Tag Archives: flash

MariaDB 10.2 GA released with several advanced features

Post Syndicated from Michael "Monty" Widenius original http://monty-says.blogspot.com/2017/05/mariadb-102-ga-released-with-several.html

MariaDB 10.2.6 GA is now released. It’s a release where we have concentrated on adding new advanced features to MariaDB

The most noteworthy ones are:

  • Windows Functions gives you the ability to do advanced calculation over a sliding window.
  • Common table expressions allows you to do more complex SQL statements without having to do explicit temporary tables.
  • We finally have a DEFAULT clause that can take expressions and also CHECK CONSTRAINT.
  • Multiple triggers for the same event. This is important for anyone trying to use tools, like pt-online-schema-change, which requires multiple triggers for the same table.
  • A new storage engine, MyRocks, that gives you high compression of your data without sacrificing speed. It has been developed in cooperation with Facebook and MariaDB to allow you to handle more data with less resources.
  • flashback, a feature that can rollback instances/databases/tables to an old snapshot. The version in MariaDB 10.2 is DML only. In MariaDB 10.3 we will also allow rollback over DML (like DROP TABLE).
  • Compression of events in the binary log.
  • JSON functions added. In 10.2.7 we will also add support for CREATE TABLE … (a JSON).

A few smaller but still noteworthy new features:

  • Connection setup was made faster by moving creation of THD to a new thread. This, in addition with better thread caching, can give a connection speedup for up to 85 % in some cases.
  • Table cache can automatically partition itself as needed to reduce the contention.
  • NO PAD collations, which means that end space are significant in comparisons.
  • InnoDB is now the default storage engine. Until MariaDB 10.1, MariaDB used the XtraDB storage engine as default. XtraDB in 10.2 is not up to date with the latest features of InnoDB and cannot be used. The main reason for this change is that most of the important features of XtraDB are nowadays implemented in InnoDB . As the MariaDB team is doing a lot more InnoDB development than ever before, we can’t anymore manage updating two almost identical engines. The InnoDB version in MariaDB contains the best features of MySQL InnoDB and XtraDB and a lot more. As the InnoDB on disk format is identical to XtraDB’s this will not cause any problems when upgrading to MariaDB 10.2
  • The old GPL client library is gone; now MariaDB Server comes with the LGPL Connector/C client library.

There are a lot of other new features, performance enhancements and variables in MariaDB 10.2 for you to explore!

I am happy to see that a lot of the new features have come from the MariadB community! (Note to myself; This list doesn’t include all contributors to MariadB 10.2, needs to be update.)

Thanks a lot to everyone that has contributed to MariaDB!

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/723472/rss

Security updates have been issued by Arch Linux (fop), Debian (dropbear, icu, and openjdk-7), Fedora (chicken, cinnamon-settings-daemon, jbig2dec, libtirpc, sane-backends, and smb4k), Mageia (flash-player-plugin, vlc, and webmin), Oracle (libtirpc and rpcbind), Red Hat (kdelibs, libtirpc, rpcbind, and samba), and SUSE (kernel).

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/722464/rss

Security updates have been issued by Arch Linux (flashplugin, freetype2, ghostscript, kauth, kdelibs, lib32-flashplugin, lib32-freetype2, lib32-libtirpc, libtirpc, rpcbind, and smb4k), Debian (git, qemu-kvm, and tomcat7), Mageia (feh, kernel, lxterminal, and thunderbird), openSUSE (swftools), and SUSE (flash-player, qemu, and tomcat).

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/722356/rss

Security updates have been issued by CentOS (bind, java-1.7.0-openjdk, qemu-kvm, and thunderbird), Debian (git, libtirpc, lxterminal, radicale, rpcbind, and xen), Fedora (batik, java-1.8.0-openjdk-aarch32, kernel, pcre, and weechat), Gentoo (ffmpeg, firefox, libav, and thunderbird), Red Hat (flash-plugin, jasper, java-1.6.0-ibm, java-1.7.1-ibm, java-1.8.0-ibm, and qemu-kvm), Scientific Linux (jasper and qemu-kvm), and Ubuntu (apache2, batik, fop, freetype, and rtmpdump).

Looking at the Netgear Arlo home IP camera

Post Syndicated from Matthew Garrett original http://mjg59.dreamwidth.org/48215.html

Another in the series of looking at the security of IoT type objects. This time I’ve gone for the Arlo network connected cameras produced by Netgear, specifically the stock Arlo base system with a single camera. The base station is based on a Broadcom 5358 SoC with an 802.11n radio, along with a single Broadcom gigabit ethernet interface. Other than it only having a single ethernet port, this looks pretty much like a standard Netgear router. There’s a convenient unpopulated header on the board that turns out to be a serial console, so getting a shell is only a few minutes work.

Normal setup is straight forward. You plug the base station into a router, wait for all the lights to come on and then you visit arlo.netgear.com and follow the setup instructions – by this point the base station has connected to Netgear’s cloud service and you’re just associating it to your account. Security here is straightforward: you need to be coming from the same IP address as the Arlo. For most home users with NAT this works fine. I sat frustrated as it repeatedly failed to find any devices, before finally moving everything behind a backup router (my main network isn’t NATted) for initial setup. Once you and the Arlo are on the same IP address, the site shows you the base station’s serial number for confirmation and then you attach it to your account. Next step is adding cameras. Each base station is broadcasting an 802.11 network on the 2.4GHz spectrum. You connect a camera by pressing the sync button on the base station and then the sync button on the camera. The camera associates with the base station via WDS and now you’re up and running.

This is the point where I get bored and stop following instructions, but if you’re using a desktop browser (rather than using the mobile app) you appear to need Flash in order to actually see any of the camera footage. Bleah.

But back to the device itself. The first thing I traced was the initial device association. What I found was that once the device is associated with an account, it can’t be attached to another account. This is good – I can’t simply request that devices be rebound to my account from someone else’s. Further, while the serial number is displayed to the user to disambiguate between devices, it doesn’t seem to be what’s used internally. Tracing the logon traffic from the base station shows it sending a long random device ID along with an authentication token. If you perform a factory reset, these values are regenerated. The device to account mapping seems to be based on this random device ID, which means that once the device is reset and bound to another account there’s no way for the initial account owner to regain access (other than resetting it again and binding it back to their account). This is far better than many devices I’ve looked at.

Performing a factory reset also changes the WPA PSK for the camera network. Newsky Security discovered that doing so originally reset it to 12345678, which is, uh, suboptimal? That’s been fixed in newer firmware, along with their discovery that the original random password choice was not terribly random.

All communication from the base station to the cloud seems to be over SSL, and everything validates certificates properly. This also seems to be true for client communication with the cloud service – camera footage is streamed back over port 443 as well.

Most of the functionality of the base station is provided by two daemons, xagent and vzdaemon. xagent appears to be responsible for registering the device with the cloud service, while vzdaemon handles the camera side of things (including motion detection). All of this is running as root, so in the event of any kind of vulnerability the entire platform is owned. For such a single purpose device this isn’t really a big deal (the only sensitive data it has is the camera feed – if someone has access to that then root doesn’t really buy them anything else). They’re statically linked and stripped so I couldn’t be bothered spending any significant amount of time digging into them. In any case, they don’t expose any remotely accessible ports and only connect to services with verified SSL certificates. They’re probably not a big risk.

Other than the dependence on Flash, there’s nothing immediately concerning here. What is a little worrying is a family of daemons running on the device and listening to various high numbered UDP ports. These appear to be provided by Broadcom and a standard part of all their router platforms – they’re intended for handling various bits of wireless authentication. It’s not clear why they’re listening on 0.0.0.0 rather than 127.0.0.1, and it’s not obvious whether they’re vulnerable (they mostly appear to receive packets from the driver itself, process them and then stick packets back into the kernel so who knows what’s actually going on), but since you can’t set one of these devices up in the first place without it being behind a NAT gateway it’s unlikely to be of real concern to most users. On the other hand, the same daemons seem to be present on several Broadcom-based router platforms where they may end up being visible to the outside world. That’s probably investigation for another day, though.

Overall: pretty solid, frustrating to set up if your network doesn’t match their expectations, wouldn’t have grave concerns over having it on an appropriately firewalled network.

comment count unavailable comments

Jumping Airgaps with a Laser and a Scanner

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/04/jumping_airgaps.html

Researchers have configured two computers to talk to each other using a laser and a scanner.

Scanners work by detecting reflected light on their glass pane. The light creates a charge that the scanner translates into binary, which gets converted into an image. But scanners are sensitive to any changes of light in a room­ — even when paper is on the glass pane or when the light source is infrared — which changes the charges that get converted to binary. This means signals can be sent through the scanner by flashing light at its glass pane using either a visible light source or an infrared laser that is invisible to human eyes.

There are a couple of caveats to the attack — the malware to decode the signals has to already be installed on a system on the network, and the lid on the scanner has to be at least partially open to receive the light. It’s not unusual for workers to leave scanner lids open after using them, however, and an attacker could also pay a cleaning crew or other worker to leave the lid open at night.

The setup is that there’s malware on the computer connected to the scanner, and that computer isn’t on the Internet. This technique allows an attacker to communicate with that computer. For extra coolness, the laser can be mounted on a drone.

Here’s the paper. And two videos.

Security updates for Friday

Post Syndicated from jake original https://lwn.net/Articles/720634/rss

Security updates have been issued by CentOS (bind, firefox, java-1.8.0-openjdk, and nss and nss-util), Debian (icedove), Fedora (jenkins-xstream and xstream), Mageia (chromium-browser-stable, flash-player-plugin, gimp, and wireshark), openSUSE (gstreamer-0_10-plugins-base), Oracle (bind, firefox, java-1.8.0-openjdk, and nss and nss-util), Red Hat (firefox and java-1.8.0-openjdk), Scientific Linux (bind, firefox, nss and nss-util, and nss-util), SUSE (xen), and Ubuntu (bind9, curl, freetype, and qemu).

Halium is an Open Source Project Working Towards a Common Base for Non-Android Mobile Operating Systems

Post Syndicated from ris original https://lwn.net/Articles/720328/rss

The xda-developers blog looks
at
Project Halium. “This open-source project is trying to pool
developers from Ubuntu Touch ports, Sailfish OS community developers, the
open webOS Lune OS project, and KDE Plasma Mobile contributors, among other
developers (Jolla, we suspect) to put an end to the fragmentation seen in
their respective project’s lower-level base. Currently, Ubuntu Touch,
Sailfish OS/Mer, Plasma Mobile, and others use different Android source
trees and methods for differently-built stacks. This leads to a lot of
fragmentation among the most popular non-Android, GNU/Linux-based mobile OS
projects in their use of the Android source tree, how the Android init is
started, and how images are flashed to the device. Many of these projects
essentially do the same job, but in a different way.
” The goal of
Halium is to work towards a common Linux base, which can be used by
all of these different projects.

A live-streaming Raspberry Pi nest cam: your essential Easter Monday viewing

Post Syndicated from Helen Lynn original https://www.raspberrypi.org/blog/live-streaming-raspberry-pi-nest-cam/

It’s Easter Monday, a public holiday here in the UK, and Pi Towers is still and silent. Even the continuous flight augering piler on the massive building site next door is, for a time, quiet. So here is the briefest of posts, to share with you a Raspberry Pi cam live-streaming from a blue tit nest in Alan McCullagh‘s parents’ garden in Kilkenny, Ireland. You’ll need to have Flash installed to watch.

BirdBoxKK1

BirdBoxKK1 @ USTREAM: . Birds

The eggs are expected to hatch 14 days after the last laid egg, and the mother was still laying on Thursday, so check in towards the end of the month to catch a first glimpse of the chicks. Alan’s set-up is based on our Infrared Bird Box learning resource; tell us in the comments if you’ve made something similar, or if you plan to.

The post A live-streaming Raspberry Pi nest cam: your essential Easter Monday viewing appeared first on Raspberry Pi.

An affordable ocular fundus camera

Post Syndicated from Helen Lynn original https://www.raspberrypi.org/blog/an-affordable-ocular-fundus-camera/

The ocular fundus is the interior surface of the eye, and an ophthalmologist can learn a lot about a patient’s health by examining it. However, there’s a problem: an ocular fundus camera can’t capture a useful image unless the eye is brightly lit, but this makes the pupil constrict, obstructing the camera’s view. Ophthalmologists use pupil-dilating eye drops to block the eye’s response to light, but these are uncomfortable and can cause blurred vision for several hours. Now, researchers at the University of Illinois at Chicago have built a Raspberry Pi-based fundus camera that can take photos of the retina without the need for eye drops.

Dr Bailey Shen and co-author Dr Shizuo Mukai made their camera with a Raspberry Pi 2 and a Pi NoIR Camera Module, a version of the Camera Module that does not have an infrared filter. They used a small LCD touchscreen display and a lithium battery, holding the ensemble together with tape and rubber bands. They also connected a button and a dual infrared/white light LED to the Raspberry Pi’s GPIO pins.

When the Raspberry Pi boots, a Python script turns on the infrared illumination from the LED and displays the camera view on the screen. The iris does not respond to infrared light, so in a darkened room the operator is able to position the camera and a separate condensing lens to produce a clear image of the patient’s fundus. When they’re satisfied with the image, the operator presses the button. This turns off the infrared light, produces a flash of white light, and captures a colour image of the fundus before the iris can respond and constrict the pupil.

This isn’t the first ocular fundus camera to use infrared/white light to focus and obtain images without eye drops, but it is less bulky and distinctly cheaper than existing equipment, which can cost thousands of dollars. The total cost of all the parts is $185, and all but one are available as off-the-shelf components. The exception is the dual infrared/white light LED, a prototype which the researchers explain is a critical part of the equipment. Using an infrared LED and a white LED side by side doesn’t yield consistent results. We’d be glad to see the LED available on the market, both to support this particular application, and because we bet there are plenty of other builds that could use one!

Read more in Science Daily, in an article exploring the background to the project. The article is based on the researchers’ recent paper, presenting the Raspberry Pi ocular fundus camera in the Journal of Ophthalmology. The journal is an open access publication, so if you think this build is as interesting as I do, I encourage you to read the researchers’ presentation of their work, its possibilities and its limitations. They also provide step-by-step instructions and a parts list to help others to replicate and build on their work.

It’s beyond brilliant to see researchers and engineers using the Raspberry Pi to make medical and scientific work cheaper and more accessible. Please tell us about your favourite applications, or the applications you’d develop in your fantasy lab or clinic, in the comments.

The post An affordable ocular fundus camera appeared first on Raspberry Pi.

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/719967/rss

Security updates have been issued by CentOS (389-ds-base, httpd, kernel, libreoffice, tomcat, and util-linux), Fedora (libpng15, php-horde-Horde-Crypt, and python-sleekxmpp), openSUSE (gimp, lxc, and phpMyAdmin), Oracle (389-ds-base, httpd, kernel, libreoffice, tomcat, and util-linux), Red Hat (389-ds-base, flash-plugin, httpd, libreoffice, python-defusedxml and python-pysaml2, tomcat, and util-linux), Scientific Linux (389-ds-base, httpd, kernel, libreoffice, tomcat, and util-linux), and SUSE (bind and flash-player).

I can haz pet-themed resources?

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/pet-themed-resources/

A friend of mine’s cat had kittens this week. So, in honour of their fluffy, cute little gorgeous fuzz-faces, here are some pet-themed resources for you to build for your furry (or feathery) best friend.

Cat Meme Generator

Raspberry Pi pet-themed resources

Everybody loves a good meme. With the right combination of image and text, they can be both relatable and hilarious. There may be many meme-generating apps online, but why bother with them when you can build your own?

Our Cat Meme Generator teaches you how to write functions in JavaScript, how to use JavaScript to manipulate input by a user, and how to use oninput and onchange to make things happen live on a web page in response to user actions.

So grab your camera, take some photos of your favourite pet, and share their exploits with friends and family.

Hamster Party Cam

Hamster Party Cam Raspberry Pi pet-themed resources

The Hamster Party Cam shows you how to turn a hamster wheel into a trigger switch to activate a program, how to write a Python program to take pictures and store them, and how to write a function that makes LED lights flash and play a song. In other words, it teaches you how to pimp your hamster’s cage into THE place to be!

Disclaimer: adding lights and music to the party can be fun, but remember that this may scare hamsters of a shy disposition. As a hamster owner, you have a duty to consider the wellbeing of your pet. Check out the RSPCA Hamster Guide to learn more.

Infrared Bird Box

Infrared Bird Box Raspberry Pi pet-themed resources

We see a lot of infrared nature cams online, and we love to check out the photos and videos that makers share. From wild animals in the garden to chicks hatching in bird boxes, we’ve enjoyed them all.

Building an infrared bird box using the Raspberry Pi NOIR Camera Module and infrared LEDs will allow you and your family to spy on the wonders of nature without disturbing the feathered visitors to your garden.

Expanding on our pet-themed resources

Once you’ve built our fun pet-themed projects, it’s time to take the skills you’ve learned and build on them.

How about using the Raspberry Pi Camera Module to take a photo of your pet from which to create a meme image? You can learn more about getting started with the Camera Module here.

Why not try setting up your bird box to stream footage directly to the internet, so you can keep up to date when you are away from home?

Even if you don’t own a hamster, you can still use the skills in the Hamster Party Cam resource to create switches around the home. So try finding other things that move or spin, like doors and paper windmills, and see what you can hack!

Here at the Raspberry Pi Foundation, we take great pride in the wonderful free resources we produce for you to use in classes, at home, and in coding clubs. We publish them under a Creative Commons licence, and they’re an excellent way to develop your digital-making skills.

The post I can haz pet-themed resources? appeared first on Raspberry Pi.

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/718173/rss

Security updates have been issued by Debian (apt-cacher, jbig2dec, libplist, python3.2, tnef, and xrdp), Fedora (firefox, mbedtls, and sane-backends), Mageia (flash-player-plugin, freetype2, glibc, kernel, kernel-linus, kernel-tmb, libquicktime, libwmf, and tnef), and Ubuntu (thunderbird).

How To Back Up Your Flickr Library

Post Syndicated from Peter Cohen original https://www.backblaze.com/blog/how-to-backup-your-flickr-library/

Download Your Flickr Library

Flickr is a popular photo blogging service used by pro and amateur photographers alike. Flickr helps you archive your photos in the cloud and share them publicly with others. What happens when Flickr is the only place you can find your photos, though?

I hadn’t thought that much of that contingency. I’ve been a Flickr user since the pre-Yahoo days – 2004. I recently took stock of all the photos I’d uploaded to Flickr and realized something unsettling: I didn’t have some of these images on my Mac. It’s been 13 years and probably half a dozen computers since then, so I wasn’t surprised that some photos had fallen through the cracks.

I decided to be better safe than sorry. I set out to backup my entire Flickr library to make sure I had everything. And I’m here to pass along what I learned.

Flickr’s Bulk Downloader

Most of Flickr’s workflow – and most of their supported apps – focus on getting images into Flickr, not out of Flickr. That doesn’t mean you can’t download images from Flickr, but it isn’t straightforward.

Flickr Bulk Downloader

Flickr includes a bulk downloader that activates as soon as you selected images in your Camera Roll. Click on the Download button, and Flickr will compress the images into a ZIP file, then download them to your computer.

Flickr’s bulk downloader has the advantage of being free and built into the service. Unfortunately, Flickr’s developers haven’t made it seamless to use. You can only select individual images or groups of photos at a time. So if you’d like to select your entire library – in my case, over 8,000 photos – it’ll take a long time to choose them all. I haven’t found an easier way using Flickr’s downloader yet.

Where Flickr’s downloading tool is terrific, though, is if you just need a few of your images back. If you’re trying to get back individual photos or galleries you might be missing, this is going to be the path of least resistance.

Third-party apps

Some third-party app makers have tapped into Flickr’s API to create various import and export services and apps.

Bulkr is one such app. The app, free to download, lets you download images from your Flickr library with the touch of a button. It’s dependent on Adobe Flash and requires Adobe AIR. Some features are unavailable unless you pay for the “Pro” version ($29).

Bulkr

Flickr downloadr is another free app that lets you download your Flickr library. It also works on Mac, Windows and Linux systems. No license encumbrances to download extra content – it’s released as open source.

Flickr Downloadr

I’ve tried them both on my library of over 8,000 images. In either case, I just set up the apps and let them run – they took a while, a couple of hours to grab everything. So if you’re working with a large archive of Flickr images, I’d recommend setting aside some time when you can leave your computer running.

What To Do With Your Flickr Images

You’ve downloaded the images to your local hard drive. What next? Catalog what you have. Both Macs and PCs include such software. The apps for each platform are both called “Photos.” They have the benefit of being free, built-in, and well-supported using existing tools and workflows.

If the Photos apps included with your computer don’t suit you, there are other commercial app options. Adobe Photoshop Lightroom is one of the more popular options that work with both Macs and Windows PCs. It’s included with Adobe’s $9.99 per month Creative Cloud Photography subscription (bundled with Photoshop), or you can buy it separately for $149.

Archive Your Backup

Now that you’ve downloaded all of your Flickr images, make sure they’re safe by backing them up. Back them up locally using Time Machine (on the Mac), Windows Backup or whatever means you prefer.

Even though you’ve gotten the images from the cloud by downloading them from Flickr, it’d be a good idea to store a backup copy offsite just in case. That’s keeping with the guidelines of the 3-2-1 Backup Strategy – a solid way to make sure that nothing bad can happen to your data.

Backblaze is a great option, of course, but the main thing is to make sure your photos are safe and sound. If anything happens to your computer or your local backup, you’ll still have a copy of those precious memories stored securely.

Need more tips on how to back up your computer? Check out our Computer Backup Guide for more details.

The post How To Back Up Your Flickr Library appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Security updates for Monday

Post Syndicated from ris original https://lwn.net/Articles/717588/rss

Security updates have been issued by Arch Linux (firefox, mbedtls, and wordpress), CentOS (firefox, openjpeg, and tomcat6), Debian (deluge, ioquake3, r-base, and wireshark), Fedora (qemu, rabbitmq-server, and sscg), Gentoo (adobe-flash, openoffice-bin, and putty), openSUSE (Chromium, irssi, putty, and roundcubemail), Oracle (firefox and openjpeg), Red Hat (firefox and openjpeg), Scientific Linux (firefox and openjpeg), and SUSE (firefox).

NeoPixel Temperature Stair Lights

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/neopixel-temperature-stair-lights/

Following a post-Christmas decision to keep illuminated decorations on her stairway bannister throughout the year, Lorraine Underwood found a new purpose for a strip of NeoPixels she had lying around.

Lorraine Underwood on Twitter

Changed the stair lights from a string to a strip & they look awesome! #neopixel #raspberrypi https://t.co/dksLwy1SE1

Simply running the lights up the stairs, blinking and flashing to a random code, wasn’t enough for her. By using an API to check the outdoor weather, Lorraine’s lights went from decorative to informative: they now give an indication of outside weather conditions through their colour and the quantity illuminated.

“The idea is that more lights will light up as it gets warmer,” Lorraine explains. “The temperature is checked every five minutes (I think that may even be a little too often). I am looking forward to walking downstairs to a nice warm yellow light instead of the current blue!”

In total, Lorraine had 240 lights in the strip; she created a chart indicating a range of outside temperatures and the quantity of lights which for each value, as well as specifying the colour of those lights, running from chilly blue through to scorching red.

Lorraine Underwood Neopixel stair way lights

Oh, Lorraine! We love your optimistic dreams of the British summer being more than its usual rainy 16 Celsius…

The lights are controlled by a Raspberry Pi Zero running a code that can be found on Lorraine’s blog. The code dictates which lights are lit and when.

Lorraine Underwood Neopixel stair way lights

“Do I need a coat today? I’ll check the stairs.”

Lorraine is planning some future additions to the build, including a toddler-proof 3D housing, powering the Zero from the lights’ power supply, and gathering her own temperature data instead of relying on a third-party API.

While gathering the temperature data from outside her house, she may also want to look into building an entire weather station, collecting extra data on rain, humidity, and wind conditions. After all, this is the UK: just because it’s hot outside, it doesn’t mean it’s not also raining.

The post NeoPixel Temperature Stair Lights appeared first on Raspberry Pi.

Security updates for Thursday

Post Syndicated from jake original https://lwn.net/Articles/717368/rss

Security updates have been issued by CentOS (thunderbird), Fedora (ettercap, jasper, qbittorrent, and tcpreplay), Oracle (tomcat6), Red Hat (rabbitmq-server), Slackware (pidgin), SUSE (flash-player), and Ubuntu (libxml2, linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon, and linux-lts-xenial).

eBook Pirates Are Relatively Old and Wealthy, Study Finds

Post Syndicated from Andy original https://torrentfreak.com/wealthy-older-people-more-likely-to-pirate-ebooks-study-finds-170316/

In 2017, people can download any digital content they like from the Internet, but that’s still most likely to be movies, TV shows and music. Bubbling underneath, however, is a steady demand for pirated eBooks.

Ebooks are relatively cheap when compared to other digital content, but their handy file size and ubiquity ensures that millions of titles are just a few convenient clicks away.

A new study, commissioned by anti-piracy company Digimarc and conducted by Nielsen, aims to shine light on eBook piracy. It was presented yesterday at The London Book Fair and aims to better understand how eBook piracy affects revenue and how publishers can prevent it.

In previous studies, it has been younger downloaders that have grabbed much of the attention, and this one is no different. Digimarc reveals that 41% of all adult pirates are aged between 18 and 29 but perhaps surprisingly, 47% fall into the 30 to 44-year-old bracket. At this point, things tail off very quickly, as the remaining ~13% are aged 45 or up.

There are also some surprises when it comes to pirates’ income. Cost is often cited as a factor when justifying downloading for free, and this study has similar findings. In this case, however, richer persons are generally more likely they are to download.

Around 13% of pirates have an annual household income of under $30k, with those earning between $30k and $59k making up 19% of the total. At this point there is a sizeable leap, with 36% of pirates claiming to earn between $60k and $99k per annum. Around 29% make more than $100k a year.

Overall, the majority of illegal downloaders are relatively well-educated, with more than 70% having either graduated from college or in possession of a post graduate degree.

Taken together, this means that e-book pirates are often older wealthy people with a good education, which is probably close to the profile of the average ebook reader.

Also of interest are the methods used by pirates to obtain their eBook fix. Sharing joint top position with 31% are public torrent sites (such as The Pirate Bay) and cyberlocker sources such as 4shared or Uploaded.

These relatively high-tech solutions are closely followed by 30% who swap eBooks with friends using instant messaging, email or even flash drives. Just over a quarter acquire eBooks from places such as eBay, with an equal 27% obtaining from friends using services such as Dropbox.

Given the majority of pirates’ ability to pay, it comes as no surprise that convenience is the number one driver for people obtaining content from torrent sites. Cost still takes the number two position but a not inconsiderable four out of ten still believe that online retailers are lacking when it comes to content availability.

Nevertheless, plenty of pirates still frequent legal resources.

42% said that they buy eBooks from online platforms including Amazon and iTunes, with 32% going directly to the publishers’ own websites. Just shy of 30% access eBooks using a monthly subscription account such as Amazon Unlimited, while around a quarter frequent out-of-copyright resources including Gutenberg.org.

Part of Digimarc’s job is to help clients reduce the prevalence of illegal downloading and the study provides some pointers in that area too. The main takeaway is that if pirates can be convinced that their equipment is at risk from piracy (a common strategy lately), then a majority would reconsider to some degree.

A total of 49% said they would be ‘much less’ likely to download if that was the case, with 34% indicating they would be ‘somewhat’ less likely to do so. 18% indicated they wouldn’t change their habits at all. Similar numbers said the same about the risk of being caught, figures that drop only slightly when pirates are confronted with potential harm done to authors.

Finally, Digimarc has a stab at some market estimates. The company concludes that around 22% of eBook consumers pirate, taking away around 33% of the market at a cost of $315m.

“When it comes to book piracy, you can’t prevent what you can’t predict. This is the challenge for publishers as they grapple with preventing illegal piracy,” says Devon Weston, director, market development, Digimarc Guardian.

“Our new Nielsen data makes it clear these pirates don’t fit a typical criminal profile. They access digital content from a vast universe of web pages, social platforms and file sharing portals. Our aim is to break down the problem for publishers and help them develop an effective prevention strategy.”

The full study can be downloaded here or here (pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Security updates for Wednesday

Post Syndicated from ris original https://lwn.net/Articles/717250/rss

Security updates have been issued by Arch Linux (flashplugin, jasper, kernel, lib32-flashplugin, and roundcubemail), Debian (chromium-browser and mariadb-10.0), Fedora (ettercap), openSUSE (firefox, mozilla-nss and thunderbird), Oracle (thunderbird), Red Hat (flash-plugin, kernel, policycoreutils, rabbitmq-server, and tomcat6), Scientific Linux (tomcat6), and Ubuntu (imagemagick).