 

During discovery, the labels have asked Cox to identify these business subscribers. The ISP initially only shared some billing and payment data, but that was not enough for the music companies, which want names and addresses as well. 

This is a rather broad request that we haven’t seen before, one that puts the Internet provider in a tough spot. Not least because handing over personal data of customers without a court order goes against its privacy policy.

This week Cox and the labels submitted a proposed stipulated order in which the ISP agrees to hand over the information. There doesn’t appear to have been any opposition from the ISP, but both parties request a signed court order to address the privacy policy restrictions. 

The order, swiftly signed by U.S. District Court Judge Liam O’Grady, requires the ISP to identify the 2,793 business subscribers for which it received copyright infringement notices between February 1, 2013 and November 26, 2014.

“It is hereby stipulated and agreed by and between Plaintiffs and Cox that Cox shall make reasonable efforts to notify the Business Subscribers, within five days of entry of this Stipulated Order, of Cox’s intent to disclose their name and contact information to Plaintiffs pursuant to this Order,” it reads.

From the order

The order also requires Cox to alert the affected business subscribers, who will then have the option to protest the decision. If that doesn’t happen, the personal information will be handed over to the labels.

The names and addresses of the business subscribers won’t be made public, as they fall under an earlier signed protective order. This states that any personal information of subscribers is classified as “highly confidential” data which means that it’s for attorneys’ eyes only.

While the paperwork is in order, one burning question remains. Why are the RIAA labels interested in knowing which businesses were flagged for copyright infringement?

There are no signs that any of these companies will be pursued individually.  What is clear, however, is that the music companies see the information as substantial evidence that will help to argue their case. Time will tell what the exact purpose is.

A copy of the stipulated order to product identifying information concerning certain Cox business subscribers is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

[$] Willy’s memory-management to-do list

Post Syndicated from corbet original https://lwn.net/Articles/753078/rss

Matthew “Willy” Wilcox has been doing a fair amount of work in the
memory-management area recently. He showed up at the 2018 Linux Storage,
Filesystem, and Memory-Management Summit with a list of discussion topics
related to that work; it was enough to fill a plenary session with some
spillover into the memory-management track the next day. Some of his
topics were fairly straightforward; others look to be somewhat more
involved.

Reddit Repeat Infringer Policy Shuts Down Megalinks Piracy Sub

Post Syndicated from Andy original https://torrentfreak.com/reddit-repeat-infringer-policy-shuts-down-megalinks-piracy-sub-180430/

Without doubt, Reddit is one of the most popular sites on the entire Internet. At the time of writing it’s the fourth most visited site in the US with 330 million users per month generating 14 billion screenviews.

The core of the site’s success is its communities. Known as ‘sub-Reddits’ or just ‘subs’, there are currently 138,000 of them dedicated to every single subject you can think of and tens of thousands you’d never considered.

Even though they’re technically forbidden, a small but significant number are dedicated to piracy, offering links to copyright-infringing content hosted elsewhere. One of the most popular is /r/megalinks, which is dedicated to listing infringing content (mainly movies and TV shows) uploaded to file-hosting site Mega.

Considering its activities, Megalinks has managed to stay online longer than most people imagined but following an intervention from Reddit, the content indexing sub has stopped accepting new submissions, which will effectively shut it down.

In an announcement Sunday, the sub’s moderators explained that following a direct warning from Reddit’s administrators, the decision had been taken to move on.

“As most of you know by now, we’ve had to deal with a lot of DMCA takedowns over the last 6 months. Everyone knew this day would come, eventually, and its finally here,” they wrote.

“We received a formal warning from Reddit’s administration 2 days ago, and have decided to restrict new submissions for the safety of the subreddit.”

The message from Reddit’s operators makes it absolutely clear that Reddit isn’t the platform to host what amounts to a piracy links forum.

“This is an official warning from Reddit that we are receiving too many copyright infringement notices about material posted to your community. We will be required to ban this community if you can’t adequately address the problem,” the warning reads.

Noting that Redditors aren’t allowed to post content that infringes copyrights, the administrators say they are required by law to handle DMCA notices and that in cases where infringement happens on multiple occasions, that needs to be handled in a more aggressive manner.

“The law also requires us to issue bans in cases of repeat infringement. Sometimes a repeat infringement problem is limited to just one user and we ban just that person. Other times the problem pervades a whole community and we ban the community,” the admins continue.

“This is our formal warning about repeat infringement in this community. Over the past three months we’ve had to remove material from the community in response to copyright notices 60 times. That’s an unusually high number taking into account the community’s size.

The warning suggests ways to keep infringing content down but in a sub dedicated to piracy, they’re all completely irrelevant. It also suggests removing old posts to ensure that Reddit doesn’t keep getting notices, but that would mean deleting pretty much everything. Backups exist but a simple file is a poor substitute for a community.

So, with Reddit warning that without change the sub will be banned, the moderators of /r/megalinks have decided to move on to a new home. Reportedly hosted ‘offshore’, their new forum already has more than 9,800 members and is likely to grow quickly as the word spreads.

A month ago, the /r/megaporn sub-Reddit suffered a similar fate following a warning from Reddit’s admins. It successfully launched a new external forum which is why the Megalinks crew decided on the same model.

“[A]fter seeing how /r/megaporn approached the same situation, we had started working on an offshore forum a week ago in anticipation of the ban. This allows us to work however we want, without having to deal with Reddit’s policies and administration,” the team explain.

Ever since the BMG v Cox case went bad ways for the ISP in 2015, repeat infringer policies have become a very hot topic in the US. That Reddit is now drawing a line in the sand over a relatively small number of complaints (at least compared to other similar platforms) is clear notice that Reddit and blatant piracy won’t be allowed to walk hand in hand.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

How Many Piracy Warnings Would Get You to Stop?

Post Syndicated from Andy original https://torrentfreak.com/how-many-piracy-warnings-would-get-you-to-stop-180422/

For the past several years, copyright holders in the US and Europe have been trying to reach out to file-sharers in an effort to change their habits.

Whether via high-profile publicity lawsuits or a simple email, it’s hoped that by letting people know they aren’t anonymous, they’ll stop pirating and buy more content instead.

Traditionally, most ISPs haven’t been that keen on passing infringement notices on. However, the BMG v Cox lawsuit seems to have made a big difference, with a growing number of ISPs now visibly warning their users that they operate a repeat infringer policy.

But perhaps the big question is how seriously users take these warnings because – let’s face it – that’s the entire point of their existence.

There can be little doubt that a few recipients will be scurrying away at the slightest hint of trouble, intimidated by the mere suggestion that they’re being watched.

Indeed, a father in the UK – who received a warning last year as part of the Get it Right From a Genuine Site campaign – confidently and forcefully assured TF that there would be no more illegal file-sharing taking place on his ten-year-old son’s computer again – ever.

In France, where the HADOPI anti-piracy scheme received much publicity, people receiving an initial notice are most unlikely to receive additional ones in future. A December 2017 report indicated that of nine million first warning notices sent to alleged pirates since 2012, ‘just’ 800,000 received a follow-up warning on top.

The suggestion is that people either stop their piracy after getting a notice or two, or choose to “go dark” instead, using streaming sites for example or perhaps torrenting behind a decent VPN.

But for some people, the message simply doesn’t sink in early on.

A post on Reddit this week by a TWC Spectrum customer revealed that despite a wealth of readily available information (including masses in the specialist subreddit where the post was made), even several warnings fail to have an effect.

“Was just hit with my 5th copyright violation. They halted my internet and all,” the self-confessed pirate wrote.

There are at least three important things to note from this opening sentence.

Firstly, the first four warnings did nothing to change the user’s piracy habits. Secondly, Spectrum presumably had enough at five warnings and kicked in a repeat-infringer suspension, presumably to avoid the same fate as Cox in the BMG case. Third, the account suspension seems to have changed the game.

Notably, rather than some huge blockbuster movie, that fifth warning came due to something rather less prominent.

“Thought I could sneak in a random episode of Rosanne. The new one that aired LOL. That fast. Under 24 hours I got shut off. Which makes me feel like [ISPs] do monitor your traffic and its not just the people sending them notices,” the post read.

Again, some interesting points here.

Any content can be monitored by rightsholders but if it’s popular in the US then a warning delivered via an ISP seems to be more likely than elsewhere. However, the misconception that the monitoring is done by ISPs persists, despite that not being the case.

ISPs do not monitor users’ file-sharing activity, anti-piracy companies do. They can grab an IP address the second someone enters a torrent swarm, or even connects to a tracker. It happens in an instant, at a time of their choosing. Quickly jumping in and out of a torrent is no guarantee and the fallacy of not getting caught due to a failure to seed is just that – a fallacy.

But perhaps the most important thing is that after five warnings and a disconnection, the Reddit user decided to take action. Sadly for the people behind Rosanne, it’s not exactly the reaction they’d have hoped for.

“I do not want to push it but I am curious to what happens 6th time, and if I would even be safe behind a VPN,” he wrote.

“Just want to learn how to use a VPN and Sonarr and have a guilt free stress free torrent watching.”

Of course, there was no shortage of advice.

“If you have gotten 5 notices, you really should of learnt [sic] how to use a VPN before now,” one poster noted, perhaps inevitably.

But curiously, or perhaps obviously given the number of previous warnings, the fifth warning didn’t come as a surprise to the user.

“I knew they were going to hit me for it. I just didn’t think a 195mb file would do it. They were getting me for Disney movies in the past,” he added.

So how do you grab the attention of a persistent infringer like this? Five warnings and a suspension apparently. But clearly, not even that is a guarantee of success. Perhaps this is why most ‘strike’ schemes tend to give up on people who can’t be rehabilitated.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

[$] The XArray data structure

Post Syndicated from corbet original https://lwn.net/Articles/745073/rss

Sometimes, a data structure proves to be inadequate for its intended task.
Other times, though, the problem may be somewhere else — in the API used to
access it, for example. Matthew Wilcox’s presentation during the 2018
linux.conf.au Kernel miniconf made the case that, for the kernel’s
venerable radix tree data structure, the
latter situation holds. His response is a new approach to an old data
structure that he is calling the “XArray”.

An honorary degree for Alan Cox

Post Syndicated from corbet original http://lwn.net/Articles/694974/rss

Congratulations are due to Alan Cox, who was awarded
an honorary degree
by Swansea University for his work with Linux.
Alan started working on Version 0. There were bugs and problems he
could correct. He put Linux on a machine in the Swansea University computer
network, which revealed many problems in networking which he sorted out;
later he rewrote the networking software. Alan brought to Linux software
engineering discipline: Linux software releases that were tested, corrected
and above all stable. On graduating, Alan worked at Swansea University, set
up the UK Linux server and distributed thousands of systems.

Sometimes techy details matter

Post Syndicated from Robert Graham original http://blog.erratasec.com/2016/03/sometimes-techy-details-matter.html

How terrorists use encryption is going to become central to the Cryptowars 2.0 debate. Both sides are going to cite the case of Reda Hame described in this NYTimes article. On one hand, it shows that terrorists do indeed use encryption. On the other hand, the terrorists used TrueCrypt, which can’t be stopped, no matter how many “backdoor” laws the police-state tries to pass.The problem with the NYTimes article is that the technical details are garbled. (Update: at the bottom, I correct them). Normally, that’s not a problem, because we experts can fill in the details using basic assumptions. But the technique ISIS used is bizarre, using TrueCrypt containers uploaded to a file-sharing site. This is a horrible way to pass messages — assumptions we make trying to fill in the blanks are likely flawed.Moreover, there is good reason to distrust the NYTimes article. Small details conflict with a similar article in the French newspaper Le Monde from January 6. Both articles are based on the same confession by Reda Hame from last August.For example, in discussing a training accident with a grenade, the NYTimes article says “Mr. Hame did not throw it far enough and was cut by shrapnel”. The Le Monde version says he tossed a stun grenade into a hut, then entered the hut, after which the grenade exploded. Stun grenades don’t have “shrapnel”. As the Le Monde article provides a direct quote, in the original French, it is more trustworthy:”J’ai jeté la grenade dans la maisonnette, j’ai entendu une petite explosion, je suis rentré dans la maison, j’ai tiré dans trois cibles, puis la grenade a explosé”Update: You would not throw a fragmentation grenade at a silhouette drawn on a wall, as the New York Times article describes. Throw it hard enough, and it just bounces back toward you. That’s not how it works. How it does work is how Le Monde describes, wait for the a stun grenade to go off before entering the room. The interrogation of Reda Hame lasted over 17 hours over multiple days, so you can imagine that at some point, he might have retold the story in a different way that might be closer to how the NYTimes describe it, thus accounting for the discrepancy. But this is doubtful, since this is not things work.This is just one example, there are several other discrepancies with Le Monde. If the reporter gets these types of details wrong, how can we trust her on getting details of TrueCrypt correct?For example, the reporter describes “a piece of paper showing his login credentials for TrueCrypt”, though a picture of TrueCrypt in the article shows the use of “keyfiles”. However, there’s no such thing as “login credentials for TrueCrypt”. It’s not a website or a computer, you don’t “login” to it. There’s no username. Instead, you have the passphrase to encrypt or decrypt the file. This is a perfectly fine detail to mess up in normal circumstances, because the average reader neither knows nor cares about the difference. But, since we techies are confused, and the reporter isn’t trustworthy about getting small details correct, the difference suddenly looms large. Maybe the reporter is confused about the difference between “login credentials” for TrueCrypt and login credentials for the file upload site.She then goes on to describe “he was to upload the encrypted message folder onto a Turkish commercial data storage site”. Again, the terminology “encrypted message folder” in confusing. We assume it means the encrypted volume file, or the encrypted container file.Also, what the heck is a “commercial data storage site”?? She goes on to tweet:65/ They were using a program like TrueCrypt and then uploading the encrypted folder onto a website like https://t.co/Fnx7sNrTWy— Rukmini Callimachi (@rcallimachi) March 29, 2016What does this mean “like dosya.co”? Is it that site, or another one?Also, that site is a “file sharing” site, not a “data storage” site. File sharing services are designed to share files, usually copyrighted materials like movies, music, porn, games, and ebooks. Data storage services like DropBox are designed for data storage. It’s an important detail, especially when you consider how intelligence services might be monitoring them for metadata.I’ve written up a brief post on how intelligence services can track down terrorists using this technique, from either already collected metadata, or monitoring with their “XKeyScore” system. But I have little faith I’ve understood the details correctly from the NYTimes article, so there’s a good chance my post is just nonsense.This isn’t an issue of being unnecessarily pedantic. I fully support the idea that reporters can use inelegant or “wrong” terminology in order to get the point across. The problem here is that I don’t think the reporter is getting the point across. I’m confused. Moreover, we know that the reporter has gotten other details wrong, when comparing similar passages with the Le Monde article, which directly quotes the subject.Update: And now I’ve read one of the original French documents where the subject describes what was on that slip of paper recovered from his apartment, and confirmed my suspicion that the NYTimes article got details wrong.The document I saw says the slip of paper had login details for the file sharing site, not a TrueCrypt password. Thus, when the NYTimes article says “TrueCrypt login credentials”, we should correct it to “file sharing site login credentials”, not “TrueCrypt passphrase”.The original French uses the word “boîte”, which matches the TrueCrypt term “container”. The original French didn’t use the words “fichier” (file), “dossier” (folder), or “répertoire” (directory). This makes so much more sense, and gives us more confidence we know what they were doing.The original French uses the term “site de partage”, meaning a “sharing site”, which makes more sense than a “storage” site.MOST importantly, according the subject, the login details didn’t even work. It appears he never actually used this method — he was just taught how to use it. He no longer remembers the site’s name, other than it might have the word “share” in its name. We see this a lot: ISIS talks a lot about encryption, but the evidence of them actually using it is scant.Update to this update: Runa Sandvik insists there are more than one pieces of paper in the story. Therefore, I could be talking about one piece of paper with “website login”, while the NYTimes article could be talking about another with “TrueCrypt password”:@ErrataRob @thegrugq @csoghoian @josephfcox @moltke Re our conversation this morning; there are multiple pieces of paper in this story.— Runa A. Sandvik (@runasand) April 1, 2016But the original article references only a single piece of paper, “in his bag a piece of paper showing his login credentials for TrueCrypt”. It’s very strange that they are now claiming there existed separate pieces of paper that contained the website login credentials not mentioned in the original story.She insists the reason for the bad technical terms was to make it more understandable to non-technical readers:@ErrataRob That phrase may have been used to make it more understandable to all the non-technical readers.— Runa A. Sandvik (@runasand) April 1, 2016This, of course, is bogus. Nobody thinks that non-technical readers will understand “TrueCrypt login credentials” easier than “TrueCrypt password”. Non-technical users understand “password” much better than “credentials”.Update: Somebody (@thegrugq) pointed out yet another discrepancy with a CNN story, describing the process of uploading to a file sharing site:NYTimes: “basically a dead inbox”CNN: “it operated like a dead letter drop”The original phrase in French was “une boîte aux lettres morte” (a box of dead letters). The correct translation is “dead drop” (or “dead letter drop”), not “dead inbox”. The word “boîte” can also refer to a person’s inbox, so it’s a reasonable error to make if you don’t understand this is a specific spycraft term and are attempting to just translate the words according to French vernacular.

Sometimes techy details matter

Post Syndicated from Robert Graham original http://blog.erratasec.com/2016/03/sometimes-techy-details-matter.html

How terrorists use encryption is going to become central to the Cryptowars 2.0 debate. Both sides are going to cite the case of Reda Hame described in this NYTimes article. On one hand, it shows that terrorists do indeed use encryption. On the other hand, the terrorists used TrueCrypt, which can’t be stopped, no matter how many “backdoor” laws the police-state tries to pass.The problem with the NYTimes article is that the technical details are garbled. (Update: at the bottom, I correct them). Normally, that’s not a problem, because we experts can fill in the details using basic assumptions. But the technique ISIS used is bizarre, using TrueCrypt containers uploaded to a file-sharing site. This is a horrible way to pass messages — assumptions we make trying to fill in the blanks are likely flawed.Moreover, there is good reason to distrust the NYTimes article. Small details conflict with a similar article in the French newspaper Le Monde from January 6. Both articles are based on the same confession by Reda Hame from last August.For example, in discussing a training accident with a grenade, the NYTimes article says “Mr. Hame did not throw it far enough and was cut by shrapnel”. The Le Monde version says he tossed a stun grenade into a hut, then entered the hut, after which the grenade exploded. Stun grenades don’t have “shrapnel”. As the Le Monde article provides a direct quote, in the original French, it is more trustworthy:”J’ai jeté la grenade dans la maisonnette, j’ai entendu une petite explosion, je suis rentré dans la maison, j’ai tiré dans trois cibles, puis la grenade a explosé”Update: You would not throw a fragmentation grenade at a silhouette drawn on a wall, as the New York Times article describes. Throw it hard enough, and it just bounces back toward you. That’s not how it works. How it does work is how Le Monde describes, wait for the a stun grenade to go off before entering the room. The interrogation of Reda Hame lasted over 17 hours over multiple days, so you can imagine that at some point, he might have retold the story in a different way that might be closer to how the NYTimes describe it, thus accounting for the discrepancy. But this is doubtful, since this is not things work.This is just one example, there are several other discrepancies with Le Monde. If the reporter gets these types of details wrong, how can we trust her on getting details of TrueCrypt correct?For example, the reporter describes “a piece of paper showing his login credentials for TrueCrypt”, though a picture of TrueCrypt in the article shows the use of “keyfiles”. However, there’s no such thing as “login credentials for TrueCrypt”. It’s not a website or a computer, you don’t “login” to it. There’s no username. Instead, you have the passphrase to encrypt or decrypt the file. This is a perfectly fine detail to mess up in normal circumstances, because the average reader neither knows nor cares about the difference. But, since we techies are confused, and the reporter isn’t trustworthy about getting small details correct, the difference suddenly looms large. Maybe the reporter is confused about the difference between “login credentials” for TrueCrypt and login credentials for the file upload site.She then goes on to describe “he was to upload the encrypted message folder onto a Turkish commercial data storage site”. Again, the terminology “encrypted message folder” in confusing. We assume it means the encrypted volume file, or the encrypted container file.Also, what the heck is a “commercial data storage site”?? She goes on to tweet:65/ They were using a program like TrueCrypt and then uploading the encrypted folder onto a website like https://t.co/Fnx7sNrTWy— Rukmini Callimachi (@rcallimachi) March 29, 2016What does this mean “like dosya.co”? Is it that site, or another one?Also, that site is a “file sharing” site, not a “data storage” site. File sharing services are designed to share files, usually copyrighted materials like movies, music, porn, games, and ebooks. Data storage services like DropBox are designed for data storage. It’s an important detail, especially when you consider how intelligence services might be monitoring them for metadata.I’ve written up a brief post on how intelligence services can track down terrorists using this technique, from either already collected metadata, or monitoring with their “XKeyScore” system. But I have little faith I’ve understood the details correctly from the NYTimes article, so there’s a good chance my post is just nonsense.This isn’t an issue of being unnecessarily pedantic. I fully support the idea that reporters can use inelegant or “wrong” terminology in order to get the point across. The problem here is that I don’t think the reporter is getting the point across. I’m confused. Moreover, we know that the reporter has gotten other details wrong, when comparing similar passages with the Le Monde article, which directly quotes the subject.Update: And now I’ve read one of the original French documents where the subject describes what was on that slip of paper recovered from his apartment, and confirmed my suspicion that the NYTimes article got details wrong.The document I saw says the slip of paper had login details for the file sharing site, not a TrueCrypt password. Thus, when the NYTimes article says “TrueCrypt login credentials”, we should correct it to “file sharing site login credentials”, not “TrueCrypt passphrase”.The original French uses the word “boîte”, which matches the TrueCrypt term “container”. The original French didn’t use the words “fichier” (file), “dossier” (folder), or “répertoire” (directory). This makes so much more sense, and gives us more confidence we know what they were doing.The original French uses the term “site de partage”, meaning a “sharing site”, which makes more sense than a “storage” site.MOST importantly, according the subject, the login details didn’t even work. It appears he never actually used this method — he was just taught how to use it. He no longer remembers the site’s name, other than it might have the word “share” in its name. We see this a lot: ISIS talks a lot about encryption, but the evidence of them actually using it is scant.Update to this update: Runa Sandvik insists there are more than one pieces of paper in the story. Therefore, I could be talking about one piece of paper with “website login”, while the NYTimes article could be talking about another with “TrueCrypt password”:@ErrataRob @thegrugq @csoghoian @josephfcox @moltke Re our conversation this morning; there are multiple pieces of paper in this story.— Runa A. Sandvik (@runasand) April 1, 2016But the original article references only a single piece of paper, “in his bag a piece of paper showing his login credentials for TrueCrypt”. It’s very strange that they are now claiming there existed separate pieces of paper that contained the website login credentials not mentioned in the original story.She insists the reason for the bad technical terms was to make it more understandable to non-technical readers:@ErrataRob That phrase may have been used to make it more understandable to all the non-technical readers.— Runa A. Sandvik (@runasand) April 1, 2016This, of course, is bogus. Nobody thinks that non-technical readers will understand “TrueCrypt login credentials” easier than “TrueCrypt password”. Non-technical users understand “password” much better than “credentials”.Update: Somebody (@thegrugq) pointed out yet another discrepancy with a CNN story, describing the process of uploading to a file sharing site:NYTimes: “basically a dead inbox”CNN: “it operated like a dead letter drop”The original phrase in French was “une boîte aux lettres morte” (a box of dead letters). The correct translation is “dead drop” (or “dead letter drop”), not “dead inbox”. The word “boîte” can also refer to a person’s inbox, so it’s a reasonable error to make if you don’t understand this is a specific spycraft term and are attempting to just translate the words according to French vernacular.

Node.JS module to access Cisco IOS XR XML interface

Post Syndicated from Delian Delchev original http://deliantech.blogspot.com/2015/03/nodejs-module-to-access-cisco-ios-xr.html

Hello to all,This is the early version of my module for Node.JS that allows configuring routers and retrieving information over Cisco IOS XR’s XML interface.The module is in its early phases – it still does not read IOS XR schema files and therefore decode the data (in JSON) in a little ugly way (too much arrays). I am planning to fix it, so there may be changes in the responses.Please see bellow the first version of the documentation I’ve set in the github:Module for Cisco XML API interface IOS XRThis is a small module that implements interface to Cisco IOS XR XML Interface.This module open an maintain TCP session to the router, sends requests and receive responses.InstallationTo install the module do something like that:npm install node-ciscoxmlUsageIt is very easy to use this module. See the methods bellow:Load the moduleTo load and use the module, you have to use a code similar to this:var cxml = require(‘node-ciscoxml’);var c = cxml( { …connect options.. });Module init and connect optionshost (default 127.0.0.1) – the hostname of the router where we’ll connectport (default 38751) – the port of the router where XML API is listeningusername (default guest) – the username used for authentication, if username is requested by the remote sidepassword (default guest) – the password used for authentication, if password is requested by the remote sideconnectErrCnt (default 3) – how many times it will retry to connect in case of an errorautoConnect (default true) – should it try to auto connect to the remote side if a request is dispatched and there is no open session alreadyautoDisconnect (default 60000) – how much milliseconds we will wait for another request before the tcp session to the remote side is closed. If the value is 0, it will wait forever (or until the remote side disconnects). Bear in mind autoConnect set to false does not assume autoDisconnect set to 0/false as well.userPromptRegex (default (Username|Login)) – the rule used to identify that the remote side requests for a usernamepassPromptRegex (default Password) – the rule used to identify that the remote side requests for a passwordxmlPromptRegex (default XML>) – the rule used to identify successful login/connectionnoDelay (default true) – disables the Nagle algorithm (true)keepAlive (default 30000) – enabled or disables (value of 0) TCP keepalive for the socketssl (default false) – if it is set to true or an object, then SSL session will be opened. Node.js TLS module is used for that so if the ssl points to an object, the tls options are taken from it. Be careful – enabling SSL does not change the default port from 38751 to 38752. You have to set it explicitly!Example:var cxml = require(‘node-ciscoxml’);var c = cxml( { host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});connect methodThis method forces explicitly a connection. It could accept any options of the above.Example:var cxml = require(‘node-ciscoxml’);var c = cxml();c.connect( { host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});The connect method is not necessary to be used. If autoConnect is enabled (default) the module will automatically open and close tcp connections when needed.Connect supports callback. Example:var cxml = require(‘node-ciscoxml’);cxml().connect( { host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’}, function(err) { if (!err) console.log(‘Successful connection’);});The callback may be the only parameter as well. Example:var cxml = require(‘node-ciscoxml’);cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’}).connect(function(err) { if (!err) console.log(‘Successful connection’);});Example with SSL:var cxml = require(‘node-ciscoxml’);var fs = require(‘fs’);cxml({ host: ‘10.10.1.1’, port: 38752, username: ‘xmlapi’, password: ‘xmlpass’, ssl: { // These are necessary only if using the client certificate authentication key: fs.readFileSync(‘client-key.pem’), cert: fs.readFileSync(‘client-cert.pem’), // This is necessary only if the server uses the self-signed certificate ca: [ fs.readFileSync(‘server-cert.pem’) ] }}).connect(function(err) { if (!err) console.log(‘Successful connection’);});disconnect methodThis method explicitly disconnects a connection.sendRaw method.sendRaw(data,callback)Parameters:data – a string containing valid Cisco XML request to be sentcallback – function that will be called when a valid Cisco XML response is receivedExample:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRaw(‘<Request><GetDataSpaceInfo/></Request>’,function(err,data) { console.log(‘Received’,err,data);});sendRawObj method.sendRawObj(data,callback)Parameters:data – a javascript object that will be converted to a Cisco XML requestcallback – function that will be called with valid Cisco XML response converted to javascript objectExample:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRawObj({ GetDataSpaceInfo: ” },function(err,data) { console.log(‘Received’,err,data);});rootGetDataSpaceInfo method.rootGetDataSpaceInfo(callback)Equivalent to .sendRawObj for GetDataSpaceInfo commandgetNextSends getNext request with a specific id, so we can retrieve the rest of the previous operation if it has been truncated.id – the ID callback – the callback with the data (in js object format)Keep in mind next response may be truncated as well, so you have to check for IteratorID all the time.Example:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRawObj({ Get: { Configuration: {} } },function(err,data) { console.log(‘Received’,err,data); if ((!err) && data && data.Response.$.IteratorID) { return c.getNext(data.Response.$.IteratorID,function(err,nextData) { // .. code to merge data with nextData }); } // .. code});sendRequest methodThis method is equivalent to sendRawObj but it can automatically detect the need and resupply GetNext requests so the response is absolutley full. Therefore this method should be the preferred method for sending requests that expect very large replies.Example:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRequest({ GetDataSpaceInfo: ” },function(err,data) { console.log(‘Received’,err,data);});requestPath methodThis is a method equivalent to sendRequest but instead of an object, the request may be formatted in a simple path string. This metod is not very useful for complex requests. But its value is in the ability to simplify very much the simple requests. The response is in JavaScript objectExample:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.requestPath(‘Get.Configuration.Hostname’,function(err,data) { console.log(‘Received’,err,data);});reqPathPath methodThis is the same method as requestPath, but the response is not an object, but a path array. The method supports optional filter, which has to be a RegExp object and all paths and values will be tested against it Only those returning true will be included in the response array.Example:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.reqPathPath(‘Get.Configuration.Hostname’,/Hostname/,function(err,data) { console.log(‘Received’,data[0]); // The output should be something like // [ ‘Response(“MajorVersion”=”1″,”MinorVersion”=”0”).Get.Configuration.Hostname(“MajorVersion”=”1″,”MinorVersion”=”0”)’, ‘asr9k-router’ ] });This method could be very useful for getting simple responses and configurations.getConfig methodThis method requests the whole configuration of the remote device and return it as objectExample:c.getConfig(function(err,config) { console.log(err,config);});cliConfig methodThis method is quite simple, it executes a command(s) in CLI Configuration mode and return the response in JS Object. You have to know that any configuration change in IOS XR is not effective unless it is committed!Example:c.cliConfig(‘username testuserngroup operatorn’,function(err,data) { console.log(err,data); c.commit();});cliExec methodExecutes a command(s) in CLI Exec mode and return the response in JS Object.c.cliExec(‘show interfaces’,function(err,data) { console.log(err,data?data.Response.CLI[0].Exec[0]);});commit methodCommit the current configuration.Example:c.commit(function(err,data) { console.log(err,data);});lock methodLocks the configuration mode.Example:c.lock(function(err,data) { console.log(err,data);});unlock methodUnlocks the configuration mode.Example:c.unlock(function(err,data) { console.log(err,data);});Configure Cisco IOS XR for XML agentTo configure IOS XR for remote XML configuration you have to:Ensure you have *mgbl*** package installed and activated! Without it you will have no xml agentcommands!Enable the XML agent with a similar configuration:xml agent vrf default ipv4 access-list SECUREACCESS ! ipv6 enable session timeout 10 iteration on size 100000!You can enable tty and/or ssl agents as well!(Keep in mind – full filtering of the XML access has to be done by the control-plane management-plane command! The XML interface does not use VTYs!)You have to ensure you have correctly configured aaa as the xml agent uses default method for both authentication and authorization and that cannot be changed (last verified with IOS XR 5.3).You have to have both aaa authentication and authorization. If authorization is not set (aaa authorization default local or none), you may not be able to log in. And you shall ensure that both the authentication and authorization share the same source (tacacs+ or local).The default agent port is 38751 for the default agent and 38752 for SSL.DebuggingThe module uses “debug” module to log its outputs. You can enable the debugging by having in your code something like:require(‘debug’).enable(‘ciscoxml’);Or setting DEBUG environment to ciscoxml before starting the Node.JS

Node.JS module to access Cisco IOS XR XML interface

Post Syndicated from Delian Delchev original http://deliantech.blogspot.com/2015/03/nodejs-module-to-access-cisco-ios-xr.html

Hello to all,This is the early version of my module for Node.JS that allows configuring routers and retrieving information over Cisco IOS XR’s XML interface.The module is in its early phases – it still does not read IOS XR schema files and therefore decode the data (in JSON) in a little ugly way (too much arrays). I am planning to fix it, so there may be changes in the responses.Please see bellow the first version of the documentation I’ve set in the github:Module for Cisco XML API interface IOS XRThis is a small module that implements interface to Cisco IOS XR XML Interface.This module open an maintain TCP session to the router, sends requests and receive responses.InstallationTo install the module do something like that:npm install node-ciscoxmlUsageIt is very easy to use this module. See the methods bellow:Load the moduleTo load and use the module, you have to use a code similar to this:var cxml = require(‘node-ciscoxml’);var c = cxml( { …connect options.. });Module init and connect optionshost (default 127.0.0.1) – the hostname of the router where we’ll connectport (default 38751) – the port of the router where XML API is listeningusername (default guest) – the username used for authentication, if username is requested by the remote sidepassword (default guest) – the password used for authentication, if password is requested by the remote sideconnectErrCnt (default 3) – how many times it will retry to connect in case of an errorautoConnect (default true) – should it try to auto connect to the remote side if a request is dispatched and there is no open session alreadyautoDisconnect (default 60000) – how much milliseconds we will wait for another request before the tcp session to the remote side is closed. If the value is 0, it will wait forever (or until the remote side disconnects). Bear in mind autoConnect set to false does not assume autoDisconnect set to 0/false as well.userPromptRegex (default (Username|Login)) – the rule used to identify that the remote side requests for a usernamepassPromptRegex (default Password) – the rule used to identify that the remote side requests for a passwordxmlPromptRegex (default XML>) – the rule used to identify successful login/connectionnoDelay (default true) – disables the Nagle algorithm (true)keepAlive (default 30000) – enabled or disables (value of 0) TCP keepalive for the socketssl (default false) – if it is set to true or an object, then SSL session will be opened. Node.js TLS module is used for that so if the ssl points to an object, the tls options are taken from it. Be careful – enabling SSL does not change the default port from 38751 to 38752. You have to set it explicitly!Example:var cxml = require(‘node-ciscoxml’);var c = cxml( { host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});connect methodThis method forces explicitly a connection. It could accept any options of the above.Example:var cxml = require(‘node-ciscoxml’);var c = cxml();c.connect( { host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});The connect method is not necessary to be used. If autoConnect is enabled (default) the module will automatically open and close tcp connections when needed.Connect supports callback. Example:var cxml = require(‘node-ciscoxml’);cxml().connect( { host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’}, function(err) { if (!err) console.log(‘Successful connection’);});The callback may be the only parameter as well. Example:var cxml = require(‘node-ciscoxml’);cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’}).connect(function(err) { if (!err) console.log(‘Successful connection’);});Example with SSL:var cxml = require(‘node-ciscoxml’);var fs = require(‘fs’);cxml({ host: ‘10.10.1.1’, port: 38752, username: ‘xmlapi’, password: ‘xmlpass’, ssl: { // These are necessary only if using the client certificate authentication key: fs.readFileSync(‘client-key.pem’), cert: fs.readFileSync(‘client-cert.pem’), // This is necessary only if the server uses the self-signed certificate ca: [ fs.readFileSync(‘server-cert.pem’) ] }}).connect(function(err) { if (!err) console.log(‘Successful connection’);});disconnect methodThis method explicitly disconnects a connection.sendRaw method.sendRaw(data,callback)Parameters:data – a string containing valid Cisco XML request to be sentcallback – function that will be called when a valid Cisco XML response is receivedExample:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRaw(‘<Request><GetDataSpaceInfo/></Request>’,function(err,data) { console.log(‘Received’,err,data);});sendRawObj method.sendRawObj(data,callback)Parameters:data – a javascript object that will be converted to a Cisco XML requestcallback – function that will be called with valid Cisco XML response converted to javascript objectExample:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRawObj({ GetDataSpaceInfo: ” },function(err,data) { console.log(‘Received’,err,data);});rootGetDataSpaceInfo method.rootGetDataSpaceInfo(callback)Equivalent to .sendRawObj for GetDataSpaceInfo commandgetNextSends getNext request with a specific id, so we can retrieve the rest of the previous operation if it has been truncated.id – the ID callback – the callback with the data (in js object format)Keep in mind next response may be truncated as well, so you have to check for IteratorID all the time.Example:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRawObj({ Get: { Configuration: {} } },function(err,data) { console.log(‘Received’,err,data); if ((!err) && data && data.Response.$.IteratorID) { return c.getNext(data.Response.$.IteratorID,function(err,nextData) { // .. code to merge data with nextData }); } // .. code});sendRequest methodThis method is equivalent to sendRawObj but it can automatically detect the need and resupply GetNext requests so the response is absolutley full. Therefore this method should be the preferred method for sending requests that expect very large replies.Example:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.sendRequest({ GetDataSpaceInfo: ” },function(err,data) { console.log(‘Received’,err,data);});requestPath methodThis is a method equivalent to sendRequest but instead of an object, the request may be formatted in a simple path string. This metod is not very useful for complex requests. But its value is in the ability to simplify very much the simple requests. The response is in JavaScript objectExample:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.requestPath(‘Get.Configuration.Hostname’,function(err,data) { console.log(‘Received’,err,data);});reqPathPath methodThis is the same method as requestPath, but the response is not an object, but a path array. The method supports optional filter, which has to be a RegExp object and all paths and values will be tested against it Only those returning true will be included in the response array.Example:var cxml = require(‘node-ciscoxml’);var c = cxml({ host: ‘10.10.1.1’, port: 5000, username: ‘xmlapi’, password: ‘xmlpass’});c.reqPathPath(‘Get.Configuration.Hostname’,/Hostname/,function(err,data) { console.log(‘Received’,data[0]); // The output should be something like // [ ‘Response(“MajorVersion”=”1″,”MinorVersion”=”0”).Get.Configuration.Hostname(“MajorVersion”=”1″,”MinorVersion”=”0”)’, ‘asr9k-router’ ] });This method could be very useful for getting simple responses and configurations.getConfig methodThis method requests the whole configuration of the remote device and return it as objectExample:c.getConfig(function(err,config) { console.log(err,config);});cliConfig methodThis method is quite simple, it executes a command(s) in CLI Configuration mode and return the response in JS Object. You have to know that any configuration change in IOS XR is not effective unless it is committed!Example:c.cliConfig(‘username testuserngroup operatorn’,function(err,data) { console.log(err,data); c.commit();});cliExec methodExecutes a command(s) in CLI Exec mode and return the response in JS Object.c.cliExec(‘show interfaces’,function(err,data) { console.log(err,data?data.Response.CLI[0].Exec[0]);});commit methodCommit the current configuration.Example:c.commit(function(err,data) { console.log(err,data);});lock methodLocks the configuration mode.Example:c.lock(function(err,data) { console.log(err,data);});unlock methodUnlocks the configuration mode.Example:c.unlock(function(err,data) { console.log(err,data);});Configure Cisco IOS XR for XML agentTo configure IOS XR for remote XML configuration you have to:Ensure you have *mgbl*** package installed and activated! Without it you will have no xml agentcommands!Enable the XML agent with a similar configuration:xml agent vrf default ipv4 access-list SECUREACCESS ! ipv6 enable session timeout 10 iteration on size 100000!You can enable tty and/or ssl agents as well!(Keep in mind – full filtering of the XML access has to be done by the control-plane management-plane command! The XML interface does not use VTYs!)You have to ensure you have correctly configured aaa as the xml agent uses default method for both authentication and authorization and that cannot be changed (last verified with IOS XR 5.3).You have to have both aaa authentication and authorization. If authorization is not set (aaa authorization default local or none), you may not be able to log in. And you shall ensure that both the authentication and authorization share the same source (tacacs+ or local).The default agent port is 38751 for the default agent and 38752 for SSL.DebuggingThe module uses “debug” module to log its outputs. You can enable the debugging by having in your code something like:require(‘debug’).enable(‘ciscoxml’);Or setting DEBUG environment to ciscoxml before starting the Node.JS

Kernel Hackers Panel

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/projects/linuxcon-kernel-panel.html

At LinuxCon Europe/ELCE I had the chance to moderate the kernel hackers
panel with Linus Torvalds, Alan Cox, Paul McKenney and Thomas Gleixner on
stage
. I like to believe it went quite well, but check it out for yourself, as
a video recording is now available online:

For me personally I think the most notable topic covered was Control Groups,
and the clarification that they are something that is needed even though their
implementation right now is in many ways less than perfect. But in the end there is no
reasonable way around it, and much like SMP, technology that complicates things
substantially but is ultimately unavoidable.

Other videos from ELCE are online now, too.

Kernel Hackers Panel

Post Syndicated from Lennart Poettering original http://0pointer.net/blog/projects/linuxcon-kernel-panel.html

At LinuxCon Europe/ELCE I had the chance to moderate the kernel hackers
panel with Linus Torvalds, Alan Cox, Paul McKenney and Thomas Gleixner on
stage
. I like to believe it went quite well, but check it out for yourself, as
a video recording is now available online:

For me personally I think the most notable topic covered was Control Groups,
and the clarification that they are something that is needed even though their
implementation right now is in many ways less than perfect. But in the end there is no
reasonable way around it, and much like SMP, technology that complicates things
substantially but is ultimately unavoidable.

Other videos from ELCE are online now, too.