An anonymous reader quotes a report from The Guardian: Mushrooms are the safest of all the drugs people take recreationally, according to this year's Global Drug Survey. Of the more than 12,000 people who reported taking psilocybin hallucinogenic mushrooms in 2016, just 0.2% of them said they needed emergency medical treatment -- a rate at least five times lower than that for MDMA, LSD and cocaine. Global Drug Survey 2017, with almost 120,000 participants in 50 countries, is the world's biggest annual drug survey, with questions that cover the types of substances people take, patterns of use and whether they experienced any negative effects. Overall, 28,000 people said they had taken magic mushrooms at some point in their lives, with 81.7% seeking a "moderate psychedelic experience" and the "enhancement of environment and social interactions."
An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload. EternalRocks is far more complex than WannaCry's SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received. Last but not least, the worm does not have a killswitch domain, which means the worm can't be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm's owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo. Ars Technica quotes security researchers who say "there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April... These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch."
One year after the raid on Megaupload and his sprawling mansion, Kim Dotcom fought back in grand fashion by launching new file-hosting site Mega.
It was a roaring success, signing up hundreds of thousands of users in the first few hours alone. Mega, it seemed, might soon be kicking at heels of the unprecedented traction of Megaupload.
While Mega continued to grow, in July 2015 Dotcom indicated that his previously warm connections with the site may have soured.
“I’m not involved in Mega anymore. Neither in a managing nor in a shareholder capacity,” he said.
Dotcom went on to claim that a then-unnamed Chinese investor (wanted in China for fraud) had used straw-men and businesses to accumulate more and more Mega shares, shares that were later seized as part of an investigation by the New Zealand government.
Mega bosses angrily denied that there had been any hostile takeover, noting that “those shareholders” who had decided not to subscribe to recent issues had “…been diluted accordingly. That has been their choice.”
But a year later and the war of words between Dotcom and Mega was still simmering, with the Chinese investor now being openly named as Bill Liu.
A notorious high-roller who allegedly gambled $293m at New Zealand’s SkyCity casino, Liu was soon being described by Dotcom as China’s “fifth most-wanted criminal” due to a huge investigation into the businessman’s dealings taking place back home.
Mega saw things a little differently, however.
“Mr Liu has a shareholding interest but has no management or board position so he certainly doesn’t control Mega,” the company insisted at the time.
Dotcom disagreed strongly with that assertion and this week, more than a year later, the topic has raised its head yet again.
“In a nutshell, Bill Liu has taken control of Mega by using straw men to buy shares for him, ultimately giving him the majority on the board,” Dotcom informs TF.
In common with the raid on Megaupload, the Mega/Liu backstory is like something out of a Hollywood movie.
This week the NZ Herald published an amazing report detailing Liu’s life since he first entered New Zealand in 2001. A section explains how he first got involved with Mega.
Tony Lentino, who was the founder of domain name registrar Instra, was also Mega’s first CEO. It’s reported that he later fell out with Dotcom and wanted to sell his shares in the company.
Bill Liu wanted to invest so Lentino went to meet him at his penthouse apartment on the 35th floor of the Metropolis tower in central Auckland.
Lentino later told police that Liu opened a bottle of Penfolds Grange wine during the meeting – no joke at $800 per bottle. That developed into a discussion about Liu buying Lentino’s stake in Mega and a somewhat interesting trip back home for Lentino.
“You want one of my cars to take home?” Liu allegedly asked Lentino.
The basement contained a Porsche, a Bentley and a Rolls-Royce – and Lentino was invited to take his pick. He took the NZ$400,000 Rolls as part of the NZ$4.2 million share in Mega he transferred to Liu.
Well, not quite to Liu, directly at least.
“When it came time to sign the deal, the shares were to be split into two parcels: one in the name of Zhao Wu Shen, a close friend of [Liu], and a trust company,” NZ Herald reports.
“It was the third transaction where Yan had been quietly buying into Mega – nothing was in his name, but he now controlled 18.8 per cent.”
It is not clear how much Liu currently owns but Lentino later told police (who believed that Liu was hiding his assets) that the Chinese businessman was the “invisible CEO” of Mega.
Speaking with TF this week, Dotcom says that Liu achieved his status by holding Mega back.
“Liu used his power to prevent Mega from monetizing its traffic via advertising sales or premium account sales and by doing so he created an artificial situation in which Mega had to raise more money to survive,” Dotcom says.
“He then pumped double-digit millions of dollars into the business via his straw men in order to dilute all other shareholders to almost zero.”
Dotcom says that Mega could’ve been “instantly profitable, ” but instead Liu intentionally forced the company into a loss-making situation, safe in the knowledge he could “turn on profitability at the push of a button.”
Dotcom says Liu chose not to do that until he directly or indirectly owned “almost all” of the shares in Mega. That, he says, came at the expense of his family, who had invested in Mega.
“The family trust that was setup for the benefit of my children owned the majority of Mega until Bill Liu entered the stage with his unlawful actions to take control of the company,” Dotcom says.
“He ran it at a loss when it could have been profitable, and then diluted other shareholders.”
According to Dotcom, the people behind his family trust are now considering their options, including legal action against Liu and others.
“The trustees of the family trust are now considering legal action against all parties involved in this dilution scam in light of the new information that has become public today from other court proceedings against Bill Liu,” Dotcom concludes.
It’s difficult to find a more colorful character than Dotcom, but Bill Liu certainly gives Dotcom a run for his money. His story can be found here, it’s almost unbelievable.
This post presumes you already have a firm understanding of why you should cut ties with social media. If you aren’t there yet, you probably don’t need to read on. But perhaps you’d be interested in the following articles on happiness, avoiding depression, etc.
If you already know that social media is making you miserable and you’re just trying to find a way to escape then read on and follow this 5 step plan.
1. Tell your real friends your intentions. It’s crazy, but people might think you are unfriending them if you shut down your accounts. Do it in a non-judgmental fashion. “I just gotta lay low for a while.” “I’m spending too much time staring at my phone.” Keep it simple, you don’t need to tell them that social media has become a leading cause of depression. They might not want to hear it, and that’s fine.
***Whatever you do, don’t pull one of those bullshit things where you post on social media that you are leaving social media. People will just think you’re fishing for attention. Because you probably are just fishing for attention.***
2. Turn that shit off.
3. Make a list of what you’ll be missing.
You probably use social media for a number of reasons. Your original reason like connecting with old classmates that you haven’t seen in years was probably replaced by things like:
Spying on ex GF’s, BF’s, your kids, spouses, lovers.
Reading news (i.e. watching John Oliver clips)
Reading fake news
Collecting likes. And spending meaningful events in your life (like vacations, weddings, births) thinking about how to frame that moment on Instagram or Facebook and what you’ll say.
Looking at things you could buy.
Getting invited to events that you don’t want to go to, but… FOMO.
Looking at pictures from events that you missed that make them look way more fun than they actually were.
Taking 5 minute breaks from work.
4. Figure out healthy ways to replace what you’re missing.
Email an old friend that you haven’t connected with in a while.
Spend meaningful life events being present and undistracted by technology. Maybe just bring a camera or nothing to the beach or Disney World for one day to see how it goes.
Actually watch the concert or game you have attended. Especially if your friends or children are participating.
Stay informed on things you care about by subscribing to RSS feeds on a tool like The Old Reader! There’s almost infinite amazing content on every topic you can imagine. But you’re probably missing most of it while obsessing over random crap on Facebook.
Go for a 5 minute walk outside. Even if the weather stinks. Walks in the rain can be pretty awesome.
Meditate for 5 minutes. Just focus on breathing and clearing your head. No iPhone app or expertise required.
5. You’re free! Just because social media is a growth area and a new technology doesn’t mean it’s a good thing. I mean, seriously, your parents are watching you again! You’d finally broken free and moved to a different state. And now they know about everything you do.
I mentioned Rodney King in an Intro to American Government class. I got the blank "Is that a thing we are supposed to know?" look that I have come to recognize when students hear about something that happened more than six months ago. "Rodney King?" More blinking. "Can someone tell why the name Rodney King is important?"
One student, god bless her, raised her hand. I paraphrase: "He was killed by the police and it caused the LA Riots." I noted that, no, he did not die, but the second part of the statement was indirectly true. God bless technology in the classroom -- I pulled up the grainy VHS-camcorder version of the video, as well as a transcript of the audio analysis presented at trial. We watched, and then talked a bit about the rioting following the acquittal of the LAPD officers at trial. They kept doing the blinking thing. I struggled to figure out what part of this relatively straightforward explanation had managed to confuse them.
"Are there questions? You guys look confused."
Hand. "So he was OK?"
"He was beaten up pretty badly, but, ultimately he was. He died a few years ago from unrelated causes (note: in 2012)."
Hand. "It's kind of weird that everybody rioted over that. I mean, there's way worse videos." General murmurs of agreement. [...]
This is a generation of kids so numb to seeing videos of police beating, tasering, shooting, and otherwise applying the power of the state to unarmed and almost inevitably black or Hispanic men that they legitimately could not understand why a video of cops beating up a black guy (who didn't even die for pete's sake!) was shocking enough to cause a widespread breakdown of public order. [...]
These kids have grown up in a world where this is background noise. It is part of the static of life in the United States. Whether these incidents outrage them or are met with the usual excuses (Comply faster, dress differently, be less Scary) the fact is that they happen so regularly that retaining even one of them in long term memory is unlikely. To think about Rodney King is to imagine a reality in which it was actually kind of shocking to see a video of four cops kicking and night-sticking an unarmed black man over the head repeatedly. Now videos of police violence are about as surprising and rare as weather reports, and forgotten almost as quickly once passed.
About Rick and Morty: Rick and Morty is Adult Swim's most scientifically accurate animated comedy. Created by Justin Roiland and Dan Harmon, it catalogues the bizarre misadventures of a bored scientific genius/drunkard and his socially awkward grandson, Morty. Their exploits tend to have unintended consequences for Morty's dysfunctional family, especially his unfailingly mediocre father, Jerry. Watch Rick and Morty battle everything from interdimensional customs agents to Cronenberg monsters now, only at http://AdultSwim.com.
About Adult Swim: Adult Swim is your late-night home for animation and live-action comedy. Enjoy some of your favorite shows, including Robot Chicken, Venture Bros., Tim and Eric, Aqua Teen, Childrens Hospital, Delocated, Metalocalypse, Squidbillies, and more. Watch some playlists. Fast forward, rewind, pause. It's all here. And remember to visit http://AdultSwim.com for all your full episode needs. We know you wouldn't forget, but it never hurts to make sure.
Intel chipsets for some years have included a Management Engine, a small microprocessor that runs independently of the main CPU and operating system. Various pieces of software run on the ME, ranging from code to handle media DRM to an implementation of a TPM. AMT is another piece of software running on the ME, albeit one that takes advantage of a wide range of ME features.
Active Management Technology
AMT is intended to provide IT departments with a means to manage client systems. When AMT is enabled, any packets sent to the machine's wired network port on port 16992 or 16993 will be redirected to the ME and passed on to AMT - the OS never sees these packets. AMT provides a web UI that allows you to do things like reboot a machine, provide remote install media or even (if the OS is configured appropriately) get a remote console. Access to AMT requires a password - the implication of this vulnerability is that that password can be bypassed.
Remote management
AMT has two types of remote console: emulated serial and full graphical. The emulated serial console requires only that the operating system run a console on that serial port, while the graphical environment requires drivers on the OS side requires that the OS set a compatible video mode but is also otherwise OS-independent[2]. However, an attacker who enables emulated serial support may be able to use that to configure grub to enable serial console. Remote graphical console seems to be problematic under Linux but some people claim to have it working, so an attacker would be able to interact with your graphical console as if you were physically present. Yes, this is terrifying.
Remote media
AMT supports providing an ISO remotely. In older versions of AMT (before 11.0) this was in the form of an emulated IDE controller. In 11.0 and later, this takes the form of an emulated USB device. The nice thing about the latter is that any image provided that way will probably be automounted if there's a logged in user, which probably means it's possible to use a malformed filesystem to get arbitrary code execution in the kernel. Fun!
The other part of the remote media is that systems will happily boot off it. An attacker can reboot a system into their own OS and examine drive contents at their leisure. This doesn't let them bypass disk encryption in a straightforward way[1], so you should probably enable that.
How bad is this
That depends. Unless you've explicitly enabled AMT at any point, you're probably fine. The drivers that allow local users to provision the system would require administrative rights to install, so as long as you don't have them installed then the only local users who can do anything are the ones who are admins anyway. If you do have it enabled, though…
How do I know if I have it enabled?
Yeah this is way more annoying than it should be. First of all, does your system even support AMT? AMT requires a few things:
1) A supported CPU 2) A supported chipset 3) Supported network hardware 4) The ME firmware to contain the AMT firmware
Merely having a "vPRO" CPU and chipset isn't sufficient - your system vendor also needs to have licensed the AMT code. Under Linux, if lspci doesn't show a communication controller with "MEI" or "HECI" in the description, AMT isn't running and you're safe. If it does show an MEI controller, that still doesn't mean you're vulnerable - AMT may still not be provisioned. If you reboot you should see a brief firmware splash mentioning the ME. Hitting ctrl+p at this point should get you into a menu which should let you disable AMT.
How about over Wifi?
Turning on AMT doesn't automatically turn it on for wifi. AMT will also only connect itself to networks it's been explicitly told about. Where things get more confusing is that once the OS is running, responsibility for wifi is switched from the ME to the OS and it forwards packets to AMT. I haven't been able to find good documentation on whether having AMT enabled for wifi results in the OS forwarding packets to AMT on all wifi networks or only ones that are explicitly configured.
What do we not know?
We have zero information about the vulnerability, other than that it allows unauthenticated access to AMT. One big thing that's not clear at the moment is whether this affects all AMT setups, setups that are in Small Business Mode, or setups that are in Enterprise Mode. If the latter, the impact on individual end-users will be basically zero - Enterprise Mode involves a bunch of effort to configure and nobody's doing that for their home systems. If it affects all systems, or just systems in Small Business Mode, things are likely to be worse. We now know that the vulnerability exists in all configurations.
What should I do?
Make sure AMT is disabled. If it's your own computer, you should then have nothing else to worry about. If you're a Windows admin with untrusted users, you should also disable or uninstall LMS by following these instructions.
Does this mean every Intel system built since 2008 can be taken over by hackers?
No. Most Intel systems don't ship with AMT. Most Intel systems with AMT don't have it turned on.
Does this allow persistent compromise of the system?
Not in any novel way. An attacker could disable Secure Boot and install a backdoored bootloader, just as they could with physical access.
But isn't the ME a giant backdoor with arbitrary access to RAM?
Yes, but there's no indication that this vulnerability allows execution of arbitrary code on the ME - it looks like it's just (ha ha) an authentication bypass for AMT.
Is this a big deal anyway?
Yes. Fixing this requires a system firmware update in order to provide new ME firmware (including an updated copy of the AMT code). Many of the affected machines are no longer receiving firmware updates from their manufacturers, and so will probably never get a fix. Anyone who ever enables AMT on one of these devices will be vulnerable. That's ignoring the fact that firmware updates are rarely flagged as security critical (they don't generally come via Windows update), so even when updates are made available, users probably won't know about them or install them.
Avoiding this kind of thing in future
Users ought to have full control over what's running on their systems, including the ME. If a vendor is no longer providing updates then it should at least be possible for a sufficiently desperate user to pay someone else to do a firmware build with the appropriate fixes. Leaving firmware updates at the whims of hardware manufacturers who will only support systems for a fraction of their useful lifespan is inevitably going to end badly.
How certain are you about any of this?
Not hugely - the quality of public documentation on AMT isn't wonderful, and while I've spent some time playing with it (and related technologies) I'm not an expert. If anything above seems inaccurate, let me know and I'll fix it.
[1] Eh well. They could reboot into their own OS, modify your initramfs (because that's not signed even if you're using UEFI Secure Boot) such that it writes a copy of your disk passphrase to /boot before unlocking it, wait for you to type in your passphrase, reboot again and gain access. Sealing the encryption key to the TPM would avoid this.
[2] Updated after this comment - I thought I'd fixed this before publishing but left that claim in by accident.
(Updated to add the section on wifi)
(Updated to typo replace LSM with LMS)
(Updated to indicate that the vulnerability affects all configurations)
Founded by BitTorrent inventor Bram Cohen, BitTorrent Inc. is best known for its torrent clients uTorrent and BitTorrent Mainline, from which it made millions over the years.
Unlike most file-sharing startups the company was well funded from the start. Accel was one of the early investors from early on, and BitTorrent was part of a fund that also included Facebook and Dropbox.
However, over the past decade, BitTorrent Inc. didn’t transform into a multi-billion dollar business. This prompted Accel to step away, taking a loss, while “getting rid of it.”
This is exactly what happened. In 2015 Accel handed over its stake in the company to a group of outside investors who promised to pay $10 million in a year, which they would take from future profits.
The outsiders included Jeremy Johnson and Robert Delamar. They became BitTorrent’s new CEOs and reportedly spent a ton of cash in the months that followed. Soon after it became clear that they had burned through way more money than they’d brought in and they left their positions, a saga that Backchannel documented in detail.
Speaking with TorrentFreak’s Steal This Show, Bram Cohen first talks about what went down in public, and his account doesn’t paint a pretty picture.
“You know the truth is we’ve actually been doing fine for quite a while now. We haven’t had technology problems or business problems, we’ve had investor problems. That’s been our problem,” Cohen notes.
“Basically, Accel took their share in BitTorrent and pretty much just gave it away to these total strangers who they didn’t know. And not only gave away their stock but gave away control of the company.”
While the new co-CEOs of the company spent a bunch of cash, Cohen doesn’t believe they had a real plan.
“Plan, why do you think they had a plan?” They were kids in a candy store. Their plan was like; Oh my god, we got money, we got power, we’re such geniuses, we can do everything here, we’ll make it great,” Cohen says.
The cynical rant continues for a while after that, but the bottom line is that BitTorrent’s inventor had little faith in the capabilities of the newcomers. They took BitTorrent to Hollywood and thought that aligning themselves with celebrities was the key to success, something Cohen isn’t particularly fond of.
“Human beings are a bunch of starfuckers, right? The United States has become this celebrity-obsessed culture, and everyone’s all about, oh, we’ll gain access. That’ll be great, and we’ll make money off of it, everybody thinks this.
“It’s like, how can I find some biz dev people who aren’t humans, so they don’t sell their soul?” Cohen adds.
According to Cohen, Accel’s attempt to close their fund nearly destroyed the company. When it was time for the new CEOs and their investment company to pay up, the money wasn’t there.
“They were just incompetent fuckups. I mean they’re losers,” he blasts, noting that it certainly wasn’t impossible to turn a decent profit in a year.
While the account is a one-sided view, it’s clear that the newcomers weren’t very welcome, or liked, by BitTorrent’s inventor. He goes on to detail how thousands of dollars were spent on first class tickets, private chauffeurs, and parties.
Cohen himself stayed far away from the razzmatazz and continued coding, back at the dull gray office in San Francisco.
“I had nothing to do with any of this. This was all just like, starfucker bullshit,” Cohen says.
When Steal This Show host Jamie King pushed one final time to ask if the new management really didn’t have a plan, the answer wasn’t much more flattering.
“Go around LA being big swinging dicks. Go to 1 Oak and spend a few thousand dollars a night on drinks. I mean, people think that there must be some like rational thought here, beyond being a talking chimpanzee,” Cohen concludes.
For more than 30 years, consumers have obtained music and movies written to polycarbonate discs. CD, DVD and now Blu-ray discs are recognizable across the world as a cheap and pretty reliable carrier for large volumes of digital data.
While it may take a while before Blu-ray takes its final breaths, CDs and DVDs are already on borrowed time. For the younger generation already accustomed to storing huge amounts of data on tiny MicroSD cards and USB sticks, a plastic disc carrying content is almost as outdated as a vinyl record.
With this in mind, millions of consumers would welcome the idea of getting their movies in convenient formats such as AVI or MP4. This would enable them to freely move content from device to device, without having to spend more money. Of course, entertainment companies don’t like that idea at all, especially when it comes to movies.
That’s where SwiftMedia comes in, and it’s a sight to behold.
Spotted by a TorrentFreak reader in a shopping mall in Ethiopia, this bright yellow kiosk looks like an ATM. However, on closer inspection it reveals itself to be a self-service media machine that does everything that RedBox can do (and more) without a plastic disc in sight.
“At the beginning of this year, All Mart (the Walmart equivalent here) brought in a new machine. It’s basically a monitor with a USB port but shaped like an ATM. It’s called SwiftMedia and there’s a guy who ‘maintains’ it,” our source explains.
“Basically you go to this very big store and you approach the machine and you plug in a USB drive. The screen will turn on and it will let you browse through a massive archive of movies.”
Screen close-up
As mentioned earlier, this is a completely disc-less system, meaning that transfers of all content purchased from the machine end up on a customer-provided USB stick. Needless to say, DRM and copyright protection aren’t high on the agenda for this unusual and innovative machine.
All the movies – on USB
Prices are cheap too, with packages available for 25, 50 and 100 birr ($1, $2 and $3). Feature movies reportedly cost between 3 and 5 birr (13 to 22 cents) depending on the movie release date, with older movies costing more. Documentaries weigh in at the top of the range with single songs and TV shows costing 13 cents.
“At first I assumed these movies had their rights lifted or something because well, you know, but then I later found out that the movies I had first seen were just there on release day,” our source continues.
“Apparently the maintenance guy torrents all day and stores the data on his drive, the drive shown by the SwiftMedia monitor. This would not have been a big deal as this is Ethiopia and the allegedly democratic government has bigger issues.”
Of course, something like this wouldn’t last five minutes in the West and certainly wouldn’t appear in a shopping mall, let alone Walmart. So TorrentFreak contacted Escape Computing, the company that appears to be behind the project, to find out more about their enterprise.
At the time of publication we had received no response, but we did manage to track down a job listing posted last year where the company sought an individual to act in a sales and technical capacity.
It’s not clear whether the position was filled but whoever got the job certainly has a unique role to fulfill in this unusual yet somewhat innovative project.
In 2015, the UK Government announced a controversial plan to increase the maximum prison sentence for online copyright infringement from two to ten years.
The proposal followed a suggestion put forward in a study commissioned by the UK Intellectual Property Office (IPO). The study concluded that criminal sanctions for online copyright infringement available under the Copyright, Designs and Patents Act 1988 (CDPA 1988) should be harmonized with ‘offline’ penalties, such as those available for counterfeiting.
“By toughening penalties for commercial-scale online offending we are offering greater protections to businesses and sending a clear message to deter criminals,” then Intellectual Property Minister Baroness Neville-Rolfe said at the time.
In July 2016, the government published a new draft of its Digital Economy Bill which duly proposed an extension of the current prison term of two years to a maximum of ten.
Throughout the entire process of passing the legislation, the government has insisted that ‘regular’ members of the public would not be subjected to harsh punishments. However, that is not how the legislation reads.
As detailed in our earlier article, anyone who makes infringing content available to the public while merely putting a copyright holder at risk of loss, is now committing a criminal offense.
There are a number of variables, but this is the relevant part distilled down for the average file-sharer who downloads as well as uploads, using BitTorrent, for example.
A person…who infringes copyright in a work by communicating the work to the public commits an offense if [the person] knows or has reason to believe that [they are] infringing copyright in the work, and…knows or has reason to believe that communicating the work to the public will cause loss to the owner of the copyright, or will expose the owner of the copyright to a risk of loss.
Earlier this year, the Open Rights Group launched a campaign to try and make the government see sense. ORG did not dispute that there need to be penalties for online infringement but asked the government make amendments to target large-scale infringers while protecting the public.
“Our proposal is to set a threshold of ‘commercial scale loss’, and revising ‘risk of loss’ to ‘serious risk of commercial scale loss’. These are flexible rather than ‘specific’,” ORG said.
But the group’s appeals fell on deaf ears. No one in the law-making process was prepared to make this minor change to the Digital Economy Bill, even though legislation already exists for punishing even the smallest of copyright infringements through the civil courts.
As a result, the bill received royal assent last week which means that the country’s millions of small-time copyright infringers are now criminals in the eyes of the law.
Worst still, depending on the whims of copyright holders, any one could now be reported to the police for sharing even a single movie, an offense (as painted in our hypothetical piece in March) that could result in years in jail.
The government says that won’t be allowed. We’ll see.
The Kodi media player software, previously known as XBMC, has seen a massive surge in popularity in recent years.
More and more people have started to use Kodi as their main source of entertainment, often with help from unofficial add-ons that allow them to access pirated movies and TV-shows.
While there has been plenty of anecdotal evidence on how prevalent its use is, there hasn’t been much research to back this up. A new report published by broadband management company Sandvine today, aims to fill this gap.
Sandvine analyzed a dataset from multiple North America tier one fixed-line provider, which covers over 250,000 anonymized households throughout North America. Using this data, it was able to estimate how many households actively use at least one Kodi device.
“The Kodi application itself does not generate much data, but it is easy to detect within a household due to its ‘heartbeat’ traffic which can easily be identified,” Sandvine reports.
Overall Sandvine estimates that 8.8% of the households with Internet access across North America have an active Kodi device. This translates to several millions of households and many more potential users.
Of course, this doesn’t mean that all these people are pirates. Kodi has plenty of legal uses, and so Sandvine also looked at the use of pirate add-ons specifically.
Looking at the various traffic sources for the streaming data, including file-hosts, the company determined that 68.6% of the households with Kodi devices also use unofficial, or “pirate” add-ons.
The report was in part triggered by an increased interest from content service providers, copyright owners, and regulators. Some of these pointed to the Kodi software as the root of the piracy problem, but Sandvine laudably rejects this claim.
“In some of the discussion Sandvine has had with the parties listed above, Kodi is often referred to by name as the root of the streaming of unlicensed content problem, but that is wrong,” Sandvine notes.
“Kodi simply serves as a front end; If Kodi disappeared tomorrow, then all of the content made available through the unofficial Add-ons would quickly be made be accessible via a web browser, or by another media player, and the parties that are benefitting today, would continue to profit,” they add.
Sandvine should receive praise for making such a clear distinction, something the media often fails to do, which is cause for great frustration among the Kodi developers.
Finally, the company notes that there are clear geographical differences in Kodi adoption within North America. In Canada, for example, over 10% of the households have a Kodi device installed, which is a higher adoption rate than in the US.
It will be interesting to see how these trends develop during the years to come. For now, Kodi continues to draw more and more users, so it wouldn’t be a big surprise if the numbers further increase.
Almost
90,000
jobs have been lost in US retail stores since last October —
and this could be just the beginning of a disaster that affects
millions of jobs.
In a physical store, you can buy anonymously. Internet purchases are
a surveillance system. That is why I have never bought anything over
the internet. Please buy in physical stores by preference.
Bats Global Markets, a CBOE company, is seeking highly motivated individuals for our software quality engineering team. This technical role will focus on creating automated tests cases and augmenting our proprietary test framework.
Bats has developed an automated test framework in Python used for system-level integration testing. We are a 100% automated testing shop looking for talented "devs in test" to help extend our test harness, tools, scripts, and library of tests. You will be working in Python and we're looking for professional dev-level skills.
Requirements:
Bachelor’s Degree in Computer Science, Engineering, or other related field.
At least three years QA experience is required, with recent and demonstrable experience creating automated test cases and working with test frameworks.
Strong experience in object-oriented design and programming techniques. Our tests, our framework, and many of our monitoring scripts are written in Python. Professional work experience using Python is required.
SQL experience (PostgreSQL or other variety) is necessary.
Working knowledge of Linux and experience with MS Windows and Office tools.
Experience with continuous integration systems is a plus.
Experience with the complete software development life cycle and QA processes in an Agile environment.
Bridges come in many flavours, and we need consistent terminology within the Matrix community to ensure everyone (users, developers, core team) is on the same page. This post is primarily intended for bridge developers to refer to when building bridges.
The most recent version of this document is here (source) but we’re also posting it as a blog post for visibility.
Types of rooms
Portal rooms
Bridges can register themselves as controlling chunks of room aliases namespace, letting Matrix users join remote rooms transparently if they /join #freenode_#wherever:matrix.org or similar. The resulting Matrix room is typically automatically bridged to the single target remote room. Access control for Matrix users is typically managed by the remote network’s side of the room. This is called a portal room, and is useful for jumping into remote rooms without any configuration needed whatsoever – using Matrix as a ‘bouncer’ for the remote network.
Plumbed rooms
Alternatively, an existing Matrix room can be can plumbed into one or more specific remote rooms by configuring a bridge (which can be run by anyone). For instance, #matrix:matrix.org is plumbed into #matrix on Freenode, matrixdotorg/#matrix on Slack, etc. Access control for Matrix users is necessarily managed by the Matrix side of the room. This is useful for using Matrix to link together different communities.
Migrating rooms between a portal & plumbed room is currently a bit of a mess, as there’s not yet a way for users to remove portal rooms once they’re created, so you can end up with a mix of portal & plumbed users bridged into a room, which looks weird from both the Matrix and non-Matrix viewpoints. https://github.com/matrix-org/matrix-appservice-irc/issues/387 tracks this.
Types of bridges (simplest first):
Bridgebot-based bridges
The simplest way to exchange messages with a remote network is to have the bridge log into the network using one or more predefined users called bridge bots – typically called MatrixBridge or MatrixBridge[123] etc. These relay traffic on behalf of the users on the other side, but it’s a terrible experience as all the metadata about the messages and senders is lost. This is how the telematrix matrix<->telegram bridge currently works.
Bot-API (aka Virtual user) based bridges
Some remote systems support the idea of injecting messages from ‘fake’ or ‘virtual’ users, which can be used to represent the Matrix-side users as unique entities in the remote network. For instance, Slack’s inbound webhooks lets remote bots be created on demand, letting Matrix users be shown cosmetically correctly in the timeline as virtual users. However, the resulting virtual users aren’t real users on the remote system, so don’t have presence/profile and can’t be tab-completed or direct-messaged etc. They also have no way to receive typing notifs or other richer info which may not be available via bot APIs. This is how the current matrix-appservice-slack bridge works.
Simple puppeted bridge
This is a richer form of bridging, where the bridge logs into the remote service as if it were a real 3rd party client for that service. As a result, the Matrix user has to already have a valid account on the remote system. In exchange, the Matrix user ‘puppets’ their remote user, such that other users on the remote system aren’t even aware they are speaking to a user via Matrix. The full semantics of the remote system are available to the bridge to expose into Matrix. However, the bridge has to handle the authentication process to log the user into the remote bridge.
This is essentially how the current matrix-appservice-irc bridge works (if you configure it to log into the remote IRC network as your ‘real’ IRC nickname). matrix-appservice-gitter is being extended to support both puppeted and bridgebot-based operation. It’s how the experimental matrix-appservice-tg bridge works.
Going forwards we’re aiming for all bridges to be at least simple puppeted, if not double-puppeted.
Double-puppeted bridge
A simple ‘puppeted bridge’ allows the Matrix user to control their account on their remote network. However, ideally this puppeting should work in both directions, so if the user logs into (say) their native telegram client and starts conversations, sends messages etc, these should be reflected back into Matrix as if the user had done them there. This requires the bridge to be able to puppet the Matrix side of the bridge on behalf of the user.
This is the holy-grail of bridging; matrix-puppet-bridge is a community project that tries to facilitate development of double puppeted bridges, having done so for several networks. The main obstacle is working out an elegant way of having the bridge auth with Matrix as the matrix user (which requires some kind of scoped access_token delegation).
Server-to-server bridging
Some remote protocols (IRC, XMPP, SIP, SMTP, NNTP, GnuSocial etc) support federation – either open or closed. The most elegant way of bridging to these protocols would be to have the bridge participate in the federation as a server, directly bridging the entire namespace into Matrix.
We’re not aware of anyone who’s done this yet.
Sidecar bridge
Finally: the types of bridging described above assume that you are synchronising the conversation history of the remote system into Matrix, so it may be decentralised and exposed to multiple users within the wider Matrix network.
This can cause problems where the remote system may have arbitrarily complicated permissions (ACLs) controlling access to the history, which will then need to be correctly synchronised with Matrix’s ACL model, without introducing security issues such as races. We already see some problems with this on the IRC bridge, where history visibility for +i and +k channels have to be carefully synchronised with the Matrix rooms.
You can also hit problems with other network-specific features not yet having equivalent representation in the Matrix protocol (e.g. ephemeral messages, or op-only messages – although arguably that’s a type of ACL).
One solution could be to support an entirely different architecture of bridging, where the Matrix client-server API is mapped directly to the remote service, meaning that ACL decisions are delegated to the remote service, and conversations are not exposed into the wider Matrix. This is effectively using the bridge purely as a 3rd party client for the network (similar to Bitlbee). The bridge is only available to a single user, and conversations cannot be shared with other Matrix users as they aren’t actually Matrix rooms. (Another solution could be to use Active Policy Servers at last as a way of centralising and delegating ACLs for a room)
This is essentially an entirely different product to the rest of Matrix, and whilst it could be a solution for some particularly painful ACL problems, we’re focusing on non-sidecar bridges for now.
"I had the displeasure of being awoken at midnight to the sounds of civil-defense/air-raid sirens," writes very-long-time Slashdot reader SigIO, blaming "some schmuck with a twisted sense of humor." The Dallas News reports:
Rocky Vaz, director of Dallas' Office of Emergency Management, said that all 156 of the city's sirens were activated more than a dozen times... Dallas officials blame computer hacking for setting off emergency sirens throughout the city early Saturday... It took until about 1:20 a.m. to silence them for good because the emergency system had to be deactivated. The system remained shut down Saturday while crews safeguarded it from another hack.
The city has figured out how the emergency system was compromised and is working to prevent it from happening again, he said... The city said the system should be restored Sunday or Monday.
City officials reported 4,400 calls to their 9-1-1 emergency phone number in the first four hours of Saturday morning, with over 800 occurring in that first 15 minutes when all 156 sirens started going off simultaneously.
oh look, i shared something fucking stupid just for u
Drinking in the shower is a pastime that much of the Lifehacker staff holds near and dear to their hearts. The popular beverage of choice for such an activity? Beer. Also, coffee and maybe a fancy cocktail. Here’s how you, too, can enjoy one of the greatest and most simple pleasures of your adult life.
painful, but kind of the best move at the moment. gonna be interesting switching to gnome...
Enlarge / Unity 8, an option in the Ubuntu 16.10 desktop, will never become the default. (credit: Canonical)
Six years after making Unity the default user interface on Ubuntu desktops, Canonical is giving up on the project and will switch the default Ubuntu desktop back to GNOME next year. Canonical is also ending development of Ubuntu software for phones and tablets, spelling doom for the goal of creating a converged experience with phones acting as desktops when docked with the right equipment.
Canonical founder Mark Shuttleworth explained the move in a blog post Wednesday. "I’m writing to let you know that we will end our investment in Unity8, the phone and convergence shell," he wrote. "We will shift our default Ubuntu desktop back to GNOME for Ubuntu 18.04 LTS," which will ship in April 2018.
This is a return to the early years of Ubuntu, when the desktop shipped with GNOME instead of a Canonical-developed user interface. Shuttleworth's blog post didn't specifically say that phone and tablet development is ending. But Canonical Community Manager Michael Hall confirmed to Ars that the Ubuntu phone and tablet project is over.
Tue. July 11 – Portland, ME @ State Theatre Wed. July 12 - Boston, MA @ Berklee Performance Center Fri. July 14 - New York, NY @ The Town Hall Tue. July 18 - Washington, DC @ Lincoln Theatre Thu. July 20 - Philadelphia, PA @ Merriam Theater Fri. July 21 - Chicago, IL @ Vic Theatre Sun. July 23 – Royal Oak, MI @ Royal Oak Music Theatre Tue. July 25 - Milwaukee, WI @ Pabst Theater Wed. July 26 - Minneapolis, MN @ State Theatre Fri. July 28 - Atlanta, GA @ Variety Playhouse Sat. July 29 - Austin, TX @ Paramount Theatre Mon. July 31 - Dallas, TX @ Majestic Theatre Tue. Aug. 1 - Denver, CO @ Paramount Theatre Wed. Aug. 2 - San Francisco, CA @ The Warfield Fri. Aug. 4 - Vancouver, BC @ Orpheum Theatre Sat. Aug. 5 - Seattle, WA @ Moore Theatre Sun. Aug. 6 - Portland, OR @ Revolution Hall Wed. Aug. 9 - Los Angeles, CA @ Theatre at the Ace Hotel
the only thing I needed this article to answer: can future employers actually find out what your salary is (through background check or contacting your old employer)?
Most hiring managers expect you to ask about salary by the second interview, but if you do, they might turn that question around and ask you about your own salary history to get an idea of what you’re willing to take. Here’s why you shouldn’t share with them what you’ve made before.
Given a state-of-the-art deep neural network classifier, we show the existence of a universal (image-agnostic) and very small perturbation vector that causes natural images to be misclassified with high probability. We propose a systematic algorithm for computing universal perturbations, and show that state-of-the-art deep neural networks are highly vulnerable to such perturbations, albeit being quasi-imperceptible to the human eye. [...]
Can we find a single small image perturbation that fools a state-of-the-art deep neural network classifier on all natural images? We show in this paper the existence of such quasi-imperceptible universal perturbation vectors that lead to misclassified natural images with high probability. Specifically, by adding such a quasi-imperceptible perturbation to natural images, the label estimated by the deep neural network is changed with high probability.
Such perturbations are dubbed universal, as they are image-agnostic. The existence of these perturbations is problematic when the classifier is deployed in real-world (and possibly hostile) environments, as such a single perturbation can be exploited by adversaries to break the classifier. Indeed, the perturbation process involves the mere addition of one very small perturbation to all natural images, and can be relatively straightforward to implement by adversaries in real-world environments, while being relatively difficult to detect as such perturbations are very small and thus do not significantly affect data distributions. The surprising existence of universal perturbations further reveals new insights on the topology of the decision boundaries of deep neural networks.
This technology could dramatically impact the SCORPION STARE program. But I know how I'm convolving my selfies from now on!
One year after the raid on Megaupload and his sprawling mansion, Kim Dotcom fought back in grand fashion by launching new file-hosting site Mega.
comments
Founded by BitTorrent inventor Bram Cohen, BitTorrent Inc. is best known for its torrent clients uTorrent and BitTorrent Mainline, from which it made millions over the years.
For more than 30 years, consumers have obtained music and movies written to polycarbonate discs. CD, DVD and now Blu-ray discs are recognizable across the world as a cheap and pretty reliable carrier for large volumes of digital data.
In 2015, the UK Government announced a controversial plan to increase the maximum prison sentence for online copyright infringement from two to ten years.
The Kodi media player software, previously known as XBMC, has seen a massive surge in popularity in recent years.
Universal Adversarial Perturbations
