Tag Archives: nature

GnuTLS 3.6.0 released

Post Syndicated from corbet original https://lwn.net/Articles/731694/rss

Version 3.6.0 of the GnuTls TLS library is out. For details on this
release, see this overview.
In short, this release introduces a new lock-free random generator
and adds new TLS extensions shared by both TLS 1.2 and 1.3, such as Finite
Field Diffie Hellman negotiation, Ed25519 and RSA-PSS signatures. These
additions modernize the current TLS 1.2 support and pave the way for TLS
1.3 support in the library. Furthermore, tlsfuzzer is introduced in our
continuous integration test suite. Tlsfuzzer, is a meticulous TLS test
suite, which tests the behavior of the implementation on various corner
(and not) cases, and acts complementary to the internal GnuTLS test suite
and its unit testing.

Hunting for life on Mars assisted by high-altitude balloons

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/eclipse-high-altitude-balloons/

Will bacteria-laden high-altitude balloons help us find life on Mars? Today’s eclipse should bring us closer to an answer.

NASA Bacteria Balloons Raspberry Pi HAB Life on Mars

image c/o NASA / Ames Research Center / Tristan Caro

The Eclipse Ballooning Project

Having learned of the Eclipse Ballooning Project set to take place today across the USA, a team at NASA couldn’t miss the opportunity to harness the high-flying project for their own experiments.

NASA Bacteria Balloons Raspberry Pi HAB Life on Mars

The Eclipse Ballooning Project invited students across the USA to aid in the launch of 50+ high-altitude balloons during today’s eclipse. Each balloon is equipped with its own Raspberry Pi and camera for data collection and live video-streaming.

High-altitude ballooning, or HAB as it’s often referred to, has become a popular activity within the Raspberry Pi community. The lightweight nature of the device allows for high ascent, and its Camera Module enables instant visual content collection.

Life on Mars

image c/o Montana State University

The Eclipse Ballooning Project team, headed by Angela Des Jardins of Montana State University, was contacted by Jim Green, Director of Planetary Science at NASA, who hoped to piggyback on the project to run tests on bacteria in the Mars-like conditions the balloons would encounter near space.

Into the stratosphere

At around -35 degrees Fahrenheit, with thinner air and harsher ultraviolet radiation, the conditions in the upper part of the earth’s stratosphere are comparable to those on the surface of Mars. And during the eclipse, the moon will block some UV rays, making the environment in our stratosphere even more similar to the martian oneideal for NASA’s experiment.

So the students taking part in the Eclipse Ballooning Project could help the scientists out, NASA sent them some small metal tags.

NASA Bacteria Balloons Raspberry Pi HAB Life on Mars

These tags contain samples of a kind of bacterium known as Paenibacillus xerothermodurans. Upon their return to ground, the bacteria will be tested to see whether and how the high-altitude conditions affected them.

Life on Mars

Paenibacillus xerothermodurans is one of the most resilient bacterial species we know. The team at NASA wants to discover how the bacteria react to their flight in order to learn more about whether life on Mars could possibly exist. If the low temperature, UV rays, and air conditions cause the bacteria to mutate or indeed die, we can be pretty sure that the existence of living organisms on the surface of Mars is very unlikely.

Life on Mars

What happens to the bacteria on the spacecraft and rovers we send to space? This experiment should provide some answers.

The eclipse

If you’re in the US, you might have a chance to witness the full solar eclipse today. And if you’re planning to watch, please make sure to take all precautionary measures. In a nutshell, don’t look directly at the sun. Not today, not ever.

If you’re in the UK, you can observe a partial eclipse, if the clouds decide to vanish. And again, take note of safety measures so you don’t damage your eyes.

Life on Mars

You can also watch a live-stream of the eclipse via the NASA website.

If you’ve created an eclipse-viewing Raspberry Pi project, make sure to share it with us. And while we’re talking about eclipses and balloons, check here for our coverage of the 2015 balloon launches coinciding with the UK’s partial eclipse.

The post Hunting for life on Mars assisted by high-altitude balloons appeared first on Raspberry Pi.

Announcing the Winners of the AWS Chatbot Challenge – Conversational, Intelligent Chatbots using Amazon Lex and AWS Lambda

Post Syndicated from Tara Walker original https://aws.amazon.com/blogs/aws/announcing-the-winners-of-the-aws-chatbot-challenge-conversational-intelligent-chatbots-using-amazon-lex-and-aws-lambda/

A couple of months ago on the blog, I announced the AWS Chatbot Challenge in conjunction with Slack. The AWS Chatbot Challenge was an opportunity to build a unique chatbot that helped to solve a problem or that would add value for its prospective users. The mission was to build a conversational, natural language chatbot using Amazon Lex and leverage Lex’s integration with AWS Lambda to execute logic or data processing on the backend.

I know that you all have been anxiously waiting to hear announcements of who were the winners of the AWS Chatbot Challenge as much as I was. Well wait no longer, the winners of the AWS Chatbot Challenge have been decided.

May I have the Envelope Please? (The Trumpets sound)

The winners of the AWS Chatbot Challenge are:

  • First Place: BuildFax Counts by Joe Emison
  • Second Place: Hubsy by Andrew Riess, Andrew Puch, and John Wetzel
  • Third Place: PFMBot by Benny Leong and his team from MoneyLion.
  • Large Organization Winner: ADP Payroll Innovation Bot by Eric Liu, Jiaxing Yan, and Fan Yang

 

Diving into the Winning Chatbot Projects

Let’s take a walkthrough of the details for each of the winning projects to get a view of what made these chatbots distinctive, as well as, learn more about the technologies used to implement the chatbot solution.

 

BuildFax Counts by Joe Emison

The BuildFax Counts bot was created as a real solution for the BuildFax company to decrease the amount the time that sales and marketing teams can get answers on permits or properties with permits meet certain criteria.

BuildFax, a company co-founded by bot developer Joe Emison, has the only national database of building permits, which updates data from approximately half of the United States on a monthly basis. In order to accommodate the many requests that come in from the sales and marketing team regarding permit information, BuildFax has a technical sales support team that fulfills these requests sent to a ticketing system by manually writing SQL queries that run across the shards of the BuildFax databases. Since there are a large number of requests received by the internal sales support team and due to the manual nature of setting up the queries, it may take several days for getting the sales and marketing teams to receive an answer.

The BuildFax Counts chatbot solves this problem by taking the permit inquiry that would normally be sent into a ticket from the sales and marketing team, as input from Slack to the chatbot. Once the inquiry is submitted into Slack, a query executes and the inquiry results are returned immediately.

Joe built this solution by first creating a nightly export of the data in their BuildFax MySQL RDS database to CSV files that are stored in Amazon S3. From the exported CSV files, an Amazon Athena table was created in order to run quick and efficient queries on the data. He then used Amazon Lex to create a bot to handle the common questions and criteria that may be asked by the sales and marketing teams when seeking data from the BuildFax database by modeling the language used from the BuildFax ticketing system. He added several different sample utterances and slot types; both custom and Lex provided, in order to correctly parse every question and criteria combination that could be received from an inquiry.  Using Lambda, Joe created a Javascript Lambda function that receives information from the Lex intent and used it to build a SQL statement that runs against the aforementioned Athena database using the AWS SDK for JavaScript in Node.js library to return inquiry count result and SQL statement used.

The BuildFax Counts bot is used today for the BuildFax sales and marketing team to get back data on inquiries immediately that previously took up to a week to receive results.

Not only is BuildFax Counts bot our 1st place winner and wonderful solution, but its creator, Joe Emison, is a great guy.  Joe has opted to donate his prize; the $5,000 cash, the $2,500 in AWS Credits, and one re:Invent ticket to the Black Girls Code organization. I must say, you rock Joe for helping these kids get access and exposure to technology.

 

Hubsy by Andrew Riess, Andrew Puch, and John Wetzel

Hubsy bot was created to redefine and personalize the way users traditionally manage their HubSpot account. HubSpot is a SaaS system providing marketing, sales, and CRM software. Hubsy allows users of HubSpot to create engagements and log engagements with customers, provide sales teams with deals status, and retrieves client contact information quickly. Hubsy uses Amazon Lex’s conversational interface to execute commands from the HubSpot API so that users can gain insights, store and retrieve data, and manage tasks directly from Facebook, Slack, or Alexa.

In order to implement the Hubsy chatbot, Andrew and the team members used AWS Lambda to create a Lambda function with Node.js to parse the users request and call the HubSpot API, which will fulfill the initial request or return back to the user asking for more information. Terraform was used to automatically setup and update Lambda, CloudWatch logs, as well as, IAM profiles. Amazon Lex was used to build the conversational piece of the bot, which creates the utterances that a person on a sales team would likely say when seeking information from HubSpot. To integrate with Alexa, the Amazon Alexa skill builder was used to create an Alexa skill which was tested on an Echo Dot. Cloudwatch Logs are used to log the Lambda function information to CloudWatch in order to debug different parts of the Lex intents. In order to validate the code before the Terraform deployment, ESLint was additionally used to ensure the code was linted and proper development standards were followed.

 

PFMBot by Benny Leong and his team from MoneyLion

PFMBot, Personal Finance Management Bot,  is a bot to be used with the MoneyLion finance group which offers customers online financial products; loans, credit monitoring, and free credit score service to improve the financial health of their customers. Once a user signs up an account on the MoneyLion app or website, the user has the option to link their bank accounts with the MoneyLion APIs. Once the bank account is linked to the APIs, the user will be able to login to their MoneyLion account and start having a conversation with the PFMBot based on their bank account information.

The PFMBot UI has a web interface built with using Javascript integration. The chatbot was created using Amazon Lex to build utterances based on the possible inquiries about the user’s MoneyLion bank account. PFMBot uses the Lex built-in AMAZON slots and parsed and converted the values from the built-in slots to pass to AWS Lambda. The AWS Lambda functions interacting with Amazon Lex are Java-based Lambda functions which call the MoneyLion Java-based internal APIs running on Spring Boot. These APIs obtain account data and related bank account information from the MoneyLion MySQL Database.

 

ADP Payroll Innovation Bot by Eric Liu, Jiaxing Yan, and Fan Yang

ADP PI (Payroll Innovation) bot is designed to help employees of ADP customers easily review their own payroll details and compare different payroll data by just asking the bot for results. The ADP PI Bot additionally offers issue reporting functionality for employees to report payroll issues and aids HR managers in quickly receiving and organizing any reported payroll issues.

The ADP Payroll Innovation bot is an ecosystem for the ADP payroll consisting of two chatbots, which includes ADP PI Bot for external clients (employees and HR managers), and ADP PI DevOps Bot for internal ADP DevOps team.


The architecture for the ADP PI DevOps bot is different architecture from the ADP PI bot shown above as it is deployed internally to ADP. The ADP PI DevOps bot allows input from both Slack and Alexa. When input comes into Slack, Slack sends the request to Lex for it to process the utterance. Lex then calls the Lambda backend, which obtains ADP data sitting in the ADP VPC running within an Amazon VPC. When input comes in from Alexa, a Lambda function is called that also obtains data from the ADP VPC running on AWS.

The architecture for the ADP PI bot consists of users entering in requests and/or entering issues via Slack. When requests/issues are entered via Slack, the Slack APIs communicate via Amazon API Gateway to AWS Lambda. The Lambda function either writes data into one of the Amazon DynamoDB databases for recording issues and/or sending issues or it sends the request to Lex. When sending issues, DynamoDB integrates with Trello to keep HR Managers abreast of the escalated issues. Once the request data is sent from Lambda to Lex, Lex processes the utterance and calls another Lambda function that integrates with the ADP API and it calls ADP data from within the ADP VPC, which runs on Amazon Virtual Private Cloud (VPC).

Python and Node.js were the chosen languages for the development of the bots.

The ADP PI bot ecosystem has the following functional groupings:

Employee Functionality

  • Summarize Payrolls
  • Compare Payrolls
  • Escalate Issues
  • Evolve PI Bot

HR Manager Functionality

  • Bot Management
  • Audit and Feedback

DevOps Functionality

  • Reduce call volume in service centers (ADP PI Bot).
  • Track issues and generate reports (ADP PI Bot).
  • Monitor jobs for various environment (ADP PI DevOps Bot)
  • View job dashboards (ADP PI DevOps Bot)
  • Query job details (ADP PI DevOps Bot)

 

Summary

Let’s all wish all the winners of the AWS Chatbot Challenge hearty congratulations on their excellent projects.

You can review more details on the winning projects, as well as, all of the submissions to the AWS Chatbot Challenge at: https://awschatbot2017.devpost.com/submissions. If you are curious on the details of Chatbot challenge contest including resources, rules, prizes, and judges, you can review the original challenge website here:  https://awschatbot2017.devpost.com/.

Hopefully, you are just as inspired as I am to build your own chatbot using Lex and Lambda. For more information, take a look at the Amazon Lex developer guide or the AWS AI blog on Building Better Bots Using Amazon Lex (Part 1)

Chat with you soon!

Tara

Announcement: IPS code

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/08/announcement-ips-code.html

So after 20 years, IBM is killing off my BlackICE code created in April 1998. So it’s time that I rewrite it.

BlackICE was the first “inline” intrusion-detection system, aka. an “intrusion prevention system” or IPS. ISS purchased my company in 2001 and replaced their RealSecure engine with it, and later renamed it Proventia. Then IBM purchased ISS in 2006. Now, they are formally canceling the project and moving customers onto Cisco’s products, which are based on Snort.

So now is a good time to write a replacement. The reason is that BlackICE worked fundamentally differently than Snort, using protocol analysis rather than pattern-matching. In this way, it worked more like Bro than Snort. The biggest benefit of protocol-analysis is speed, making it many times faster than Snort. The second benefit is better detection ability, as I describe in this post on Heartbleed.

So my plan is to create a new project. I’ll be checking in the starter bits into GitHub starting a couple weeks from now. I need to figure out a new name for the project, so I don’t have to rip off a name from William Gibson like I did last time :).

Some notes:

  • Yes, it’ll be GNU open source. I’m a capitalist, so I’ll earn money like snort/nmap dual-licensing it, charging companies who don’t want to open-source their addons. All capitalists GNU license their code.
  • C, not Rust. Sorry, I’m going for extreme scalability. We’ll re-visit this decision later when looking at building protocol parsers.
  • It’ll be 95% compatible with Snort signatures. Their language definition leaves so much ambiguous it’ll be hard to be 100% compatible.
  • It’ll support Snort output as well, though really, Snort’s events suck.
  • Protocol parsers in Lua, so you can use it as a replacement for Bro, writing parsers to extract data you are interested in.
  • Protocol state machine parsers in C, like you see in my Masscan project for X.509.
  • First version IDS only. These days, “inline” means also being able to MitM the SSL stack, so I’m gong to have to think harder on that.
  • Mutli-core worker threads off PF_RING/DPDK/netmap receive queues. Should handle 10gbps, tracking 10 million concurrent connections, with quad-core CPU.
So if you want to contribute to the project, here’s what I need:
  • Requirements from people who work daily with IDS/IPS today. I need you to write up what your products do well that you really like. I need to you write up what they suck at that needs to be fixed. These need to be in some detail.
  • Testing environment to play with. This means having a small server plugged into a real-world link running at a minimum of several gigabits-per-second available for the next year. I’ll sign NDAs related to the data I might see on the network.
  • Coders. I’ll be doing the basic architecture, but protocol parsers, output plugins, etc. will need work. Code will be in C and Lua for the near term. Unfortunately, since I’m going to dual-license, I’ll need waivers before accepting pull requests.
Anyway, follow me on Twitter @erratarob if you want to contribute.

Roku Gets Tough on Pirate Channels, Warns Users

Post Syndicated from Ernesto original https://torrentfreak.com/roku-gets-tough-on-pirate-channels-warns-users-170815/

In recent years it has become much easier to stream movies and TV-shows over the Internet.

Legal services such as Netflix and HBO are flourishing, but there’s also a darker side to this streaming epidemic. Millions of people are streaming from unauthorized sources, often paired with perfectly legal streaming platforms and devices.

Hollywood insiders have dubbed this trend “Piracy 3.0” are actively working with stakeholders to address the threat. One of the companies rightsholders are working with is Roku, known for its easy-to-use media players.

Earlier this year Roku was harshly confronted with this new piracy crackdown when a Mexican court ordered local retailers to take its media player off the shelves. While this legal battle isn’t over yet, it was clear to Roku that misuse of its platform wasn’t without consequences.

While Roku never permitted any infringing content, it appears that the company has recently made some adjustments to better deal with the problem, or at least clarify its stance.

Pirate content generally doesn’t show up in the official Roku Channel Store but is directly loaded onto the device through third-party “private” channels. A few weeks ago, Roku renamed these “private” channels to “non-certified” channels, while making it very clear that copyright infringement is not allowed.

A “WARNING!” message that pops up during the installation of these third-party channels stresses that Roku has no control over the content. In addition, the company notes that these channels may be removed if it links to copyright infringing content.

Roku Warning

“By continuing, you acknowledge you are accessing a non-certified channel that may include content that is offensive or inappropriate for some audiences,” Roku’s warning reads.

“Moreover, if Roku determines that this channel violates copyright, contains illegal content, or otherwise violates Roku’s terms and conditions, then ROKU MAY REMOVE THIS CHANNEL WITHOUT PRIOR NOTICE.”

TorrentFreak reached out to Roku to find out how they plan to enforce this policy, but we have yet to hear back. According to Cord Cutters News, several piracy channels have already been removed recently, with other developers opting to leave the platform.

Roku’s General Counsel Steve Kay previously informed us that the company is taking the piracy problem seriously. Together with various stakeholders, they are working hard to address the problem.

“We actively work to prevent third-parties from using our platform to distribute copyright infringing content. Moreover, we have been actively working with other industry stakeholders on a wide range of anti-piracy initiatives,” Kay said.

Roku is not the only platform dealing with the piracy epidemic, the popular media player software Kodi is in the same boat. Kodi has also taken an active anti-piracy stance but they’re not banning any add-ons. They believe it would be pointless due to the open source nature of their software.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

BREIN is Taking Infamous ‘Piracy’ Hosting Provider Ecatel to Court

Post Syndicated from Andy original https://torrentfreak.com/brein-is-taking-infamous-piracy-hosting-provider-ecatel-to-court-170815/

A regular website can be easily hosted in most countries of the world but when the nature of the project begins to step on toes, opportunities begin to reduce. Openly hosting The Pirate Bay, for example, is something few providers want to get involved with.

There are, however, providers out there who specialize in hosting services that others won’t touch. They develop a reputation of turning a blind eye to their customers’ activities, only reacting when a crisis looms on the horizon. Despite the problems, there are a few that are surprisingly resilient.

One such host is Netherlands-based Ecatel, which has hit the headlines many times over the years for allegedly having customers involved in warez, torrents, and streaming, not to mention spam and malware. For hosting the former group, it’s now in the crosshairs of Dutch anti-piracy group BREIN.

According to an application for a witness hearing filed with The Court of the Hague by BREIN, Ecatel has repeatedly hosted websites dealing in infringing content over recent years. While this is nothing particularly out of the ordinary, BREIN claims that complaints filed against the sites were dealt with slowly by Ecatel or not at all.

Ecatel Ltd is a company incorporated in the UK with servers in the Netherlands but since 2015, another hosting company called Novogara has appeared in tandem. Court documents suggest that Novogara is associated with Ecatel, something that was confirmed early 2016 in an email sent out by Ecatel itself.

“We’d like to inform you that all services of Ecatel Ltd are taken over by a new brand called Novogara Ltd with immediate effect. The take-over includes Ecatel and all her subsidiaries,” the email read.

Muddying the waters a little more, in 2015 Ecatel’s IP addresses were apparently taken over by Quasi Networks Ltd, a Seychelles-based company whose business is described locally as being conducted entirely overseas.

“Stichting BREIN has found several websites in the network of Quasi Networks with obviously infringing content. Quasi Networks, however, does not respond structurally to requests for closing those websites. This involves unlawful acts against the parties associated with the BREIN Foundation,” a ruling from the Court reads.

As a result, BREIN wants a witness hearing with three defendants connected to the Ecatel/Novgara/Quasi group of companies in order to establish the relationship between the businesses, where their servers are, and who is behind Quasi Networks.

“Stichting BREIN is interested in this information in order to be able to judge who it can appeal to and whether it is useful to start a legal procedure,” the Court adds.

Two of the defendants failed to lodge a defense against BREIN’s application but one objected to the request for a hearing. He said that since Quasi Networks, Ecatel and Novogara are all incorporated outside the Netherlands, a trial must also be conducted abroad and therefore a Dutch judge would not have jurisdiction.

He also argued that BREIN would use the witness hearing as a “fishing expedition” in order to gather information it currently does not have, in order to formulate some kind of case against the defendants, in one way or another.

In a decision published this week, The Court of the Hague rejected that argument, noting that the basis for the claim is copyright infringement through Netherlands-hosted websites. Furthermore, the majority of the witnesses are resident in the district of The Hague. It also underlined the importance of a hearing.

“The request for holding a preliminary witness hearing opens an independent petition procedure, which does not address the eligibility of any claim that may be lodged. An investigation must be made by the judge who has to deal with and decide the main case – if it comes.

“The court points out that a preliminary witness hearing is now (partly) necessary to clarify whether and to what extent a claim has any chance of success,” the decision reads.

According to documents published by Companies House in the UK, Ecatel Ltd ceased to exist this morning, having been dissolved at the request of its directors.

The hearing of the witnesses is set to take place on Tuesday, September 26, 2017 at 9.30 in the Palace of Justice at Prince Claus 60 in The Hague.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

AWS CloudHSM Update – Cost Effective Hardware Key Management at Cloud Scale for Sensitive & Regulated Workloads

Post Syndicated from Jeff Barr original https://aws.amazon.com/blogs/aws/aws-cloudhsm-update-cost-effective-hardware-key-management/

Our customers run an incredible variety of mission-critical workloads on AWS, many of which process and store sensitive data. As detailed in our Overview of Security Processes document, AWS customers have access to an ever-growing set of options for encrypting and protecting this data. For example, Amazon Relational Database Service (RDS) supports encryption of data at rest and in transit, with options tailored for each supported database engine (MySQL, SQL Server, Oracle, MariaDB, PostgreSQL, and Aurora).

Many customers use AWS Key Management Service (KMS) to centralize their key management, with others taking advantage of the hardware-based key management, encryption, and decryption provided by AWS CloudHSM to meet stringent security and compliance requirements for their most sensitive data and regulated workloads (you can read my post, AWS CloudHSM – Secure Key Storage and Cryptographic Operations, to learn more about Hardware Security Modules, also known as HSMs).

Major CloudHSM Update
Today, building on what we have learned from our first-generation product, we are making a major update to CloudHSM, with a set of improvements designed to make the benefits of hardware-based key management available to a much wider audience while reducing the need for specialized operating expertise. Here’s a summary of the improvements:

Pay As You Go – CloudHSM is now offered under a pay-as-you-go model that is simpler and more cost-effective, with no up-front fees.

Fully Managed – CloudHSM is now a scalable managed service; provisioning, patching, high availability, and backups are all built-in and taken care of for you. Scheduled backups extract an encrypted image of your HSM from the hardware (using keys that only the HSM hardware itself knows) that can be restored only to identical HSM hardware owned by AWS. For durability, those backups are stored in Amazon Simple Storage Service (S3), and for an additional layer of security, encrypted again with server-side S3 encryption using an AWS KMS master key.

Open & Compatible  – CloudHSM is open and standards-compliant, with support for multiple APIs, programming languages, and cryptography extensions such as PKCS #11, Java Cryptography Extension (JCE), and Microsoft CryptoNG (CNG). The open nature of CloudHSM gives you more control and simplifies the process of moving keys (in encrypted form) from one CloudHSM to another, and also allows migration to and from other commercially available HSMs.

More Secure – CloudHSM Classic (the original model) supports the generation and use of keys that comply with FIPS 140-2 Level 2. We’re stepping that up a notch today with support for FIPS 140-2 Level 3, with security mechanisms that are designed to detect and respond to physical attempts to access or modify the HSM. Your keys are protected with exclusive, single-tenant access to tamper-resistant HSMs that appear within your Virtual Private Clouds (VPCs). CloudHSM supports quorum authentication for critical administrative and key management functions. This feature allows you to define a list of N possible identities that can access the functions, and then require at least M of them to authorize the action. It also supports multi-factor authentication using tokens that you provide.

AWS-Native – The updated CloudHSM is an integral part of AWS and plays well with other tools and services. You can create and manage a cluster of HSMs using the AWS Management Console, AWS Command Line Interface (CLI), or API calls.

Diving In
You can create CloudHSM clusters that contain 1 to 32 HSMs, each in a separate Availability Zone in a particular AWS Region. Spreading HSMs across AZs gives you high availability (including built-in load balancing); adding more HSMs gives you additional throughput. The HSMs within a cluster are kept in sync: performing a task or operation on one HSM in a cluster automatically updates the others. Each HSM in a cluster has its own Elastic Network Interface (ENI).

All interaction with an HSM takes place via the AWS CloudHSM client. It runs on an EC2 instance and uses certificate-based mutual authentication to create secure (TLS) connections to the HSMs.

At the hardware level, each HSM includes hardware-enforced isolation of crypto operations and key storage. Each customer HSM runs on dedicated processor cores.

Setting Up a Cluster
Let’s set up a cluster using the CloudHSM Console:

I click on Create cluster to get started, select my desired VPC and the subnets within it (I can also create a new VPC and/or subnets if needed):

Then I review my settings and click on Create:

After a few minutes, my cluster exists, but is uninitialized:

Initialization simply means retrieving a certificate signing request (the Cluster CSR):

And then creating a private key and using it to sign the request (these commands were copied from the Initialize Cluster docs and I have omitted the output. Note that ID identifies the cluster):

$ openssl genrsa -out CustomerRoot.key 2048
$ openssl req -new -x509 -days 365 -key CustomerRoot.key -out CustomerRoot.crt
$ openssl x509 -req -days 365 -in ID_ClusterCsr.csr   \
                              -CA CustomerRoot.crt    \
                              -CAkey CustomerRoot.key \
                              -CAcreateserial         \
                              -out ID_CustomerHsmCertificate.crt

The next step is to apply the signed certificate to the cluster using the console or the CLI. After this has been done, the cluster can be activated by changing the password for the HSM’s administrative user, otherwise known as the Crypto Officer (CO).

Once the cluster has been created, initialized and activated, it can be used to protect data. Applications can use the APIs in AWS CloudHSM SDKs to manage keys, encrypt & decrypt objects, and more. The SDKs provide access to the CloudHSM client (running on the same instance as the application). The client, in turn, connects to the cluster across an encrypted connection.

Available Today
The new HSM is available today in the US East (Northern Virginia), US West (Oregon), US East (Ohio), and EU (Ireland) Regions, with more in the works. Pricing starts at $1.45 per HSM per hour.

Jeff;

Piracy Narrative Isn’t About Ethics Anymore, It’s About “Danger”

Post Syndicated from Andy original https://torrentfreak.com/piracy-narrative-isnt-about-ethics-anymore-its-about-danger-170812/

Over the years there have been almost endless attempts to stop people from accessing copyright-infringing content online. Campaigns have come and gone and almost two decades later the battle is still ongoing.

Early on, when panic enveloped the music industry, the campaigns centered around people getting sued. Grabbing music online for free could be costly, the industry warned, while parading the heads of a few victims on pikes for the world to see.

Periodically, however, the aim has been to appeal to the public’s better nature. The idea is that people essentially want to do the ‘right thing’, so once they understand that largely hard-working Americans are losing their livelihoods, people will stop downloading from The Pirate Bay. For some, this probably had the desired effect but millions of people are still getting their fixes for free, so the job isn’t finished yet.

In more recent years, notably since the MPAA and RIAA had their eyes blacked in the wake of SOPA, the tone has shifted. In addition to educating the public, torrent and streaming sites are increasingly being painted as enemies of the public they claim to serve.

Several studies, largely carried out on behalf of the Digital Citizens Alliance (DCA), have claimed that pirate sites are hotbeds of malware, baiting consumers in with tasty pirate booty only to offload trojans, viruses, and God-knows-what. These reports have been ostensibly published as independent public interest documents but this week an advisor to the DCA suggested a deeper interest for the industry.

Hemanshu Nigam is a former federal prosecutor, ex-Chief Security Officer for News Corp and Fox Interactive Media, and former VP Worldwide Internet Enforcement at the MPAA. In an interview with Deadline this week, he spoke about alleged links between pirate sites and malware distributors. He also indicated that warning people about the dangers of pirate sites has become Hollywood’s latest anti-piracy strategy.

“The industry narrative has changed. When I was at the MPAA, we would tell people that stealing content is wrong and young people would say, yeah, whatever, you guys make a lot of money, too bad,” he told the publication.

“It has gone from an ethical discussion to a dangerous one. Now, your parents’ bank account can be raided, your teenage daughter can be spied on in her bedroom and extorted with the footage, or your computer can be locked up along with everything in it and held for ransom.”

Nigam’s stance isn’t really a surprise since he’s currently working for the Digital Citizens Alliance as an advisor. In turn, the Alliance is at least partly financed by the MPAA. There’s no suggestion whatsoever that Nigam is involved in any propaganda effort, but recent signs suggest that the DCA’s work in malware awareness is more about directing people away from pirate sites than protecting them from the alleged dangers within.

That being said and despite the bias, it’s still worth giving experts like Nigam an opportunity to speak. Largely thanks to industry efforts with brands, pirate sites are increasingly being forced to display lower-tier ads, which can be problematic. On top, some sites’ policies mean they don’t deserve any visitors at all.

In the Deadline piece, however, Nigam alleges that hackers have previously reached out to pirate websites offering $200 to $5000 per day “depending on the size of the pirate website” to have the site infect users with malware. If true, that’s a serious situation and people who would ordinarily use ‘pirate’ sites would definitely appreciate the details.

For example, to which sites did hackers make this offer and, crucially, which sites turned down the offer and which ones accepted?

It’s important to remember that pirates are just another type of consumer and they would boycott sites in a heartbeat if they discovered they’d been paid to infect them with malware. But, as usual, the claims are extremely light in detail. Instead, there’s simply a blanket warning to stay away from all unauthorized sites, which isn’t particularly helpful.

In some cases, of course, operational security will prevent some details coming to light but without these, people who don’t get infected on a ‘pirate’ site (the vast majority) simply won’t believe the allegations. As the author of the Deadline piece pointed out, it’s a bit like Reefer Madness all over again.

The point here is that without hard independent evidence to back up these claims, with reports listing sites alongside the malware they’ve supposed to have spread and when, few people will respond to perceived scaremongering. Free content trumps a few distant worries almost every time, whether that involves malware or the threat of a lawsuit.

It’ll be up to the DCA and their MPAA paymasters to consider whether the approach is working but thus far, not even having government heavyweights on board has helped.

Earlier this year the DCA launched a video campaign, enrolling 15 attorney generals to publish their own anti-piracy PSAs on YouTube. Thus far, interest has been minimal, to say the least.

At the time of writing the 15 PSAs have 3,986 views in total, with 2,441 of those contributed by a single video contributed by Wisconsin Attorney General Brad Schimel. Despite the relative success, even that got slammed with 2 upvotes and 127 downvotes.

A few of the other videos have a couple of hundred views each but more than half have less than 70. Perhaps most worryingly for the DCA, apart from the Schimel PSA, none have any upvotes at all, only down. It’s unclear who the viewers were but it seems reasonable to conclude they weren’t entertained.

The bottom line is nobody likes malware or having their banking details stolen but yet again, people who claim to have the public interest at heart aren’t actually making a difference on the ground. It could be argued that groups advocating online safety should be publishing guides on how to stay protected on the Internet period, not merely advising people to stay away from certain sites.

But of course, that wouldn’t achieve the goals of the MPAA Digital Citizens Alliance.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Internet Archive Blocked in 2,650 Site Anti-Piracy Sweep

Post Syndicated from Andy original https://torrentfreak.com/internet-archive-blocked-in-2650-site-anti-piracy-sweep-170810/

Reports of sites becoming mysteriously inaccessible in India have been a regular occurance over the past several years. In many cases, sites simply stop functioning, leaving users wondering whether sites are actually down or whether there’s a technical issue.

Due to their increasing prevalence, fingers are often pointed at so-called ‘John Doe’ orders, which are handed down by the court to prevent Internet piracy. Often sweeping in nature (and in some cases pre-emptive rather than preventative), these injunctions have been known to block access to both file-sharing platforms and innocent bystanders.

Earlier this week (and again for no apparent reason), the world renowned Internet Archive was rendered inaccessible to millions of users in India. The platform, which is considered by many to be one of the Internet’s most valued resources, hosts more than 15 petabytes of data, a figure which grows on a daily basis. Yet despite numerous requests for information, none was forthcoming from authorities.

The ‘blocked’ message seen by users accessing Archive.org

Quoted by local news outlet Medianama, Chris Butler, Office Manager at the Internet Archive, said that their attempts to contact the Indian Department of Telecom (DoT) and the Ministry of Electronics and Information Technology (Meity) had proven fruitless.

Noting that site had previously been blocked in India, Butler said they were no clearer on the reasons why the same kind of action had seemingly been taken this week.

“We have no information about why a block would have been implemented,” he said. “Obviously, we are disappointed and concerned by this situation and are very eager to understand why it’s happening and see full access restored to archive.org.”

Now, however, the mystery has been solved. The BBC says a local government agency provided a copy of a court order obtained by two Bollywood production companies who are attempting to slow down piracy of their films in India.

Issued by a local judge, the sweeping order compels local ISPs to block access to 2,650 mainly file-sharing websites, including The Pirate Bay, RARBG, the revived KickassTorrents, and hundreds of other ‘usual suspects’. However, it also includes the URL for the Internet Archive, hence the problems with accessibility this week.

The injunction, which appears to be another John Doe order as previously suspected, was granted by the High Court of the Judicature at Madras on August 2, 2017. Two film productions companies – Prakash Jah Productions and Red Chillies Entertainment – obtained the order to protect their films Lipstick Under My Burkha and Jab Harry Met Sejal.

While India-based visitors to blocked resources are often greeted with a message saying that domains have been blocked at the orders of the Department of Telecommunications, these pages never give a reason why.

This always leads to confusion, with news outlets having to pressure local government agencies to discover the reason behind the blockades. In the interests of transparency, providing a link to a copy of a relevant court order would probably benefit all involved.

A few hours ago, the Internet Archive published a statement questioning the process undertaken before the court order was handed down.

“Is the Court aware of and did it consider the fact that the Internet Archive has a well-established and standard procedure for rights holders to submit take down requests and processes them expeditiously?” the platform said.

“We find several instances of take down requests submitted for one of the plaintiffs, Red Chillies Entertainments, throughout the past year, each of which were processed and responded to promptly.

“After a preliminary review, we find no instance of our having been contacted by anyone at all about these films. Is there a specific claim that someone posted these films to archive.org? If so, we’d be eager to address it directly with the claimant.”

But while the Internet Archive appears to be the highest profile collateral damage following the ISP blocks, it isn’t the only victim. Now that the court orders have become available (1,2), it’s clear that other non-pirate entities have also been affected including news site WN.com, website hosting service Weebly, and French ISP Free.fr.

Also, in a sign that sites aren’t being checked to see if they host the movies in question, one of the orders demands that former torrent index BitSnoop is blocked. The site shut down earlier this year. The same is true for Shaanig.org.

This is not the first time that the Internet Archive has been blocked in India. In 2014/2015, Archive.org was rendered inaccessible after it was accused of hosting extremist material. In common with Google, the site copies and stores huge amounts of data, much of it in automated processes. This can leave it exposed to these kinds of accusations.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Man Leaks New ‘Power’ Episodes Online, Records His Own Face

Post Syndicated from Andy original https://torrentfreak.com/man-leaks-new-power-episodes-online-records-his-own-face-170809/

With the whole world going crazy for Game of Thrones, another TV series has been turning some serious numbers. Produced by Curtis “50 Cent” Jackson, crime drama ‘Power’ has been pulling in around eight million viewers per episode.

After premiering in June 2014, Power is now seven episodes into season four, which is set to reach its climax on August 27. But somewhat typically for the Internet these days, fans won’t necessarily have to wait another three weeks to find out what happens. During the past few hours, the final three episodes of ‘Power’ leaked online.

While that’s something in itself, this leak is possibly the most bizarre to take place in the history of piracy. Having been tipped off that screener episodes were available online, TF went looking for evidence. We found it, but it wasn’t what we expected.

The leaks consist of the three episodes (one complete, the other two missing a few minutes) being played back on an iPhone. A white one. With a broken screen.

Power leaks: Broken iPhone edition

The off-center nature of the image above isn’t typical though and most of the time the main picture is both central and well-defined, with surprisingly clear audio. It’s certainly not going to win any prizes for quality but for the extremely impatient it offers some kind of relief.

The big question, of course, is how these episodes happened to find their way onto that battered iPhone in the first place. Incredibly, the videos themselves provide the answers, with the thoughtful ‘cammer’ explaining in several voice-overs how he gained access to one of STARZ hottest properties.

“This is like the special, this is only for the people that work at STARZ that watch this shit. My man sent me the whole log-in shit. I had to pay that n******r though,” he said.

The log-in referenced by the leaker appears to unlock press access to unreleased content on mediaroom.starz.com. That page has been taken down since, quite possibly due to the leak. Thanks to the video though, we can see how the portal looked on the leaker’s phone.

Unreleased ‘Power’ episodes on the STARZ portal

“That’s the whole series bitch, but I can’t log out though, so I can’t send it to you. The man says don’t log out. So i’m gonna watch these last two episodes and then spoil it for y’all,” the ‘cammer’ said over one of the episodes.

The original claim that theses were screener copies holds up. Throughout all three episodes, an occasional message appears across the bottom of the screen, declaring that the episodes are “for screening purposes only.”

Screener copies, for your eyes only

If the whole situation isn’t bizarre enough so far, the episodes contain quite a bit of complaining from the ‘cammer’, mainly due to his arm aching from holding up the recording phone for such a long time.

Why he didn’t simply place it down on the table isn’t clear. He managed it with the playback phone, which is seen leaning against a large water container throughout, something the ‘cammer’ believes is pretty badass.

“You see, I got my shit propped up like a G,” he said, placing the phone against the water bottle. “Next episode, definitely not holdin’ this shit, so you n*****s gotta relax.”

If this whole scenario isn’t crazy enough, the ‘cammer’ polishes off his virtuoso performance by turning the ‘cam’ phone around and recording his own face for several seconds. To save his embarrassment we won’t publish an image here but needless to say, he is extremely easy to identify, as is his Facebook page, where the content seems to have first appeared.

While there’s clearly no criminal mastermind behind these leaks, dumping unreleased TV shows online can result in a hefty jail sentence, no matter how poorly it’s done. The gentleman involved should hope that STARZ and the FBI are prepared to see the funny side. Fingers crossed….

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Foxtel Targets 128 Torrent & Streaming Domains For Blocking Down Under

Post Syndicated from Andy original https://torrentfreak.com/foxtel-targets-128-torrent-streaming-domains-for-blocking-down-under-170808/

In 2015, Australia passed controversial legislation which allows ‘pirate’ sites located on servers overseas to be blocked at the ISP level.

“These offshore sites are not operated by noble spirits fighting for the freedom of the internet, they are run by criminals who profit from stealing other people’s creative endeavors,” commented then Foxtel chief executive Richard Freudenstein.

Before, during and after its introduction, Foxtel has positioned itself as a keen supporter of the resulting Section 115a of the Copyright Act. And in December 2016, with the law firmly in place, it celebrated success after obtaining a blocking injunction against The Pirate Bay, Torrentz, TorrentHound and isoHunt.

In May, Foxtel filed a new application, demanding that almost 50 local ISPs block what was believed to be a significant number of ‘pirate’ sites not covered by last year’s order.

Today the broadcasting giant was back in Federal Court, Sydney, to have this second application heard under Section 115a. It was revealed that the application contains 128 domains, each linked to movie and TV piracy.

According to ComputerWorld, the key sites targeted are as follows: YesMovies, Vumoo, LosMovies, CartoonHD, Putlocker, Watch Series 1, Watch Series 2, Project Free TV 1, Project Free TV 2, Watch Episodes, Watch Episode Series, Watch TV Series, The Dare Telly, Putlocker9.is, Putlocker9.to, Torlock and 1337x.

The Foxtel application targets both torrent and streaming sites but given the sample above, it seems that the latter is currently receiving the most attention. Streaming sites are appearing at a rapid rate and can even be automated to some extent, so this battle could become extremely drawn out.

Indeed, Justice Burley, who presided over the case this morning, described the website-blocking process (which necessarily includes targeting mirrors, proxies and replacement domains) as akin to “whack-a-mole”.

“Foxtel sees utility in orders of this nature,” counsel for Foxtel commented in response. “It’s important to block these sites.”

In presenting its application, Foxtel conducted live demonstrations of Yes Movies, Watch Series, 1337x, and Putlocker. It focused on the Australian prison drama series Wentworth, which has been running on Foxtel since 2013, but also featured tests of Game of Thrones.

Justice Burley told the court that since he’s a fan of the series, a spoiler-free piracy presentation would be appreciated. If the hearing had taken place a few days earlier, spoilers may have been possible. Last week, the latest episode of the show leaked onto the Internet from an Indian source before its official release.

Justice Burley’s decision will be handed down at a later date, but it’s unlikely there will be any serious problems with Foxtel’s application. After objecting to many aspects of blocking applications in the past, Australia’s ISPs no longer appear during these hearings. They are now paid AU$50 per domain blocked by companies such as Foxtel and play little more than a technical role in the process.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Lawyer Says He Was Deceived Into BitTorrent Copyright Trolling Scheme

Post Syndicated from Andy original https://torrentfreak.com/lawyer-says-he-was-deceived-into-bittorrent-copyright-trolling-scheme-170807/

For more than a decade, companies around the world have been trying to turn piracy into profit. For many this has meant the development of “copyright trolling” schemes, in which alleged pirates are monitored online and then pressured into cash settlements.

The shadowy nature of this global business means that its true scale will never be known but due to the controversial activities of some of the larger players, it’s occasionally possible to take a peek inside their operations. One such opportunity has just raised its head.

According to a lawsuit filed in California, James Davis is an attorney licensed in Oregon and California. Until two years ago, he was largely focused on immigration law. However, during March 2015, Davis says he was approached by an old classmate with an opportunity to get involved in a new line of business.

That classmate was Oregon lawyer Carl Crowell, who over the past several years has been deeply involved in copyright-trolling cases, including a deluge of Dallas Buyers Club and London Has Fallen litigation. He envisioned a place for Davis in the business.

Davis seemed to find the proposals attractive and became seriously involved in the operation, filing 58 cases on behalf of the companies involved. In common with similar cases, the lawsuits were brought in the name of the entities behind each copyrighted work, such as Dallas Buyers Club, LLC and LHF Productions, Inc.

In time, however, things started to go wrong. Davis claims that he discovered that Crowell, in connection with and on behalf of the other named defendants, “misrepresented the true nature of the Copyright Litigation Campaign, including the ownership of the works at issue and the role of the various third-parties involved in the litigation.”

Davis says that Crowell and the other defendants (which include the infamous Germany-based troll outfit Guardaley) made false representations to secure his participation, while holding back other information that might have made him think twice about becoming involved.

“Crowell and other Defendants withheld numerous material facts that were known to Crowell and the knowledge of which would have cast doubt on the value and ethical propriety of the Copyright Litigation Campaign for Mr. Davis,” the lawsuit reads.

Davis goes on to allege serious misconduct, including that representations regarding ownership of various entities were false and used to deceive him into participating in the scheme.

As time went on, Davis said he had increasing doubts about the operation. Then, in August 2016 as a result of a case underway in California, he began asking questions which resulted in him uncovering additional facts. These undermined both the representations of the people he was working for and his own belief in the “value and ethical propriety of the Copyright Litigation Campaign,” the lawsuit claims.

Davis said this spurred him on to “aggressively seek further information” from Crowell and other people involved in the scheme, including details of its structure and underlying support. He says all he received were “limited responses, excuses, and delays.”

The case was later dismissed by mutual agreement of the parties involved but of course, Davis’ concerns about the underlying case didn’t come to the forefront until the filing of his suit against Crowell and the others.

Davis says that following a meeting in Santa Monica with several of the main players behind the litigation campaign, he decided its legal and factual basis were unsound. He later told Crowell and Guardaley that he was withdrawing from their project.

As the result of the misrepresentations made to him, Davis is now suing the defendants on a number of counts, detailed below.

“Defendants’ business practices are unfair, unlawful, and fraudulent. Davis has suffered monetary damage as a direct result of the unfair, unlawful, and fraudulent business practices set forth herein,” the lawsuit reads.

Requesting a trial by jury, Davis is seeking actual damages, statutory damages, punitive or treble damages “in the amount of no less than $300,000.”

While a payment of that not insignificant amount would clearly satisfy Davis, the prospect of a trial in which the Guardaley operation is laid bare would be preferable when the interests of its thousands of previous targets are considered.

Only time will tell how things will pan out but like the vast majority of troll cases, this one too seems destined to be settled in private, to ensure the settlement machine keeps going.

Note: The case was originally filed in June, only to be voluntarily dismissed. It has now been refiled in state court.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Former Vuze Developers Launch BiglyBT, a ‘New’ Open Source Torrent Client

Post Syndicated from Ernesto original https://torrentfreak.com/former-vuze-developers-launch-biglybt-a-new-open-source-torrent-client-170803/

Back in the summer of 2003 a group of developers debuted a new torrent client, which they called Azureus.

BitTorrent itself was still a relatively new technology at the time and users were eager to find new tools to transfer their files. The feature-rich Azureus client, which later rebranded to Vuze, delivered just that.

In recent years, however, things have gone relatively quiet, up to a point where Vuze development appears to have stalled completely. Perhaps not surprising, as two of the core developers, parg and TuxPaper, have left the project and moved on to something new.

“We are no longer involved in Vuze or Azureus Software, Inc. We can not speak to what their intentions are with the development of their product,” they inform us.

The developers, who were also part of the original Azureus team, are not saying farewell to their code though. While they are no longer working on Vuze, the pair have started a new Azureus branch, one they will actively maintain.

“We have invested such a large amount of our lives in the endeavor that we feel the need to keep the open source project active, for both our and our users’ enjoyment!” parg and TuxPaper tell us.

BiglyBT, as they have named their new client, will continue where Vuze development stalled. In addition to optimizing the code and releasing new features, BiglyBT is determined to keep the open source project alive, without any commercial interests.

“Our main goals for BiglyBT is to keep it ad-free and open source, and to continue to develop it into an even better torrent client. We also hope that a community will form again around the product.”

BiglyBT main window (large)

People who try the new client will notice that it’s indeed very similar to Vuze, but without the ads and some other ‘cluttering’ features, such as DVD-burning.

While BiglyBT looks and operates in a similar manner to Vuze, in the future the developers will work on a new set of features, a new style, and various other changes that will set it apart from its older brother.

“Our first release is mostly a name change, but we have removed some of the things that we know users don’t particularly want or use, such as the content network, games promotions, DVD burning, the huge ad in the corner of the app, and the offers in the installer.”

While Vuze appears to have downsized its development efforts, BiglyBT promises to go full steam ahead. The new client will also stay true to the Open Source nature. Previously, some people complained that Vuze included proprietary code, resulting in more restrictive license terms. BiglyBT is purely GPL, and will remain so.

The client is currently available on all major desktop platforms, including Windows, MacOS and Linux. An open source Android app, forked from Vuze remote, will follow in a few weeks.

BiglyBT should appeal to a wide range of users, especially the more seasoned torrent user who wants a client they can configure to their liking.

“Our target users are people who love to delve into the world of torrenting. People who like to tinker and watch torrents do their thing. Hoarders who like to seed, automate, categorize and contribute back to the torrenting community,” the developers note.

People who are interested in giving BiglyBT a spin can download the latest version from the official site. The application is free and won’t install any other applications or adware. Instead, it’s solely supported by donations from the public.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Pimoroni is 5 now!

Post Syndicated from guru original https://www.raspberrypi.org/blog/pimoroni-is-5-now/

Long read written by Pimoroni’s Paul Beech, best enjoyed over a cup o’ grog.

Every couple of years, I’ve done a “State of the Fleet” update here on the Raspberry Pi blog to tell everyone how the Sheffield Pirates are doing. Half a decade has gone by in a blink, but reading back over the previous posts shows that a lot has happened in that time!

TL;DR We’re an increasingly medium-sized design/manufacturing/e-commerce business with workshops in Sheffield, UK, and Essen, Germany, and we employ almost 40 people. We’re totally lovely. Thanks for supporting us!

 

We’ve come a long way, baby

I’m sitting looking out the window at Sheffield-on-Sea and feeling pretty lucky about how things are going. In the morning, I’ll be flying east for Maker Faire Tokyo with Niko (more on him later), and to say hi to some amazing people in Shenzhen (and to visit Huaqiangbei, of course). This is after I’ve already visited this year’s Maker Faires in New York, San Francisco, and Berlin.

Pimoroni started out small, but we’ve grown like weeds, and we’re steadily sauntering towards becoming a medium-sized business. That’s thanks to fantastic support from the people who buy our stuff and spread the word. In return, we try to be nice, friendly, and human in everything we do, and to make exciting things, ideally with our own hands here in Sheffield.

Pimoroni soldering

Handmade with love

We’ve made it onto a few ‘fastest-growing’ lists, and we’re in the top 500 of the Inc. 5000 Europe list. Adafruit did it first a few years back, and we’ve never gone wrong when we’ve followed in their footsteps.

The slightly weird nature of Pimoroni means we get listed as either a manufacturing or e-commerce business. In reality, we’re about four or five companies in one shell, which is very much against the conventions of “how business is done”. However, having seen what Adafruit, SparkFun, and Seeed do, we’re more than happy to design, manufacture, and sell our stuff in-house, as well as stocking the best stuff from across the maker community.

Pimoroni stocks

Product and process

The whole process of expansion has not been without its growing pains. We’re just under 40 people strong now, and have an outpost in Germany (also hilariously far from the sea for piratical activities). This means we’ve had to change things quickly to improve and automate processes, so that the wheels won’t fall off as things get bigger. Process optimization is incredibly interesting to a geek, especially the making sure that things are done well, that mistakes are easy to spot and to fix, and that nothing is missed.

At the end of 2015, we had a step change in how busy we were, and our post room and support started to suffer. As a consequence, we implemented measures to become more efficient, including small but important things like checking in parcels with a barcode scanner attached to a Raspberry Pi. That Pi has been happily running on the same SD card for a couple of years now without problems 😀

Pimoroni post room

Going postal?

We also hired a full-time support ninja, Matt, to keep the experience of getting stuff from us light and breezy and to ensure that any problems are sorted. He’s had hugely positive impact already by making the emails and replies you see more friendly. Of course, he’s also started using the laser cutters for tinkering projects. It’d be a shame to work at Pimoroni and not get to use all the wonderful toys, right?

Employing all the people

You can see some of the motley crew we employ here and there on the Pimoroni website. And if you drop by at the Raspberry Pi Birthday Party, Pi Wars, Maker Faires, Deer Shed Festival, or New Scientist Live in September, you’ll be seeing new Pimoroni faces as we start to engage with people more about what we do. On top of that, we’re starting to make proper videos (like Sandy’s soldering guide), as opposed to the 101 episodes of Bilge Tank we recorded in a rather off-the-cuff and haphazard fashion. Although that’s the beauty of Bilge Tank, right?

Pimoroni soldering

Such soldering setup

As Emma, Sandy, Lydia, and Tanya gel as a super creative team, we’re starting to create more formal educational resources, and to make kits that are suitable for a wider audience. Things like our Pi Zero W kits are products of their talents.

Emma is our new Head of Marketing. She’s really ‘The Only Marketing Person Who Would Ever Fit In At Pimoroni’, having been a core part of the Sheffield maker scene since we hung around with one Ben Nuttall, in the dark days before Raspberry Pi was a thing.

Through a series of fortunate coincidences, Niko and his equally talented wife Mena were there when we cut the first Pibow in 2012. They immediately pitched in to help us buy our second laser cutter so we could keep up with demand. They have been supporting Pimoroni with sourcing in East Asia, and now Niko has become a member of the Pirates’ Council and the Head of Engineering as we’re increasing the sophistication and scale of the things we do. The Unicorn HAT HD is one of his masterpieces.

Pimoroni devices

ALL the HATs!

We see ourselves as a wonderful island of misfit toys, and it feels good to have the best toy shop ever, and to support so many lovely people. Business is about more than just profits.

Where do we go to, me hearties?

So what are our plans? At the moment we’re still working absolutely flat-out as demand from wholesalers, retailers, and customers increases. We thought Raspberry Pi was big, but it turns out it’s just getting started. Near the end of 2016, it seemed to reach a whole new level of popularityand still we continue to meet people to whom we have to explain what a Pi is. It’s a good problem to have.

We need a bigger space, but it’s been hard to find somewhere suitable in Sheffield that won’t mean we’re stuck on an industrial estate miles from civilisation. That would be bad for the crewwe like having world-class burritos on our doorstep.

The good news is, it looks like our search is at an end! Just in time for the arrival of our ‘Super-Turbo-Death-Star’ new production line, which will enable to make devices in a bigger, better, faster, more ‘Now now now!’ fashion \o/

Pimoroni warehouse

Spacious, but not spacious enough!

We’ve got lots of treasure in the pipeline, but we want to pick up the pace of development even more and create many new HATs, pHATs, and SHIMs, e.g. for environmental sensing and audio applications. Picade will also be getting some love to make it slicker and more hackable.

We’re also starting to flirt with adding more engineering and production capabilities in-house. The plan is to try our hand at anodising, powder-coating, and maybe even injection-moulding if we get the space and find the right machine. Learning how to do things is amazing, and we love having an idea and being able to bring it to life in almost no time at all.

Pimoroni production

This is where the magic happens

Fanks!

There are so many people involved in supporting our success, and some people we love for just existing and doing wonderful things that make us want to do better. The biggest shout-outs go to Liz, Eben, Gordon, James, all the Raspberry Pi crew, and Limor and pt from Adafruit, for being the most supportive guiding lights a young maker company could ever need.

A note from us

It is amazing for us to witness the growth of businesses within the Raspberry Pi ecosystem. Pimoroni is a wonderful example of an organisation that is creating opportunities for makers within its local community, and the company is helping to reinvigorate Sheffield as the heart of making in the UK.

If you’d like to take advantage of the great products built by the Pirates, Monkeys, Robots, and Ninjas of Sheffield, you should do it soon: Pimoroni are giving everyone 20% off their homemade tech until 6 August.

Pimoroni, from all of us here at Pi Towers (both in the UK and USA), have a wonderful birthday, and many a grog on us!

The post Pimoroni is 5 now! appeared first on Raspberry Pi.

TVAddons Returns, But in Ugly War With Canadian Telcos Over Kodi Addons

Post Syndicated from Andy original https://torrentfreak.com/tvaddons-returns-ugly-war-canadian-telcos-kodi-addons-170801/

After Dish Network filed a lawsuit against TVAddons in Texas, several high-profile Kodi addons took the decision to shut down. Soon after, TVAddons itself went offline.

In the weeks that followed, several TVAddons-related domains were signed over (1,2) to a Canadian law firm, a mysterious situation that didn’t dovetail well with the US-based legal action.

TorrentFreak can now reveal that the shutdown of TVAddons had nothing to do with the US action and everything to do with a separate lawsuit filed in Canada.

The complaint against TVAddons

Two months ago on June 2, a collection of Canadian telecoms giants including Bell Canada, Bell ExpressVu, Bell Media, Videotron, Groupe TVA, Rogers Communications and Rogers Media, filed a complaint in Federal Court against Montreal resident, Adam Lackman, the man behind TVAddons.

The 18-page complaint details the plaintiffs’ case against Lackman, claiming that he communicated copyrighted TV shows including Game of Thrones, Prison Break, The Big Bang Theory, America’s Got Talent, Keeping Up With The Kardashians and dozens more, to the public in breach of copyright.

The key claim is that Lackman achieved this by developing, hosting, distributing or promoting Kodi add-ons.

Adam Lackman, the man behind TVAddons (@adam.lackman on Instagram)

A total of 18 major add-ons are detailed in the complaint including 1Channel, Exodus, Phoenix, Stream All The Sources, SportsDevil, cCloudTV and Alluc, to name a few. Also under the spotlight is the ‘FreeTelly’ custom Kodi build distributed by TVAddons alongside its Kodi configuration tool, Indigo.

“[The defendant] has made the [TV shows] available to the public by telecommunication in a way that allows members of the public to have access to them from a place and at a time individually chosen by them…consequently infringing the Plaintiffs’ copyright…in contravention of sections 2.4(1.1), 3(1)(f) and 27(1) of the Copyright Act,” the complaint reads.

The complaint alleges that Lackman “induced and/or authorized users” of the FreeTelly and Indigo tools to carry out infringement by his handling and promotion of infringing add-ons, including through TVAddons.ag and Offshoregit.com, in contravention of sections 3(1)(f) and 27(1) of the Copyright Act.

“Approximately 40 million unique users located around the world are actively using Infringing Addons hosted by TVAddons every month, and approximately 900,000 Canadian households use Infringing Add-ons to access television content. The amount of users of Infringing add-ons hosted TVAddons is constantly increasing,” the complaint adds.

To limit the harm allegedly caused by TVAddons, the complaint asked for interim, interlocutory, and permanent injunctions restraining Lackman and associates from developing, promoting or distributing any of the allegedly infringing add-ons or software. On top, the plaintiffs requested punitive and exemplary damages, plus costs.

The interim injunction and Anton Piller Order

Following the filing of the complaint, on June 9 the Federal Court handed down a time-limited interim injunction against Lackman which restrained him from various activities in respect of TVAddons. The process took place ex parte, meaning in secret, without Lackman being able to mount a defense.

The Court also authorized a bailiff and computer forensics experts to take control of Internet domains including TVAddons.ag and Offshoregit.com plus social media and hosting provider accounts for a period of 14 days. These were transferred to Daniel Drapeau at DrapeauLex, an independent court-appointed supervising counsel.

The order also contained an Anton Piller order, a civil search warrant that grants plaintiffs no-notice permission to enter a defendant’s premises in order to secure and copy evidence to support their case, before it can be destroyed or tampered with.

The order covered not only data related to the TVAddons platform, such as operating and financial details, revenues, and banking information, but everything in Lackman’s possession.

The Court ordered the telecoms companies to inform Lackman that the case against him is a civil proceeding and that he could deny entry to his property if he wished. However, that option would put him in breach of the order and would place him at risk of being fined or even imprisoned. Catch 22 springs to mind.

The Court did, however, put limits on the number of people that could be present during the execution of the Anton Piller order (ostensibly to avoid intimidation) and ordered the plaintiffs to deposit CAD$50,000 with the Court, in case the order was improperly executed. That decision would later prove an important one.

The search and interrogation of TVAddons’ operator

On June 12, the order was executed and Lackman’s premises were searched for more than 16 hours. For nine hours he was interrogated and effectively denied his right to remain silent since non-cooperation with an Anton Piller order amounts to contempt of court. The Court’s stated aim of not intimidating Lackman failed.

The TVAddons operator informs TorrentFreak that he heard a disturbance in the hallway outside and spotted several men hiding on the other side of the door. Fearing for his life, Lackman called the police and when they arrived he opened the door. At this point, the police were told by those in attendance to leave, despite Lackman’s protests.

Once inside, Lackman was told he had an hour to find a lawyer, but couldn’t use any electronic device to get one. Throughout the entire day, Lackman says he was reminded by the plaintiffs’ lawyer that he could be held in contempt of court and jailed, even though he was always cooperating.

“I had to sit there and not leave their sight. I was denied access to medication,” Lackman told TorrentFreak. “I had a doctor’s appointment I was forced to miss. I wasn’t even allowed to call and cancel.”

In papers later filed with the court by Lackman’s team, the Anton Piller order was described as a “bombe atomique” since TVAddons had never been served with so much as a copyright takedown notice in advance of this action.

The Anton Piller controversy

Anton Piller orders are only valid when passing a three-step test: when there is a strong prima facie case against the respondent, the damage – potential or actual – is serious for the applicant, and when there is a real possibility that evidence could be destroyed.

For Bell Canada, Bell ExpressVu, Bell Media, Videotron, Groupe TVA, Rogers Communications and Rogers Media, serious problems emerged on at least two of these points after the execution of the order.

For example, TVAddons carried more than 1,500 add-ons yet only 1% of those add-ons were considered to be infringing, a tiny number in the overall picture. Then there was the not insignificant problem with the exchange that took place during the hearing to obtain the order, during which Lackman was not present.

Clearly, the securing of existing evidence wasn’t the number one priority.

Plaintiffs: We want to destroy TVAddons

And the problems continued.

No right to remain silent, no right to consult a lawyer

The Anton Piller search should have been carried out between 8am and 8pm but actually carried on until midnight. As previously mentioned, Adam Lackman was effectively denied his right to remain silent and was forbidden from getting advice from his lawyer.

None of this sat well with the Honourable B. Richard Bell during a subsequent Federal Court hearing to consider the execution of the Anton Piller order.

“It is important to note that the Defendant was not permitted to refuse to answer questions under fear of contempt proceedings, and his counsel was not permitted to clarify the answers to questions. I conclude unhesitatingly that the Defendant was subjected to an examination for discovery without any of the protections normally afforded to litigants in such circumstances,” the Judge said.

“Here, I would add that the ‘questions’ were not really questions at all. They took the form of orders or directions. For example, the Defendant was told to ‘provide to the bailiff’ or ‘disclose to the Plaintiffs’ solicitors’.”

Evidence preservation? More like a fishing trip

But shockingly, the interrogation of Lackman went much, much further. TorrentFreak understands that the TVAddons operator was given a list of 30 names of people that might be operating sites or services similar to TVAddons. He was then ordered to provide all of the information he had on those individuals.

Of course, people tend to guard their online identities so it’s possible that the information provided by Lackman will be of limited use, but Judge Bell was not happy that the Anton Piller order was abused by the plaintiffs in this way.

“I conclude that those questions, posed by Plaintiffs’ counsel, were solely made in furtherance of their investigation and constituted a hunt for further evidence, as opposed to the preservation of then existing evidence,” he wrote in a June 29 order.

But he was only just getting started.

Plaintiffs unlawfully tried to destroy TVAddons before trial

The Judge went on to note that from their own mouths, the Anton Piller order was purposely designed by the plaintiffs to completely shut down TVAddons, despite the fact that only a tiny proportion of the add-ons available on the site were allegedly used to infringe copyright.

“I am of the view that [the order’s] true purpose was to destroy the livelihood of the Defendant, deny him the financial resources to finance a defense to the claim made against him, and to provide an opportunity for discovery of the Defendant in circumstances where none of the procedural safeguards of our civil justice system could be engaged,” Judge Bell wrote.

As noted, plaintiffs must also have a “strong prima facie case” to obtain an Anton Piller order but Judge Bell says he’s not convinced that one exists. Instead, he praised the “forthright manner” of Lackman, who successfully compared the ability of Kodi addons to find content in the same way as Google search can.

So why the big turn around?

Judge Bell said that while the prima facie case may have appeared strong before the judge who heard the matter ex parte (without Lackman being present to defend himself), the subsequent adversarial hearing undermined it, to the point that it no longer met the threshold.

As a result of these failings, Judge Bell declared the Anton Piller order unlawful. Things didn’t improve for the plaintiffs on the injunction front either.

The Judge said that he believes that Lackman has “an arguable case” that he is not violating the Copyright Act by merely providing addons and that TVAddons is his only source of income. So, if an injunction to close the site was granted, the litigation would effectively be over, since the plaintiffs already admitted that their aim was to neutralize the platform.

If the platform was neutralized, Lackman could no longer earn money from the site, which would harm his ability to mount a defense.

“In considering the balance of convenience, I also repeat that the plaintiffs admit that the vast majority of add-ons are non-infringing. Whether the remaining approximately 1% are infringing is very much up for debate. For these reasons, I find the balance of convenience favors the defendant, and no interlocutory injunction will be issued,” the Judge declared.

With the Anton Piller order declared unlawful and no interlocutory injunction (one effective until the final determination of the case) handed down, things were about to get worse for the telecoms companies.

They had paid CAD$50,000 to the court in security in case things went wrong with the Anton Piller order, so TVAddons was entitled to compensation from that amount. That would be helpful, since at this point TVAddons had already run up CAD$75,000 in legal expenses.

On top, the Judge told independent counsel to give everything seized during the Anton Piller search back to Lackman.

The order to return items previously seized

But things were far from over. Within days, the telecoms companies took the decision to the Court of Appeal, asking for a stay of execution (a delay in carrying out a court order) to retain possession of items seized, including physical property, domains, and social media accounts.

Mid-July the appeal was granted and certain confidentiality clauses affecting independent counsel (including Daniel Drapeau, who holds the TVAddons’ domains) were ordered to be continued. However, considering the problems with the execution of the Anton Piller order, Bell Canada, TVA, Videotron and Rogers et al, were ordered to submit an additional security bond of CAD$140,000, on top of the CAD$50,000 already deposited.

So the battle continues, and continue it will

Speaking with TorrentFreak, Adam Lackman says that he has no choice but to fight the telcoms companies since not doing so would result in a loss by default judgment. Interestingly, both he and one of the judges involved in the case thus far believe he has an arguable case.

Lackman says that his activities are protected under the Canadian Copyright Act, specifically subparagraph 2.4(1)(b) which states as follows:

A person whose only act in respect of the communication of a work or other subject-matter to the public consists of providing the means of telecommunication necessary for another person to so communicate the work or other subject-matter does not communicate that work or other subject-matter to the public;

Of course, finding out whether that’s indeed the case will be a costly endeavor.

“It all comes down to whether we will have the financial resources necessary to mount our defense and go to trial. We won’t have ad revenue coming in, since losing our domain names means that we’ll lose the majority of our traffic for quite some time into the future,” Lackman told TF in a statement.

“We’re hoping that others will be as concerned as us about big companies manipulating the law in order to shut down what they see as competition. We desperately need help in financially supporting our legal defense, we cannot do it alone.

“We’ve run up a legal bill of over $100,000 to date. We’re David, and they are four Goliaths with practically unlimited resources. If we lose, it will mean that new case law is made, case law that could mean increased censorship of the internet.”

In the hope of getting support, TVAddons has launched a fundraiser campaign and in the meantime, a new version of the site is back on a new domain, TVAddons.co.

Given TVAddons’ line of defense, the nature of both the platform and Kodi addons, and the fact that there has already been a serious abuse of process during evidence preservation, this is now one of the most interesting and potentially influential copyright cases underway anywhere today.

TVAddons is being represented by Éva Richard , Hilal Ayoubi and Karim Renno in Canada, plus Erin Russell and Jason Sweet in the United States.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

HBO Got Hacked, Game of Thrones Spoilers Surface Online

Post Syndicated from Ernesto original https://torrentfreak.com/hbo-got-hacked-game-of-thrones-spoilers-surface-online-170801/

It appears that yet another large media outlet has fallen victim to a high-profile hack.

After Sony and, indirectly, Netflix, hackers have now compromised the network of the American cable and television network HBO.

Sunday evening a mysterious email was sent to reporters, announcing the prominent breach.

“Hi to all mankind. The greatest leak of cyber space era is happening. What’s its name? Oh I forget to tell. Its HBO and Game of Thrones……!!!!!!” the email read.

While several reports were published, the first by Entertainment Weekly, the actual leaked files were not widely available on the usual pirate sites. However, a few hours ago a website appeared online that claims to hold the ‘treasure trove.’

Winter-leak.com, a reference to the famous Game of Thrones “Winter is Coming” phrase, does indeed list several files that appear to come from HBO.

“In a complicate operation, we successfully penetrated in to the HBO Internal Network, Emails, technical platforms, and database and got precious and confidential stuff that blaze your eyes,” the hacker, or hackers write on their website.

The hackers claim to have 1.5 terabytes of data from the company. So far, previously unreleased episodes of Ballers, Barry, Insecure and Room 104 are featured on the site. However, there are also three separate archives listed, with over a terabyte of data.

Most prominent, perhaps, is a preliminary outline of the fourth episode of the current Game of Thrones season, which will air this coming Sunday.

At TorrentFreak, we always strive to find proof for reported leaks, and from what we’ve seen and gathered, it does indeed appear to be the real deal. The Game of Thrones information, for example, lists a preliminary outline of the fourth episode of season 7, including many spoilers.

As can be seen below, the outline itself is watermarked by the hackers, with the tagline “HBO is falling.”

Perhaps even more unusual, the leak also includes a video, featuring Game of Thrones images, the leaders, and a textual outline of the episode. As with the outline, the videos are available for the third and fourth episode of season 7.

HBO’s chairman and CEO, Richard Plepler, has confirmed that the company’s infrastructure was breached, but didn’t mention what information was accessed. He sent an email to employees a few hours ago, informing them about the “cyber incident.”

“As most of you have probably heard by now, there has been a cyber incident directed at the company which has resulted in some stolen proprietary information, including some of our programming,” he wrote.

“Any intrusion of this nature is obviously disruptive, unsettling, and disturbing for all of us. I can assure you that senior leadership and our extraordinary technology team, along with outside experts, are working round the clock to protect our collective interests.”

The full contents of the leaks have yet to be analyzed. It’s doubtful that any Game of Thrones episodes will leak, but there’s likely to be a lot of confidential information in the copied data, which HBO would otherwise prefer to keep to itself.

HBO has already mentioned that it’s doing everything in its power to prevent the leaks from spreading any further. In addition, they are also working with law enforcement to track down the people responsible.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Now Kodi ‘Navi-X’ Domains Get Signed Over to Law Firm

Post Syndicated from Andy original https://torrentfreak.com/now-kodi-navi-x-domains-get-signed-over-to-law-firm-170730/

In the wake of the Dish Network lawsuit filed against TVAddons in Texas, the booming Kodi third-party addon scene received its first real taste of corporate power.

With lawyers breathing down their necks, several high-profile Kodi addons took the decision to shut down and even TVAddons itself went offline without explanation.

With very little news surfacing, last week we revealed how three key domains previously operated by TVAddons had ended up in new hands. TVAddons.ag, the site’s main domain, plus Offshoregit.com and XBMCHUB.com, were transferred to Canadian law firm, DrapeauLex.

With no explanations forthcoming from company owner Daniel Drapeau or staff at TVAddons, no solid conclusions could be reached. Was this part of a settlement with Dish Networks or was something unrelated underway?

With everyone involved remaining tight-lipped since, further investigations by TorrentFreak this week have revealed more developments on the domain shifting front, with one in particular catching the eye.

Back in May, one of the oldest and most popular Kodi addons was shut down by its operators. Navi-X, which was used by hundreds of thousands of people, was discontinued after spam, pollution of its indexes, and mislabeled adult content piled on top of general legal fears.

Navi-X was a particularly iconic piece of software. Launched in 2007 by Netherlands-based coder ‘Rodejo,’ it debuted on XBMC (Kodi’s previous name) on the original XBoX. Subsequent success aside, that longevity put the addon into the history books.

So why then is Navi-X’s former main domain now in the hands of the same law firm that’s taken control of TVAddons’ domains?

Now Navi-X’s domain is in the hands of lawyers

Navixtreme.com was first registered in November 2007 and was the key domain associated with Navi-X. For years it was prominently displayed on the addons’ Twitter feed, for example. Another domain – navi-x.org – was registered more recently in February 2017. Both are now under the control of lawyer Daniel Drapeau.

What is unusual about this situation is that Navi-X shut down long before the Dish lawsuit was filed against TVAddons. If TVAddons did indeed shut down because of that lawsuit, why then have the domains of Navi-X been transferred in the same manner as TVAddons’ domains? They certainly weren’t mentioned in the lawsuit so one has to conclude that something else is at play here.

Again, no one wants to talk, but the situation appears to be fluid. In addition to the TVAddons .ag domain that was transferred last week, the law firm has now acquired other TVAddons domains that were registered around the same time, including TVAddons.com, .org, and .TV.

Something unusual is undoubtedly going on in the addon scene but quite where this will all end up is currently anyone’s guess. All the signs point to legal action of some kind but the nature of that is still unclear. That being said, it’s unlikely to remain a secret forever.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

TVStreamCMS Brings Pirate Streaming Site Clones to The Masses

Post Syndicated from Ernesto original https://torrentfreak.com/tvstreamcms-brings-pirate-streaming-site-clones-to-the-masses-170723/

In recent years many pirates have moved from more traditional download sites and tools, to streaming portals.

These streaming sites come in all shapes and sizes, and there is fierce competition among site owners to grab the most traffic. More traffic means more money, after all.

While building a streaming from scratch is quite an operation, there are scripts on the market that allow virtually anyone to set up their own streaming index in just a few minutes.

TVStreamCMS is one of the leading players in this area. To find out more we spoke to one of the people behind the project, who prefers to stay anonymous, but for the sake of this article, we’ll call him Rick.

“The idea came up when I wanted to make my own streaming site. I saw that they make a lot of money, and many people had them,” Rick tells us.

After discovering that there were already a few streaming site scripts available, Rick saw an opportunity. None of the popular scripts at the time offered automatic updates with freshly pirated content, a gap that was waiting to be filled.

“I found out that TVStreamScript and others on ThemeForest like MTDB were available, but these were not automatized. Instead, they were kinda generic and hard to update. We wanted to make our own site, but as we made it, we also thought about reselling it.”

Soon after TVStreamCMS was born. In addition to using it for his own project, Rick also decided to offer it to others who wanted to run their own streaming portal, for a monthly subscription fee.

TVStreamCMS website

According to Rick, the script’s automated content management system has been its key selling point. The buyers don’t have to update or change much themselves, as pretty much everything is automatized.

This has generated hundreds of sales over the years, according to the developer. And several of the sites that run on the script are successfully “stealing” traffic from the original, such as gomovies.co, which ranks well above the real GoMovies in Google’s search results.

“Currently, a lot of the sites competing against the top level streaming sites are using our script. This includes 123movies.co, gomovies.co and putlockers.tv, keywords like yesmovies fmovies gomovies 123movies, even in different Languages like Portuguese, French and Italian,” Rick says.

The pirated videos that appear on these sites come from a database maintained by the TVStreamCMS team. These are hosted on their own servers, but also by third parties such as Google and Openload.

When we looked at one of the sites we noticed a few dead links, but according to Rick, these are regularly replaced.

“Dead links are maintained by our team, DMCA removals are re-uploaded, and so on. This allows users not to worry about re-uploading or adding content daily and weekly as movies and episodes release,” Rick explains.

While this all sounds fine and dandy for prospective pirates, there are some significant drawbacks.

Aside from the obvious legal risks that come with operating one of these sites, there is also a financial hurdle. The full package costs $399 plus a monthly fee of $99, and the basic option is $399 and $49 per month.

TVStreamCMS subscription plans

There are apparently plenty of site owners who don’t mind paying this kind of money. That said, not everyone is happy with the script. TorrentFreak spoke to a source at one of the larger streaming sites, who believes that these clones are misleading their users.

TVStreamCMS is not impressed by the criticism. They know very well what they are doing. Their users asked for these clone templates, and they are delivering them, so both sides can make more money.

“We’re are in the business to make money and grow the sales,” Rick says.

“So we have made templates looking like 123movies, Yesmovies, Fmovies and Putlocker to accommodate the demands of the buyers. A similar design gets buyers traffic and is very, very effective for new sites, as users who come from Google they think it is the real website.”

The fact that 123Movies changed its name to GoMovies and recently changed to a GoStream.is URL, only makes it easier for clones to get traffic, according to the developer.

“This provides us with a lot of business because every time they change their name the buyers come back and want another site with the new name. GoMovies, for instance, and now Gostream,” Rick notes.

Of course, the infringing nature of the clone sites means that there are many copyright holders who would rather see the script and its associated sites gone. Previously, the Hollywood group FACT managed to shut down TVstreamScript, taking down hundreds of sites that relied on it, and it’s likely that TVStreamCMS is being watched too.

For now, however, more and more clones continue to flood the web with pirated streams.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Kim Dotcom Denied Access to Illegally Obtained Spy Recordings

Post Syndicated from Andy original https://torrentfreak.com/kim-dotcom-denied-access-to-illegally-obtained-spy-recordings-170720/

In the months leading up to the infamous raid on Kim Dotcom’s New Zealand mansion and his now defunct cloud storage site Megaupload, the entrepreneur was under surveillance.

Not only were the MPAA and RIAA amassing information, the governments of the United States and New Zealand were neck-deep in the investigation too, using the FBI and local police to gather information. What soon became evident, however, is that the authorities in New Zealand did so while breaking the rules.

Between 16 December 2011 to 22 March 2012, New Zealand used the Government Communications Security Bureau (GCSB) agency to spy on the private communications of Kim and Mona Dotcom, plus Megaupload co-defendant Bram van der Kolk. This was hugely problematic.

GCSB is an intelligence agency of the New Zealand government responsible for spying on external entities. It is forbidden by law from conducting surveillance on its own citizens or permanent residents in the country. His standing in the country meant that Dotcom should not have been spied on.

“Of course I apologize to Mr Dotcom, and I apologize to New Zealanders,” then New Zealand Prime Minister John Key later said.

Since it was established that New Zealand illegally spied on Dotcom, the Megaupload founder has been trying to find out what information the GCSB gathered about him, then wife Mona, and former colleague Bram van der Kolk. According to Dotcom, there was a total of 87 breaches, all of which the government wants to keep secret.

Since then, Dotcom has been fighting to gain access to the information GCSB illegally obtained, while seeking compensation for the damages caused.

In a ruling handed down this morning, the High Court details its findings in respect of a three-day hearing that took place early April 2017, during which GCSB said the raw, unredacted information should be withheld from Dotcom on national security grounds.

GCSB and the government argued that the public interest in the disclosure of the material is outweighed by the public interest in withholding it, adding that the security and defense of New Zealand would be compromised on the world stage.

For their part, the Dotcoms said that nondisclosure of the unredacted documents breaches their rights under the New Zealand Bill of Rights Act 1990. Given that any damages award is directly linked to the extent and nature of the illegal intrusions into their private lives, access to the documents is paramount.

That being the case, they argued that the public interest in disclosure outweighs any public interest in the information being withheld.

This morning, citing a 2013 Court of Appeal verdict that ruled the GCSB didn’t have to release the raw communications, Justice Murray Gilbert insisted that the recordings will not be released.

“A number of the redactions in the discovered documents are to protect the identity or contact details of personnel who were involved in or associated with the operation or copied into email communications concerning it,” Justice Gilbert wrote.

“It is hard to see how any of this information could be relevant to the relief that should be granted in this proceeding. Again, the public interest in withholding disclosure of this information far outweighs any public interest in its disclosure.”

In a statement, Kim Dotcom expressed his frustrations, noting that the government is doing everything it can to suppress details of the illegal surveillance.

“After being caught, the GCSB has fought to keep what it did, and how, a secret from me and from you, the New Zealand public. Worse, it seeks to hide behind ‘national security’ to keep the truth from us,” Dotcom said.

“To keep this secret, the GCSB applied to the High Court. It filed secret evidence and secret submissions. The GCSB’s lawyers were heard in a ‘closed’ court with the Judge, where they made secret submissions and secret witnesses gave secret evidence.”

Dotcom said neither his lawyers nor the public was allowed to be present during the hearing. And when his legal team could be heard, they were significantly hampered in their work.

“When my lawyers were heard, after that hearing, they had to make submissions as to why information they were not allowed to see, for reasons they were not allowed to know, should be disclosed. They were effectively shooting at a moving target, in the dark, with one hand tied behind their backs,” Dotcom said.

The Megaupload founder suggests there is there is a clear double-standard when he has to be tried in public for his alleged crimes, but when it comes to offenses carried out by the government, the process takes place behind closed doors.

“I will appeal this judgment and ask the Court of Appeal to shine some cleansing sunlight on what happened here. If there is transparency, there is accountability, and we can prevent this happening again,” he concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Just How Risky is Internet Piracy in 2017?

Post Syndicated from Andy original https://torrentfreak.com/just-how-risky-is-internet-piracy-in-2017-170715/

The world’s largest entertainment companies in the spheres of music, movies, and gaming would jump for joy if the Internet piracy phenomenon came to a crashing halt tomorrow. (Spoiler: it won’t)

As a result, large sums of money are expended every day in an effort to keep unlawful distribution under control. Over the years there have been many strategies and several of these have involved targeting end users.

The world is a very big place and the tackling of piracy differs from region to region, but what most consumers of unauthorized media want to know is whether they’re putting themselves at risk.

The short answer is that no matter where people are, there is always some level of risk attached to obtaining and using pirate content. The long answer is more nuanced.

BitTorrent and other P2P protocols

By its very nature, using BitTorrent to access copyrighted content comes with a risk. Since downloaders are also distributors and their IP addresses are necessarily public, torrent users are extremely easy to track. In fact, with a minimum of equipment, any determined rightsholder is able spot and potentially uncover the identity of a file-sharer.

But while basic BitTorrent sharing gets a 0/10 for privacy, that’s a bit like saying that a speeding car gets 0/10 for stealth. Like the speeding car, anyone can see the pirating torrent user, but the big question is whether there’s anyone around who intends to do anything about it.

The big surprise in 2017 is that users are still statistically unlikely to face any consequences.

In the United States, for example, where copyright trolling can be a serious issue for those who get caught up in the net, the problem still only affects a tiny, tiny proportion of pirates. A one percent risk of getting snared would be overstating the risk but these are still odds that any gambler would be happy to take.

Surprisingly, pirates are also less likely to encounter a simple friendly warning than they were last year too. The “Six Strikes” Copyright Alerts System operated by the MPAA and RIAA, that set out to advise large volumes of pirates using notices sent via their ISPs, was discontinued in January. Those behind it gave in, for reasons unknown.

This means that millions of torrent users – despite exposing their IP addresses in public while sharing copyrighted content – are doing so without significant problems. Nevertheless, large numbers are also taking precautions, by using anonymization technologies including VPNs.

That’s not to say that their actions are legal – they’re not – but outside the few thousand people caught up in trolls’ nets each year, the vast and overwhelming majority of torrent users (which number well over 100 million) are pirating with impunity.

In the UK, not even trolling is a problem anymore. After a few flurries that seemed to drag on longer than they should, copyright trolls appear to have left the country for more lucrative shores. No cases have gone through the courts in recent times which means that UK users are torrenting pretty much whatever they like, with no legal problems whatsoever.

It’s important to note though, that their actions aren’t going unnoticed. Unlike the United States, the UK has a warning system in place. This means that a few thousand customers of a handful of ISPs are receiving notices each month informing them that their piratey behavior has been monitored by an entertainment company.

Currently, however, there are no punishments for those who are ‘caught’, even when they’re accused of pirating on a number of occasions. At least so far, it seems that the plan is to worry pirates into submission and in some cases that will probably work. Nevertheless, things can easily change when records are being kept on this scale.

Germany aside (which is overrun with copyright trolling activity), a handful of other European countries have also endured relatively small troll problems (Finland, Sweden, Denmark) but overall, file-sharers go about their business as usual across the continent. There are no big projects in any country aiming to punish large numbers of BitTorrent users and only France has an active warning notice program.

Canada and Australia have also had relatively small problems with copyright trolls (the former also has a fairly toothless ISP warning system) but neither country is considered a particularly ‘dangerous’ place to share files using BitTorrent. Like the United States, UK, and Europe, the chances of getting prosecuted for infringement are very small indeed.

Why such little enforcement?

There are a number of reasons for the apparent lack of interest in BitTorrent users but a few bubble up to the top. Firstly, there’s the question of resources required to tackle millions of users. Obviously, some scare tactics could be deployed by hitting a few people hard, but it feels like most companies have moved beyond that thinking.

That’s partly due to the more recent tendency of entertainment groups and governments to take a broader view of infringement, hitting it at its source by strangling funds to pirate sites, hitting their advertisers, blocking their websites, and attempting to forge voluntary anti-piracy schemes with search engines.

It’s also worth noting that huge numbers of people are routinely protecting themselves with VPN-like technology, which allows them to move around the Internet with much improved levels of privacy. Just recently, anti-piracy outfit Rightscorp partly blamed this for falling revenues.

Importantly, however, the nature of infringement has been changing for some time too.

A few years ago, most people were getting their movies and music from torrent sites but now they’re more likely to be obtaining their fix from a streaming source. Accessing the top blockbusters via a streaming site (perhaps via Kodi) is for the most part untraceable, as is grabbing music from one of the hundreds of MP3 portals around today.

But as recent news revealed, why bother with ‘pirate’ sites when people can simply rip music from sites like YouTube?

So-called stream-ripping is now blamed for huge swathes of piracy and as a result, torrent sites get far fewer mentions from anti-piracy groups than they did before.

While still a thorn in their side, it wouldn’t be a stretch to presume that torrent sites are no longer considered the primary problem they once were, at least in respect of music. Now, the ‘Value Gap‘ is more of a headache.

So, in a nutshell, the millions of people obtaining and sharing copyrighted content using BitTorrent are still taking some risks in every major country, and those need to be carefully weighed.

The activity is illegal almost everywhere, punishable in both civil and criminal courts, and has the potential to land people with big fines and even a jail sentence, if the scale of sharing is big enough.

In truth, however, the chances of the man in the street getting caught are so slim that many people don’t give the risks a second thought. That said, even people who drive 10mph over the limit get caught once in a while, so those that want to keep a clean sheet online often get a VPN and reduce the risks to almost 0%.

For people who stream, life is much less complicated. Streaming movies, TV shows or music from an illicit source is untraceable by any regular means, which up to now has made it almost 100% safe. Notably, there hasn’t been a single prosecution of a user who streamed infringing content anywhere in the world. In the EU it is illegal though, so something might happen in future, potentially…..possibly…..at some point….maybe.

And here’s the thing. While this is the general position today, the ‘market’ is volatile and has the ability to change quickly. A case could get filed in the US or UK next week, each targeting 50,000 BitTorrent users for downloading something that came out months ago. Nobody knows for sure so perhaps the best analogy is the one drummed into kids during high-school sex education classes.

People shouldn’t put themselves at risk at all but if they really must, they should take precautions. If they don’t, they could easily be the unlucky one and that is nearly always miserable.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.