Tag Archives: Other

A Survey of Propaganda

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/02/a_survey_of_pro.html

This is an excellent survey article on modern propaganda techniques, how they work, and how we might defend ourselves against them.

Cory Doctorow summarizes the techniques on BoingBoing:

…in Russia, it’s about flooding the channel with a mix of lies and truth, crowding out other stories; in China, it’s about suffocating arguments with happy-talk distractions, and for trolls like Milo Yiannopoulos, it’s weaponizing hate, outraging people so they spread your message to the small, diffused minority of broken people who welcome your message and would otherwise be uneconomical to reach.

As to defense: “Debunking doesn’t work: provide an alternative narrative.”

Pirate Bay Prosecution In Trouble, Time Runs Out For Investigators

Post Syndicated from Ernesto original https://torrentfreak.com/pirate-bay-prosecution-trouble-time-runs-investigators-170227/

pirate bayDecember 2014, The Pirate Bay went dark after police raided the Nacka station, a nuclear-proof datacenter built into a mountain complex near Stockholm.

The hosting facility reportedly offered services to The Pirate Bay, EZTV and several other torrent related sites, which were pulled offline as a result.

The authorities later announced that 50 servers were seized during the raid. And not without success, it seemed. The raid resulted in the longest ever period of downtime for The Pirate Bay, nearly two months, and led to chaos and a revolt among the site’s staffers.

However, despite a new criminal investigation into The Pirate Bay, the site has been operating as usual for a while now. As it now transpires, the raid may not result in any future prosecutions.

According to prosecutor Henrik Rasmusson, who took over the case from Fredrik Ingblad last year, time is running out. Some of the alleged crimes date back more than five years, which is outside the statute of limitations.

“Some of the suspected crimes are from 2011, although the seizures are from 2014. And the statute of limitations on them are five years,” prosecutor Henrik Rasmusson told IDG.

While several years have passed, there’s not much progress to report. The police provided the prosecutor with some updates along the way, but it’s not clear when the investigation will be completed.

“I have over time received new information from the police, but I have not received any clear indication of when the investigation will be completed,” the prosecutor said.

Even if the investigation is finalized, there are still a lot of steps to take before any indictments are ready. Meanwhile, the quality of the evidence isn’t getting any better. Based on his comments, the prosecutor isn’t very optimistic in this regard.

“The oral evidence could get worse because people forget. There may be difficulties with other monitoring data that may have changed or disappeared, such as registers and data restorations,” he said.

This isn’t the first setback for the authorities. Previously, they had to drop one of the main suspects from the case as they lacked sufficient resources to analyze the data that were seized during the raid.

On top of that, people from the Pirate Bay team itself said that if they were indeed the target, the police didn’t have much on them.

According to the TPB team, only one of their servers was confiscated in 2014, and this one was hosted at a different location. The server in question was operated by the moderators and used as a communication channel for TPB matters.

The team said that it chose to pull their actual site offline as a precaution but that relocating to a new home proved to be harder than expected, hence the prolonged downtime.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Top 10 Most Pirated Movies of The Week on BitTorrent – 02/27/17

Post Syndicated from Ernesto original https://torrentfreak.com/top-10-pirated-movies-week-bittorrent-022717/

This week we have two newcomers in our chart.

Fantastic Beasts and Where to Find Them is the most downloaded movie.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.

RSS feed for the weekly movie download chart.

This week’s most downloaded movies are:
Movie Rank Rank last week Movie name IMDb Rating / Trailer
Most downloaded movies via torrents
1 (…) Fantastic Beasts and Where to Find Them 7.6 / trailer
2 (6) Passengers 7.1 / trailer
3 (1) Doctor Strange 8.0 / trailer
4 (5) Assassin’s Creed (Subbed HDRip) 6.3 / trailer
5 (3) Arrival 8.3 / trailer
6 (2) Moana 7.8 / trailer
7 (…) Collateral Beauty 6.6 / trailer
8 (4) Hacksaw Ridge 8.5 / trailer
9 (10) Jack Reacher: Never Go Back 6.3 / trailer
10 (8) La La Land (DVDscr) 8.8 / trailer

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

The Fantasyland Code of Professionalism is an abuser’s fantasy

Post Syndicated from Matthew Garrett original http://mjg59.dreamwidth.org/46791.html

The Fantasyland Institute of Learning is the organisation behind Lambdaconf, a functional programming conference perhaps best known for standing behind a racist they had invited as a speaker. The fallout of that has resulted in them trying to band together events in order to reduce disruption caused by sponsors or speakers declining to be associated with conferences that think inviting racists is more important than the comfort of non-racists, which is weird in all sorts of ways but not what I’m talking about here because they’ve also written a “Code of Professionalism” which is like a Code of Conduct except it protects abusers rather than minorities and no really it is genuinely as bad as it sounds.

The first thing you need to know is that the document uses its own jargon. Important here are the concepts of active and inactive participation – active participation is anything that you do within the community covered by a specific instance of the Code, inactive participation is anything that happens anywhere ever (ie, active participation is a subset of inactive participation). The restrictions based around active participation are broadly those that you’d expect in a very weak code of conduct – it’s basically “Don’t be mean”, but with some quirks. The most significant is that there’s a “Don’t moralise” provision, which as written means saying “I think people who support slavery are bad” in a community setting is a violation of the code, but the description of discrimination means saying “I volunteer to mentor anybody from a minority background” could also result in any community member not from a minority background complaining that you’ve discriminated against them. It’s just not very good.

Inactive participation is where things go badly wrong. If you engage in community or professional sabotage, or if you shame a member based on their behaviour inside the community, that’s a violation. Community sabotage isn’t defined and so basically allows a community to throw out whoever they want to. Professional sabotage means doing anything that can hurt a member’s professional career. Shaming is saying anything negative about a member to a non-member if that information was obtained from within the community.

So, what does that mean? Here are some things that you are forbidden from doing:

  • If a member says something racist at a conference, you are not permitted to tell anyone who is not a community member that this happened (shaming)
  • If a member tries to assault you, you are not allowed to tell the police (shaming)
  • If a member gives a horribly racist speech at another conference, you are not allowed to suggest that they shouldn’t be allowed to speak at your event (professional sabotage)
  • If a member of your community reports a violation and no action is taken, you are not allowed to warn other people outside the community that this is considered acceptable behaviour (community sabotage)

Now, clearly, some of these are unintentional – I don’t think the authors of this policy would want to defend the idea that you can’t report something to the police, and I’m sure they’d be willing to modify the document to permit this. But it’s indicative of the mindset behind it. This policy has been written to protect people who are accused of doing something bad, not to protect people who have something bad done to them.

There are other examples of this. For instance, violations are not publicised unless the verdict is that they deserve banishment. If a member harasses another member but is merely given a warning, the victim is still not permitted to tell anyone else that this happened. The perpetrator is then free to repeat their behaviour in other communities, and the victim has to choose between either staying silent or warning them and risk being banished from the community for shaming.

If you’re an abuser then this is perfect. You’re in a position where your victims have to choose between their career (which will be harmed if they’re unable to function in the community) and preventing the same thing from happening to others. Many will choose the former, which gives you far more freedom to continue abusing others. Which means that communities adopting the Fantasyland code will be more attractive to abusers, and become disproportionately populated by them.

I don’t believe this is the intent, but it’s an inevitable consequence of the priorities inherent in this code. No matter how many corner cases are cleaned up, if a code prevents you from saying bad things about people or communities it prevents people from being able to make informed choices about whether that community and its members are people they wish to associate with. When there are greater consequences to saying someone’s racist than them being racist, you’re fucking up badly.

comment count unavailable comments

Torrent Legend Mininova Will Shut Down For Good

Post Syndicated from Ernesto original https://torrentfreak.com/torrent-legend-mininova-will-shut-down-for-good-170226/

In December 2004, the demise of the mighty Suprnova left a meteor crater in the fledgling BitTorrent landscape.

This gaping hole was soon filled by the dozens of new sites that emerged to fulfill the public’s increasing demands for torrents. Mininova soon became the most successful of them all.

Mininova was founded by five Dutch students just a month after Suprnova closed its doors. The site initially began as a hobby project, but in the years that followed the site’s founders managed to turn it into a successful business that generated millions of dollars in revenue.

With this success also came legal pressure. Even though the site complied with takedown requests, copyright holders were not amused. In 2009 this eventually resulted in a lawsuit filed by local anti-piracy outfit BREIN, which Mininova lost.

As a result, the site had to remove all infringing torrents, a move which ended its reign. The site remained online but instead of allowing everyone to upload content, Mininova permitted only pre-approved publishers to submit files.

Now, more than seven years after “going legal” the site will shut down for good. A notice published on the website urges uploaders to back up their files before April 4th, when the plug will be pulled.

Mininova’s shutting down

The decision doesn’t mean that the legal contribution platform was a total failure. In fact, over 950 million ‘legal’ torrents were downloaded from Mininova in recent years. However, the site’s income couldn’t make up for the costs.

“All goods things come to an end, and after more than 12 years we think it’s a good time to shut down the site which has been running at a loss for some years,” Mininova co-founder Niek tells TorrentFreak.

Looking back, Mininova has many great memories. The site’s users have always been very grateful, for example, and there were also several artists who thanked the site’s operators for offering them a great promotional tool.

“The support from our users was especially amazing to experience, millions of people used the site on a daily basis and we got many emails each day – ranging from a simple ‘thank you’ to some extensive story how a specific upload made their day,” Niek says.

“The feedback from artists was great to see as well, many thanked us for promoting their content, as some of them broke through and signed with labels as a result,” he adds.

The file-sharing and piracy ecosystem has changed quite a bit since Mininova’s dominance. File-hosting services became more popular first, and nowadays streaming sites and tools with slick user interfaces are the new standard.

Torrent sites, on the other hand, show little progress according to Mininova’s founder, who believes that the growth of legal services could make them less relevant in the future.

“We haven’t seen many changes in the last decade – the current torrent sites look very similar to what Mininova did twelve years ago,” Niek says.

“With content-specific distribution platforms such as Spotify and Netflix becoming more and more widespread and bandwidth becoming cheaper, there might be less of a need for torrent sites in the future.”

The original founders of Mininova have moved on as well. They’re no longer students and have parted ways, moving on to different projects and ventures. Now and then, however, they look back at how their lives looked ten years ago, with a smile.

“Overall we’re happy that we have been a part of the history of the Internet,” Niek concludes.

“We want to thank everybody who has been around and supported us through the times! Without our users, there would have been no Mininova. So THANK YOU!”

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Russia Drafts Legislation to Remove Pirate Sites From Search Engines

Post Syndicated from Andy original https://torrentfreak.com/russia-drafts-legislation-remove-pirate-sites-search-engines-170226/

Copyright holders all over the world believe that search engines play a crucial role in the piracy ecosystem. They argue that when seeking out content, people often use sites like Google, which can lead them to infringing material on pirate sites.

Entertainment companies can address the problem by sending takedown notices, but they insist that’s a very inefficient process. Pirate content is way too visible in search results, they argue, particularly when it appears in the first few pages of results.

With most countries continuing to grapple with the issue, it now appears that Russia intends to legislate against it. This week, Prime Minister Dmitry Medvedev submitted a draft bill to parliament that will force search engines to remove specified pirate sites from their results.

Developed by the Ministry of Communications, the bill will compel search companies such as Google and local giant Yandex to deindex sites that have failed to respond to takedown requests on several occasions, perhaps as little as twice.

One such example is huge torrent site RuTracker, which was blocked by local ISPs following an order from the Moscow City Court. RuTracker was effectively told to remove around 320,000 torrents to avoid a ban but chose not to do so after running a poll among its users. Under current legislation, RuTracker is now blocked for life, and if the new law is passed, all of its pages will disappear from search engines.

The draft bill also targets counter-measures employed by sites attempting to circumvent ISP blockades.

Often, when one domain is blocked, sites will buy new domains in an effort to keep going. Others will use proxy sites and even full-scale mirrors to stay one step ahead of the court. The bill refers to all of these options as “derivative sites” and will allow for them to be blocked without further court process.

The bill was approved during a government meeting on February 17 and will now pass through its various parliamentary stages before becoming law.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

All Oscar Nominees Are Available on Pirate Sites

Post Syndicated from Ernesto original https://torrentfreak.com/all-oscar-nominees-are-available-on-pirate-sites-170225/

The Oscars is the most watched awards show of the year, closely followed by hundreds of millions of movie fans around the world.

This week Hollywood’s finest are gathering at the red carpet once again. While they associate the celebration with eternal fame and recognition, for online pirates it’s a highly anticipated event as well.

Traditionally, Oscar winners tend to do very well in pirate circles, so we decided to take a look at the availability of this year’s contenders through unauthorized channels.

Relying on data from Oscar piracy watcher Andy Baio, we see that all nominated* films are now available on pirate sites, most in decent quality too. There’s only one film that hasn’t been released as a screener, Blu-Ray or other high-quality rip, and that’s “Rogue One: A Star Wars Story.”

Ironically, the Star Wars movie was one of the most anticipated releases during the screener season and despite various teases and rumored leaks, it hasn’t come out yet. Instead, Star Wars pirates have had to settle for a HDTS copy.

Another issue that deserves a closer look is the availability of leaked screener copies.

For well over a decade, pirated screeners of the latest movies have started to leak online around December. Ironically, many of these titles leaked from DVD screener copies which were sent out to reviewers, including Academy members who vote for the Oscars.

This year, however, “screener season” started out a bit different than before. Previously, the first leaked screeners always came out before December 16th but this time it remained quiet.

When Christmas came there were still no leaked screeners, and it took until early January before the ball started rolling.

The silence was broken with a release of the Denzel Washington movie Fences and soon after more and more screeners appeared online. While some feared that screener season would never be the same again, at the end of the road it turned out to be a relatively regular year.

With just a few hours to go before the awards ceremony, a total of 14 screeners of nominated films have leaked online, which is comparable to previous years.

Screener leaks of Oscar nominees

The chart above shows an overview of the screener leaks per year. These are only for movies that eventually received an Academy Awards nomination*, so the total number will be even higher.

Finally, it’s worth noting that despite the widespread availability of pirate copies, screener leaks appear to be under a bit of pressure. Like previous years, most of the leaked screeners have been released by Hive-CM8.

This means that one group has to carry a pretty heavy burden. If they stop doing what they do, the screener supply could be severely limited.

That said, the focus on screeners might be a bit overstated. Except for a few prominent leaks, the interest in screener copies is not significantly higher than the average HDrip or Blu-Ray release, which are still widely available.

Foreign film and documentary categories are not included

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

HBO Goes After ‘Online’ Pirates in the Caribbean

Post Syndicated from Ernesto original https://torrentfreak.com/hbo-goes-after-online-pirates-in-the-caribbean-170225/

HBO’s daughter company in Latin America, HBO LA, is not happy with the rampant piracy that’s taking place in the Caribbean.

Earlier this month the company submitted its latest 301 ‘watch list’ submission to the U.S. Government, urging the authorities to take appropriate action.

HBO is steadily expanding its services to the Caribbean and Central American regions. However, their efforts to roll out legitimate services are frustrated by local pirates. These aren’t just individual pirates, large cable operators are in on it too.

“…a lack of enforcement by Caribbean and Central American governments is allowing local cable operators to build substantial enterprise value by increasing their subscriber base through offering pirated content,” HBO LA writes (pdf).

The same goes for hotels, which treat their visitors to prime HBO programming without paying a proper license.

“In addition to piracy by large cable providers, non-U.S. owned hotel chains on a variety of islands are known to pirate content exclusively licensed to HBO LA by using their own onsite facilities or obtaining service from cable operators who pirate,” HBO LA informs the government.

Piracy by cable operators and hotels is not new. HBO has reported these issues to the authorities before, but thus far little has changed. In the meantime, however, the company has started to notice another worrying trend.

Online piracy has started to become more prevalent, with many stores now selling IPTV boxes and other devices that allow users to access HBO content without permission.

“In the past year, HBO LA continued to see a significant increase in the problem of online piracy of its service throughout all of HBO LA’s territory,” HBO LA writes.

“In the Caribbean, several brick-and-mortar stores customarily sell Roku or generic Android set-top devices (like the Mag250, Avov, and the MXIII) preinstalled with an unlicensed streaming service and offering a few hundred channels of content, including content for which HBO LA holds exclusive license in the territory.”

A Facebook ad highlighted by HBO LA

The company lists various examples of stores that offer these kinds of products including the Gizmos and Gadgets Electronics store in Guyana. This store sells Roku devices with an unlicensed streaming service called “ROKU TV” pre-installed.

By selling “pirate” subscriptions to thousands of customers the company is making over a million dollars per year, HBO estimates. And more recently the same store started to sell a subscription-less service as well.

“Additionally, Gizmos and Gadgets Electronics has recently started offering a second integrated hardware and service device known as the Gizmo TV BOX, which offers over 200 channels with no monthly fee,” HBO LA writes.

This is just one example of the many that are listed by the Latin American daughter of HBO.

The cable provider says it’s already taken various steps to stop the different types of infringements but hopes that U.S. authorities will help out where local governments fail. Towards the end of their submission, HBO LA encourages the United States Trade Representative to apply appropriate pressure and threats, to turn the tide.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Swedish Internet Users Face New Wave of Piracy Cash Demands

Post Syndicated from Andy original https://torrentfreak.com/swedish-internet-users-face-new-wave-of-piracy-cash-demands-170225/

Last year, mass ‘copyright-trolling’ hit Sweden for the first time. An organization calling itself Spridningskollen (Distribution Check) claimed its new initiative would save the entertainment industries and educate the masses.

Predictably there was a huge backlash, both among the public and in the media, something which eventually led the group to discontinue its operations in the country. Now, however, a new wave of trolling is about to hit the country.

Swedish publication Breakit.se reports that a major new offensive is about to begin, with a Danish law firm Njord and movie company Zentropa at the helm.

The companies are targeting the subscribers of several ISPs, including Telia, Tele2 and Bredbandsbolaget, the provider that will shortly begin blocking The Pirate Bay. It’s not clear how many people will be targeted but Breakit says that many thousands of IP addresses cover 42 pages of court documents.

Bredbandsbolaget confirmed that a court order exists and it will be forced to hand over the personal details of its subscribers.

“The first time we received such a request, we appealed because we do not think that the privacy-related sacrifice is proportionate to the crimes that were allegedly committed. Unfortunately we lost and must now follow the court order,” a spokesperson said.

It appears the trolls are taking extreme measures to ensure that ISPs comply. Some Swedish ISPs have a policy of deleting IP address logs but earlier this week a court ordered Telia to preserve data or face a $22,000 fine.

Jeppe Brogaard Clausen of the Njord lawfirm says that after identifying the subscribers he wants to “enter into non-aggressive dialogue” with them. But while this might sound like a friendly approach, the ultimate aim will be to extract money. It’s also worth considering who is behind this operation.

The BitTorrent tracking in the case was carried out by MaverickEye, a German-based company that continually turns up in similar cases all over Europe and the United States. The company and its operator Patrick Achache are part of the notorious Guardaley trolling operation.

Also of interest is the involvement of UK-based Copyright Management Services Ltd, whose sole director is none other than Patrick Achache himself. The company is based at the same London address as fellow copyright trolling partner Hatton and Berkeley, which previously sent cash settlement demands to Internet users in the UK.

In addition to two Zentropa titles, the movies involved in the Swedish action are CELL, IT, London Has Fallen, Mechanic: Resurrection, Criminal and September of Shiraz. All have featured in previous Guardaley cases in the United States.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

A quick note about iconoclasm

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/02/a-quick-note-about-iconoclasm.html

I’m an iconoclast [*]. Whenever things become holy, whereby any disagreement is treated as heresy, then I disagree. There are two reasonable sides to every argument. When you vilify one of the sides in the argument, then I step into defend them — not that they are right, but that they are reasonable.

This makes many upset, because once a cause has become Holy, anybody disagreeing with orthodoxy (like me) is then, by definition, a horrible person. I get things like the image to the right.

(Please don’t harass/contact this person — she believes what many do, and singling her out would be mean).

For the record, I’m rabidly feminist, anti-racist, pro-LGBT, pro-civil-rights. It’s just that while I care a lot, I’m not Orthodox. I likely disagree with you about the details. When you vilify those who disagree with you, I will defend them.

…which is the best troll, ever. Admitting somebody is wrong, but defending them as reasonable, seems to upset people more than just arguing the other side is right.

Anti-Piracy Measures Shouldn’t Stifle Free Speech, EFF Says

Post Syndicated from Ernesto original https://torrentfreak.com/anti-piracy-measures-shouldnt-stifle-free-speech-eff-says-170224/

Still undecided about the future of the DMCA law, the U.S. Government’s Copyright Office extended its public consultation to evaluate the effectiveness of the Safe Harbor provisions.

The study aims to signal problems with the current takedown procedures and addresses ISPs’ repeat infringer policies, copyright takedown abuses, and the ever-increasing volume of DMCA notices.

Together with various rightsholders and Internet services, the Electronic Frontier Foundation (EFF) also submitted its recommendations this week. The digital rights group believes that the current law works as it should, and warns against a copyright enforcement expansion.

The Internet provides a crucial role in facilitating freedom of expression, something that shouldn’t be limited by far-reaching anti-piracy measures, the organization argues.

“Internet intermediaries provide the backbone for Internet users’ expression and are key to the public’s ability to exercise these rights,” EFF writes in its submission.

“Accordingly, the public has a strong interest in ensuring that the Internet remains a viable and accessible platform for free expression and innovation, and in ensuring that online platforms don’t unduly remove, filter, or block speech from the Internet.”

One of the areas of interest for the Copyright Office is how to deal with repeat infringers. The DMCA law requires Internet providers to have a repeat infringer policy in place, but stakeholders have different views on what these should look like.

According to the EFF, however, terminating people’s Internet access is much more than a slap on the wrist, as it can severely impede people’s ability to function in today’s society.

“Conduit ISPs serve as the bridge between their subscribers and the entire Internet. Terminating a subscriber’s Internet access account imposes a far more significant penalty that merely cutting off access to a single Internet service.”

Nowadays, terminating an Internet account often means that the entire household will be affected. The EFF warns that as a result, many people will lose access to important information and tools, which are needed for school, jobs, and even government services.

“Indeed, as former President Obama stated, Internet access today is ‘not a luxury, it’s a necessity’,” the EFF adds.

Another question posted by the Copyright Office deals with the necessity for anti-piracy filters. Yesterday, the RIAA and other music groups spoke out in favor of automated filters but the EFF fiercely opposes the idea.

One of the problems the group signals is that filtering will require Internet services to monitor their users’ activity, causing privacy concerns. In addition these filters will also be imprecise, targeting content that’s considered fair use, for example.

Finally, automated filters will require Internet services to police the Internet, which can be quite costly and stifle free speech at the same time.

“…by shifting the burden and cost of enforcement away from copyright holders and onto service providers, these proposals would stifle competition for Internet services, exacerbate current problems with the notice and takedown system, and increase the risk that valuable, lawful speech will be silenced,” the EFF writes.

The same free speech argument also applies to site-blocking initiatives. According to the EFF, such blocking efforts also restrict access to legitimate material. At the same time, the measures are far from effective.

“Site-blocking often has broader impacts on lawful online speech than intended. When entire domains are blocked, every other page hosted by those domains are subject to the block, regardless of whether they contain infringing content.

“Site-blocking is also largely ineffective at stemming online copyright infringement. Many sites are able to relaunch at new URLs, and users are often able to circumvent blocks using VPNs and the Tor browser,” the group adds.

In summary, the EFF concludes that overall the current law works pretty well and the group warns the Copyright Office not to give in to the broad “filter-everything” push from major copyright industry groups.

The EFF’s full submission to the U.S. Copyright office is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Cloudflare Reverse Proxies are Dumping Uninitialized Memory

Post Syndicated from ris original https://lwn.net/Articles/715535/rss

Thanks to Josh Triplett for sending us this chromium
bug report
about a dump of unitialized memory caused by Cloudflare’s
reverse proxies. “A while later, we figured out how to reproduce the
problem. It looked like that if an html page hosted behind cloudflare had a
specific combination of unbalanced tags, the proxy would intersperse pages
of uninitialized memory into the output (kinda like heartbleed, but
cloudflare specific and worse for reasons I’ll explain later). My working
theory was that this was related to their “ScrapeShield” feature which
parses and obfuscates html – but because reverse proxies are shared between
customers, it would affect *all* Cloudflare customers. We fetched a few live samples, and we observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security.

1000 Raspberry Pi Certified Educators

Post Syndicated from James Robinson original https://www.raspberrypi.org/blog/1000-raspberry-pi-certified-educators/

This week, we trained our 1000th Raspberry Pi Certified Educator at a Picademy in Cardiff, south Wales. These teachers, librarians and other educators are now equipped to begin sharing the power of digital making with their learners, their local communities and their peers.

An animated gif: a group of new Raspberry Pi Certified Educators celebrate by pulling party poppers

Our newest Raspberry Pi Certified Educators: now there are 1000 of them!

Picademy is a free CPD programme that gives educators the skills and knowledge to help learners get creative with computing. Classroom teachers, museum educators, librarians, educator coaches, and community educators can all apply. You don’t need any previous experience, just an enthusiasm for teaching computing and digital making.

Apply for Picademy

We’ve just announced the dates and venues for Picademy in the US throughout 2017. Take a look at the schedule of UK Picademy events for this year: we’ve just added some new dates. Check out what educators say about Picademy.

Are you interested? DO IT. APPLY.

Demand for Picademy places is always high, and there are many parts of the world where we don’t yet offer Picademy. In order to reach more people, we provide two free online training courses which are available anywhere in the world. They’re especially relevant to educators, but anyone can take part. Both started this week, but there’s still time to join. Both courses will run again in the future.

Hello World

Wherever you are, you can also read Hello World, our new magazine about computing and digital making written by educators, for educators. It’s free online as a downloadable PDF, and it’s available to UK-based educators in print, free of charge. In its pages over the next issues, we know we’ll see some of our first 1000 Raspberry Pi Certified Educators inspire some of our second 1000.

We hope that you, too, will join this creative, supportive community!

The post 1000 Raspberry Pi Certified Educators appeared first on Raspberry Pi.

Lawmakers Won’t Force Google to Police Piracy but Doubt Voluntary Code

Post Syndicated from Andy original https://torrentfreak.com/lawmakers-wont-force-google-police-piracy-doubt-voluntary-code-170224/

Following a Digital Economy Bill committee earlier this month, it was revealed that copyright holders and search engines were close to finalizing a voluntary anti-piracy code. This Monday, it became reality.

Under this agreement, search engines will optimize their algorithms to demote pirated content in search results, with the aim of making infringing content less visible and legal content more so. The system is due to begin in earnest during early summer but what if it doesn’t do its job?

That eventuality has been discussed as part of the negotiations surrounding the Digital Economy Bill, with some lawmakers supporting an amendment which would give the Secretary of State the power to force Google and other search engines to tackle piracy, if the voluntary route fails.

To the relief of Google and the disappointment of rightsholders, this week the amendment was withdrawn but those in favor of the legislation didn’t go quietly. Lord Stevenson of Balmacara was particularly vocal after reading out a portion of the code (shown below) relating to the demoting of sites that receive large numbers of DMCA-style notices.

[T]o more effectively use such notices to demote domains demonstrated to be dedicated to infringement, and to work collaboratively with rights holders to consider other technically reasonable, scalable avenues empirically demonstrated to help materially reduce the appearance of illegitimate sites in the top search rankings

“I could read that again, because you would probably need to hear it again to have the faintest idea what we are talking about,” he said.

“I fear that it smacks of either a lowest common denominator approach or some hard arm-wrestling in the corridors where the discussion took place to get something that looks reasonable on paper.

“It does not smack of a real commitment to scourge out the terrible way in which search engines have referred people who should have known better to material that was not cleared for copyright and should not have been made available to them through that route.”

While Lord Stevenson clearly wasn’t happy, he did reveal some more information on how the code will be managed.

The Minister of State for Intellectual Property will oversee its implementation, supported by quarterly meetings of all parties involved. The Minister will also “set requirements for reporting by search engines and rights holders on any matter herein, including in particular those matters where the Code of Practice calls for ongoing discussion.”

Then, after a year of operation, the effectiveness of the code will be reviewed to ensure “continuing progress towards achieving the Shared Objectives.”

What those objectives are will remain a mystery, however. In response to Lord Stevenson’s request to see a copy of the code, Baroness Buscombe said that wouldn’t be possible.

“We do not plan to publish the code in full because details about the number of copyright infringement reports a site can receive before it is demoted might allow pirates to game the system. We are, however, very happy to share the commitments in the code in more general terms,” she said.

Baroness Buscombe went on to ask for the amendment to be dropped and that was followed by a spirited response from Lord Stevenson.

“I cannot see this agreement lasting and believe that there will have to be a backstop power at some stage,” he said.

“At the moment, it is a ‘large copyright holders against large search engines’ agreement, and on that level it might operate. I do not think it will be effective. I do not think it is sustainable because there will be new people coming in and business models and practices will change — we cannot foresee that.”

And with that the amendment was withdrawn and with it any chance of forcing search engines into compliance by law for the foreseeable future. Only time will tell how things will play out but as the wording of the paragraph cited by Lord Stevenson shows, there is plenty of room for manoever.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Now Available – I3 Instances for Demanding, I/O Intensive Applications

Post Syndicated from Jeff Barr original https://aws.amazon.com/blogs/aws/now-available-i3-instances-for-demanding-io-intensive-applications/

On the first day of AWS re:Invent I published an EC2 Instance Update and promised to share additional information with you as soon as I had it.

Today I am happy to be able to let you know that we are making six sizes of our new I3 instances available in fifteen AWS regions! Designed for I/O intensive workloads and equipped with super-efficient NVMe SSD storage, these instances can deliver up to 3.3 million IOPS at a 4 KB block and up to 16 GB/second of sequential disk throughput. This makes them a great fit for any workload that requires high throughput and low latency including relational databases, NoSQL databases, search engines, data warehouses, real-time analytics, and disk-based caches. When compared to the I2 instances, I3 instances deliver storage that is less expensive and more dense, with the ability to deliver substantially more IOPS and more network bandwidth per CPU core.

The Specs
Here are the instance sizes and the associated specs:

Instance Name vCPU Count Memory
Instance Storage (NVMe SSD) Price/Hour
i3.large 2 15.25 GiB 0.475 TB $0.15
i3.xlarge 4 30.5 GiB 0.950 TB $0.31
i3.2xlarge 8 61 GiB 1.9 TB $0.62
i3.4xlarge 16 122 GiB 3.8 TB (2 disks) $1.25
i3.8xlarge 32 244 GiB 7.6 TB (4 disks) $2.50
i3.16xlarge 64 488 GiB 15.2 TB (8 disks) $4.99

The prices shown are for On-Demand instances in the US East (Northern Virginia) Region; see the EC2 pricing page for more information.

I3 instances are available in On-Demand, Reserved, and Spot form in the US East (Northern Virginia), US West (Oregon), US West (Northern California), US East (Ohio), Canada (Central), South America (São Paulo), EU (Ireland), EU (London), EU (Frankfurt), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Mumbai), Asia Pacific (Sydney), and AWS GovCloud (US) Regions. You can also use them as Dedicated Hosts and as Dedicated Instances.

These instances support Hardware Virtualization (HVM) AMIs only, and must be run within a Virtual Private Cloud. In order to benefit from the performance made possible by the NVMe storage, you must run one of the following operating systems:

  • Amazon Linux AMI
  • RHEL – 6.5 or better
  • CentOS – 7.0 or better
  • Ubuntu – 16.04 or 16.10
  • SUSE 12
  • SUSE 11 with SP3
  • Windows Server 2008 R2, 2012 R2, and 2016

The I3 instances offer up to 8 NVMe SSDs. In order to achieve the best possible throughput and to get as many IOPS as possible, you can stripe multiple volumes together, or spread the I/O workload across them in another way.

Each vCPU (Virtual CPU) is a hardware hyperthread on an Intel E5-2686 v4 (Broadwell) processor running at 2.3 GHz. The processor supports the AVX2 instructions, along with Turbo Boost and NUMA.

Go For Launch
The I3 instances are available today in fifteen AWS regions and you can start to use them right now.

Jeff;

 

Warner Bros. Settles With Company That Leaked Oscar Screeners

Post Syndicated from Andy original https://torrentfreak.com/warner-bros-settles-with-company-that-leaked-oscar-screeners-170223/

Perfect copies of movies still in theaters are relatively hard to come by, unless you know someone with access to DVD screeners, that is.

These discs are often given out to awards voters “for their consideration” and are supposed to be handled extremely securely so that they don’t fall into the wrong hands.

Nevertheless, every year screeners end up on torrent sites, much to the disappointment of movie companies.

Two titles that leaked back in 2015 were Creed and In the Heart of the Sea but their route to the Internet was a particularly unusual one. After obtaining the discs legally on behalf of its clients, talent agency Innovative Artists used ripping software to copy the movies to its own digital distribution platform.

Quite clearly its security was lacking, as notorious pirate group Hive-CM8 obtained copies of the movies and dumped them online. Both were watermarked, however, which allowed content security company Deluxe Entertainment Services to trace the copies back to Innovative Artists.

In response, Warner Bros. filed a lawsuit against the company last October. Warner pulled no punches, accusing Innovative Artists of using illegal software to circumvent the protection on the discs before placing them on an illegal distribution platform.

The agency publicly apologized for its actions but added that it was surprised by the lawsuit. It had cooperated with Warner right from the beginning in an effort to put things right, so the legal action came out of the blue.

Now, however, the dispute appears to be have been sorted out. According to information received by THR, Warner Bros. and Innovative Artists have come to some kind of settlement agreement.

No court documents have yet been filed to indicate that a settlement has been reached. That being said, it’s rare for such agreements to be made fully public so any terms could remain confidential, even when the notice of dismissal appears. THR says it contacted both parties for comment but neither side provided any information.

Meanwhile, Hive-CM8 have continued releasing copies of leaked DVD screeners over the past several weeks, showing that when one route of supply closes, another one opens.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

s2n Is Now Handling 100 Percent of SSL Traffic for Amazon S3

Post Syndicated from Stephen Schmidt original https://aws.amazon.com/blogs/security/s2n-is-now-handling-100-percent-of-of-ssl-traffic-for-amazon-s3/

s2n logo

In June 2015, we introduced s2n, an open-source implementation of the TLS encryption protocol, making the source code publicly available under the terms of the Apache Software License 2.0 from the s2n GitHub repository. One of the key benefits to s2n is far less code surface, with approximately 6,000 lines of code (compared to OpenSSL’s approximately 500,000 lines). In less than two years, we’ve seen significant enhancements to s2n, with more than 1,000 code commits, plus the addition of fuzz testing and a static analysis tool, tis-interpreter.

Today, we’ve achieved another important milestone for securing customer data: we have replaced OpenSSL with s2n for all internal and external SSL traffic in Amazon Simple Storage Service (Amazon S3) commercial regions. This was implemented with minimal impact to customers, and multiple means of error checking were used to ensure a smooth transition, including client integration tests, catching potential interoperability conflicts, and identifying memory leaks through fuzz testing.

It was only last week that AWS CEO Andy Jassy reiterated something that’s been a continual theme for us here at AWS: “There’s so much security built into cloud computing platforms today, for us, it’s our No. 1 priority—it’s not even close, relative to anything else.” Yes, security remains our top priority, and our commitment to making formal verification of automated reasoning more efficient exemplifies the way we think about our tools and services. Making encryption more developer friendly is critical to what can be a complicated architectural universe. To help make security more robust and precise, we put mechanisms in place to verify every change, including negative test cases that “verify the verifier” by deliberately introducing an error into a test-only build and confirming that the tools reject it.

If you are interested in using or contributing to s2n, the source code, documentation, commits, and enhancements are all publicly available under the terms of the Apache Software License 2.0 from the s2n GitHub repository.

– Steve

Google: 99.95% of Recent ‘Trusted’ DMCA Notices Were Bogus

Post Syndicated from Andy original https://torrentfreak.com/google-99-95-of-recent-trusted-dmca-notices-were-bogus-170222/

Under current legislation, US-based Internet service providers are not expected to proactively police infringing user content. They are, however, expected to remove it, if a copyright holder complains.

The so-called ‘safe harbor’ that providers enjoy as a result of such cooperation is currently under the microscope, following rightsholder complaints that the Digital Millenium Copyright Act is failing them.

To address these concerns, the U.S. Copyright Office has been running an extended public consultation. As noted earlier, the RIAA and other music groups just submitted their comments and Google have now added theirs.

In contrast to the music groups who believe that the DMCA is “failing”, Google believes otherwise. Noting that rogue sites have been driven out of the United States by an effective DMCA, the search giant suggests leaving the law intact while encouraging voluntary mechanisms between content owners and providers.

“In short, the DMCA has proven successful at fostering ongoing collaboration between rightsholders and online service providers, a collaboration that continues to pay dividends both in the U.S. and in international contexts,” Google writes.

The company highlights its YouTube-based Content ID as one such collaboration, with the system helping creators take down or monetize infringing content, as they see fit. Google also cites the benefits afforded by the takedown tools it provides to rightsholders in respect of Google search.

“First, in recent years, Google has streamlined its submission process, enabling rightsholders to send more notices more easily (while still continuing to reduce the average time to resolution to under six hours),” the company notes.

“Second, Google has provided new incentives to make heavy use of the DMCA takedown system. We now use the number of valid DMCA requests a domain has received as one of the inputs in making ranking determinations in search results, so rightsholders seeking to take advantage of this signal have further incentive to file notices.”

But while Google supports the current takedown provisions, there are problems. The company says that a significant portion of the recent increases in DMCA submission volumes stem from notices that are either duplicate, unnecessary, or bogus.

“A substantial number of takedown requests submitted to Google are for URLs
that have never been in our search index, and therefore could never have appeared in our search results,” Google states.

“For example, in January 2017, the most prolific submitter submitted notices that Google honored for 16,457,433 URLs. But on further inspection, 16,450,129 (99.97%) of those URLs were not in our search index in the first place.”

This kind of rampant abuse was highlighted in our recent report which revealed that one small site had millions of bogus notices filed against it. But, according to Google, that’s just the tip of the iceberg.

“In total, 99.95% of all URLs processed from our Trusted Copyright Removal Program in January 2017 were not in our index,” the company reveals.

But despite the abuse, Google is apparently giving these ‘trusted’ submitters some wiggle room to be creative. In a rather unexpected move, the search giant says that it now accepts takedown notices for URLs that don’t exist, to ensure that they never appear in future search results.

While copyright holders will presumably enjoy that feature, it is a fairly curious move. A proactive takedown of a non-existent URL necessarily happens in advance of any determination of whether that URL is infringing, which goes way beyond any legislation currently being demanded.

That being said, some of these non-existent (and essentially fabricated) URLs do eventually turn up in Google search, albeit at a tiny rate.

“Of the 35,000,000 URLs we processed in the latter half of September 2016 that were not in our index, fewer than 2% of those would have made it into our index in the intervening four months; notices for the other 98% therefore were at best unnecessary,” Google says.

“Many of these submissions appear to be generated by merely scrambling the words in a search query and appending that to a URL, so that each query makes a different URL that nonetheless leads to the same page of results,” it adds, referencing an earlier TF report.

Overall, however, Google seems comfortable with the current notice-and-takedown framework, noting that a “robust ecosystem” of companies with expertise in sending takedown requests is being bolstered by voluntary service provider measures that already go beyond the requirements of Section 512 of the DMCA.

“While stakeholders can be expected to disagree about the details of these voluntary efforts, it cannot be said that the DMCA safe harbors are failing in the face of this overwhelming evidence that these voluntary measures continue to grow both in number and diversity,” Google concludes.

It’s crystal clear from Google’s submission that it sees the DMCA as a law it can work with, since it enables service providers to innovate without fear while simultaneously addressing the concerns of copyright holders. The latter see things quite differently though, so expect the battles to continue.

Google’s submission can be found here, via Michael Geist.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.