Noise

This post was syndicated from: Raspberry Pi and was written by: liz. Original post: at Raspberry Pi

New in the Swag Shop: big vinyl stickers, just the right size for hiding any logos you don’t like on the front of your laptop, and little vinyl stickers, just the right size to cover up the logo on the Windows key on your keyboard. These things are tough, and have what I understand is called “high-traffic glue” on them to make them stand up to your typing.

There are some other new goodies available this week too: a logo mousemat, and a very swanky rubberised drinks coaster, which goes splendidly with a cup of coffee. Or a glass of your favourite intoxicant.

Click on the images to order!

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

The Internet is littered with torrent indexes and search engines, all offering a wide range of content to their visitors.

However, for this content to travel from A to B the BitTorrent ecosystem needs reliable trackers. Unfortunately, good public trackers are harder to find.

For several years PublicBitTorrent and OpenBitTorrent have been dominating this space, coordinating the communication between dozens of millions of peers every day. The two trackers surfaced after The Pirate Bay shut down its BitTorrent tracker back in 2009 and haven’t seen much competition since.

In recent weeks, however, a new tracker called “Demonii” entered the scene. Similar to other standalone trackers Demonii doesn’t host any torrents. TorrentFreak caught up with the operator behind this new kid in town, and he told us that the name is inspired by Demonoid.

“I planned to revive Demonoid because they disappeared so quickly, so I registered the domains demonii.com, net and org,” Demonii’s Qarizma tells TorrentFreak.

“Then I actually realized that for me it wasn’t a good idea to start something like Demonoid. It would get me into trouble which I’m not interested in. So I decided to start the Demonii Tracker Project.”

After a slow start, traffic to the new tracker suddenly experienced a massive spike in traffic two weeks ago. Overnight it went from dealing with a handful of peers to millions, a surge that can be solely attributed to The Pirate Bay.

As it turned out, TPB had added the new tracker to all their magnet links, as they also do with OpenBitTorrent and PublicBitTorrent. Needless to say, Demonii wasn’t prepared and the newly gained attention quickly took the tracker offline.

“I didn’t expect it, Demonii was tracking about 100 torrents for testing and debugging, then I heard TPB used Demonii as tracker. That explained why my server went down,” Qarizma tells us.

However, Demonii did welcome the Pirate Bay blessing and after moving to a new server it quickly recovered. At the time of writing Demonii tracks 875,365 torrents and handles 4,165,485 peers, which makes it the fifth largest BitTorrent tracker on the Internet.

Like most of the other large BitTorrent trackers Demonii runs on the beerware licensed Opentracker software. Demonii’s operator made some small modifications to make it run smoothly on his VPS, which he can expand later if needed.

“Demonii currently runs on a KVM based VPS on my own nodes. The main node is a Xeon X5677, and the VPS specs are 512MB RAM and 1000Mhz is still enough to run it now. When it needs more I can simply allocate more resources to the VPS.”

In addition to operating the Demonii tracker the owner also offers privacy protection software that may come in handy for some.

Dprotect

The free application named “dProtect” is a blocklist addon for uTorrent. It bans a long list of IP-ranges that may be connected to monitoring companies, government agencies and other outfits that may interfere with BitTorrent traffic.

“dProtect is our software released to increase people’s privacy on the internet. The software adds a layer of protection when you are downloading using uTorrent,” Qarizma says.

The dProtect software uses a list of ranges maintained by The Blocklist Group. Similar to other blocklists, the list is only partially effective.

It will be interesting to see if Demonii remains among the top trackers in the months to come. If The Pirate Bay keeps supporting it there is no doubt that the new kid in town will stick around for a while.

Source: Pirate Bay Blessing Propels New BitTorrent Tracker to Great Heights

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

The founder of Liberty Reserve, a digital currency that has evolved as perhaps the most popular form of payment in the cybercrime underground, was reportedly arrested in Spain this week on suspicion of money laundering. News of the law enforcement action may help explain an ongoing three-day outage at libertyreserve.com: On Friday, the domain registration records for that site and for several other digital currency exchanges began pointing to Shadowserver.org, a volunteer organization dedicated to combating global computer crime.

According to separate reports in The Tico Times and La Nacion, two Costa Rican daily newspapers, police in Spain arrested Arthur Budovsky Belanchuk, 39, as part of a money laundering investigation jointly run by authorities in New York and Costa Rica.

The papers cited Costa Rican prosecutor José Pablo González saying that Budovsky, a Costa Rican citizen of Ukrainian origin, has been under investigation since 2011 for money laundering using Liberty Reserve, a company he created in Costa Rica. “Local investigations began after a request from a prosecutor’s office in New York,” Tico Times reporter L. Arias wrote. “On Friday, San José prosecutors conducted raids in Budovsky’s house and offices in Escazá, Santa Ana, southwest of San José, and in the province of Heredia, north of the capital. Budovsky’s businesses in Costa Rica apparently were financed by using money from child pornography websites and drug trafficking.”

For those Spanish-speaking readers out there, Gonzalez can be seen announcing the raids in a news conference documented in this youtube.com video (the subtitles option for English do a decent job of translation as well).

Liberty Reserve is a largely unregulated money transfer business that allows customers to open accounts using little more than a valid email address, and this relative anonymity has attracted a huge number of customers from underground economies, particularly cybercrime.

In a now 10-page thread on this crime forum, many members are facing steep losses.

The trouble started on Thursday, when libertyreserve.com inexplicably went offline. The outage set off increasingly anxious discussions on several major cybercrime forums online, as many that work and ply their trade in malicious software and banking fraud found themselves unable to access their funds. For example, a bulletproof hosting provider on Darkode.com known as “off-sho.re” (a hacker profiled in this blog last week) said he stood to lose $25,000, and that the Liberty Reserve shutdown “could be the most massive ownage in the history of e-currency.”

That concern turned to dread for some after it became apparent that this was no ordinary outage. On Friday, the domain name servers for Libertyreserve.com were changed and pointed to ns1.sinkhole.shadowserver.org and ns2.sinkhole.shadowserver.org. Shadowserver is an all-volunteer nonprofit organization that works to help Internet service providers and hosting firms eradicate malware infections and botnets located on their servers.

In computer security lexicon, a sinkhole is basically a way of redirecting malicious Internet traffic so that it can be captured and analyzed by experts and/or law enforcement officials. In its 2011 takedown of the Coreflood botnet, for example, the U.S. Justice Department relied on sinkholes maintained by the nonprofit Internet Systems Consortium (ISC). Sinkholes are most often used to seize control of botnets, by interrupting the DNS names the botnet is programmed to use. Ironically, as of this writing Shadowserver.org is not resolving, possibly because the Web site is under a botnet attack (hackers from at least one forum threatened to attack Shadowserver.org in retaliation for losing access to their funds).

Reached via Twitter, a representative from Shadowserver declined to comment on the outage or about Liberty Reserve, saying “We are not able to provide public comment at this time.” I could find no official statement from the U.S. Justice Department on this matter either.

Libertyreserve.com is not the only virtual currency exchange that has been redirected to Shadowserver’s DNS servers. According to passive DNS data collected by the ISC, at least five digital currency exchanges –milenia-finance.com, asianagold.com, exchangezone.com, moneycentralmarket.com and swiftexchanger.com – also went offline this week, their DNS records changed to the same sinkhole entries at shadowserver.org.

Assuming the reports at The Tico Times and El Nacion are accurate, this would not be the first time Mr. Budovsky has attracted attention from authorities for money laundering. According to the Justice Department, on July 27, 2006, Arthur Budovsky and a man named Vladimir Kats were indicted by the state of New York on charges of operating an illegal money transmittal business, GoldAge Inc., from their Brooklyn apartments. From a Justice Department account of that case:

“The defendants had transmitted at least $30 million to digital currency accounts worldwide since beginning operations in 2002. The digital currency exchanger, GoldAge, received and transmitted $4 million between January 1, 2006, and June 30, 2006, as part of the money laundering scheme. Customers opened online GoldAge accounts with limited documentation of identity, then GoldAge purchased digital gold currency through those accounts; the defendants’ fees sometimes exceeded $100,000. Customers could choose their method of payment to GoldAge: wire remittances, cash deposits, postal money orders, or checks. Finally, the customers could withdraw the money by requesting wire transfers to accounts anywhere in the world or by having checks sent to any identified individual.”

From the U.S. government’s description, Liberty Reserve sounds virtually indistinguishable from GoldAge, except for having been based in Costa Rica. If Liberty Reseve stays offline, this could cause a major upheaval in the cybercrime economy. I will be following this case closely, and would expect to hear more about this apparently coordinated takedown following the Memorial Day holiday in the U.S. on Monday.

For now, however, many in the underground would rather believe almost any other explanation than a law enforcement takedown. The administrator of cybercrime forum Carder.pro, for example, has been telling forum members that the entire incident is the work of professional hackers working for Liberty Reserve’s competitors.

Carder.pro administrator “Ninja” isn’t buying the news being reported by Costa Rican media.

This post was syndicated from: Grigor Gatchev - A Weblog and was written by: Григор. Original post: at Grigor Gatchev - A Weblog

Колкото повече чопля политиката напоследък, толкова повече погнуса насъбирам. Точно както и всеки в България (с изключение на тези, от които се погнусяваме). Все едно чистя невъобразимо мръсна, гадна, смрадлива и най-вече невъобразимо запушена тоалетна… Повръща ми се! Мамка му, повръща ми се!

Само че ако не почистя тази тоалетна, поне колкото ми е по силите, тя все повече ще смърди и ще дави в съдържанието си всичко наоколо. И мен. И приятелите, които обичам. И семейството и децата ми… Затова стискам зъби да не побягна и заповръщам някъде. И, отчаян пред планината от миазми, продължавам да правя каквото мога, за да освободя поне някое мъничко кътче от смрадта. Да прочистя поне на капчица умовете на тези, които ценя и обичам. Да посея поне миг колебание и страх в сърцата на тези, които произвеждат миазмите и ни давят в тях. Поне за миг да ги уплаша, че лъжите им не са минали докрай. Че има хора, които не са се поддали на тях. Че тези хора ще продължават да напомнят истината и да протягат ръка на почти удавените. Винаги.

Не, не съм от тези герои. Или ако съм, е някъде най-долу. Един от обикновените редници в тази армия, която всъщност така или иначе няма команден състав. Но сред нея има и хора с много по-могъщ глас от моя. С несравнимо повече сила и харизма. Хората, на които се възхищавам. Които бих нарекъл мои учители, ако нямаше сигурно да ги посрамя.

Един от тях е Любомир Николов. Въпреки че не е от най-полизитираните, той също не търпи злото, включително в политиката. И се възмущава открито и без колебание от най-наглите, безпардонни и гнусни злини там. За което можете да прочетете поредния запис в блога му.

Сигурно Любо също е отвратен до повръщане – но се бори. Защото е вярно, че когато от политиката се махнат отвратените, в нея остават само отвратителните. Творящите зло и купените от тях… Бори се заради всички нас и заради тези, които идват след нас. И за да напомня на по-обикновените като мен, че изоставим ли борбата ни, спрем ли да отваряме очите на хората за измамите, ставаме неволни съучастници на злото. Предали се – не пред заплахата му, а пред отвращението, което то поражда…

Искам да му кажа – не се бой, писателю! Някои може и да не издържат, но други няма да се огънат. Ще продължават да отварят очите на хората и да ги крепят срещу лъжите и съня на разума, пораждан от тях. Да помагат на отказалите се да съберат сила да надигнат глас отново. И на излъганите – да разкъсат булото на измамата, да се пробудят от упойката на апатията. Да преодолеят отвращението от миазмите на злото.

И да се борят отново с отровата, която се опитва да ни удави. Колкото и да им се повръща от нея.

This post was syndicated from: Спирт, есенция и умора and was written by: Иван Жилин. Original post: at Спирт, есенция и умора

Васил е добре. Сърдит е, че не му дават да чете. Утре има прозорец за свиждане в интервала 16:00 – 18:00, ако някой иска да го види – Реанимацията на нервохирургията (ет. 7) на болница Иван Рилски. Да си носят еднократни престилки (продават се в аптеките). Не може повече от двама наведнъж да влизат в стаята, ако има повече хора се чакат на вратата.

Интересно, как ще му се получи плана в неделя вече да не е в болницата.

All pray the Great Cthulhu.

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

The MPAA-backed Federation Against Copyright Theft is well known for its anti-piracy actions around the UK, tracking down alleged movie pirates with the help of the police and hauling them, if at all possible, through the court system.

What remains remarkable about FACT operations is how they are able to persuade the police to invest significant resources towards detaining individuals for non-violent crimes. This week witnessed yet another example of that ability.

Five undercover cars containing 10 police officers and officers from the Federation Against Copyright Theft arrived at a property in the West Midlands at 07:30 Thursday morning.

The person they were looking for no longer lived at the address but in the space of 15 minutes three cars, four detectives and two FACT officers had made it to the correct location.

Armed with an emergency search warrant issued out of hours by a judge, police and FACT officers entered the suspect’s home.

“This morning I was arrested at my home under suspicion of recording and distributing Fast and Furious 6 and a few other titles,” the arrested man told TorrentFreak.

After seizing numerous items including three servers, a desktop computer, blank hard drives and blank media, police detained the 24-year-old and transported him to a nearby police station. Despite the ‘emergency’ nature of the raid, no movie recording equipment was found.

“At the police station I was interviewed by the police together with FACT (Federation Against Copyright and Theft). During questioning they asked me about Fast and Furious 6, where I obtained a copy from and if I was the one who went and recorded it at the cinema.”

Despite police involvement, as in previous cases it appears they were only present in order to gain access to the victim’s property, sit on the sidelines taking notes, and for their powers when it comes to presenting crimes for prosecution.

“I was detained for 3 hrs 12 minutes, out of that I was questioned for approximately 40 minutes. One police officer and two FACT officers conducted the interview. The police officer sat back and let FACT do all the questioning, so FACT were running the show,” the man reports.

TorrentFreak has seen copies of the issued bail sheets. Surprisingly they do not state any law under which the man was arrested, instead referring only to “Miscellaneous Offense”, apparently due to the police being unclear on what to write down.

“The custody officer could not find the relevant charge, however I remember them saying it came under Section 17 of the Copyright, Designs and Patents Act 1988,” the man explains.

As can be seen from the snapshot of bail sheet shown below, conditions have been attached.

“Although I have been released on police bail until September 23rd I have been banned from entering any cinema in England and Wales, while the investigation is being carried out,” the arrested man concludes.

Earlier this year FACT revealed that the Film Distributors Association had handed out cash rewards to more than a dozen cinema workers who managed to disrupt the work of alleged movie cammers in UK cinemas. Despite the successes, not a single individual was prosecuted. They will be hoping for a better result from this week’s arrest.

Source: Five Undercover Police Cars Sent To Arrest Single Alleged Movie Pirate

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

We have seen today a big rise of incoming packets of what appears to be a SQL Slammer attacks. Some of the detected packets are:

We have seen a sustained rate in many nodes  inside AS13489 and AS27989 nodes of  about 25 Mbps. Some very old SQL servers have been compromised, but the Internet speed has been compromised and navigation it's very slow.

Have you seen something like this today on your AS? Let us know!

Manuel Humberto Santander Peláez
SANS Internet Storm Center – Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

How does he know this?

Chris Cosentino, the Bay Area’s “Offal Chef” at Incanto in San Francisco and PIGG at Umamicatessen in Los Angeles, opted for the most intimidating choice of all — giant squid. “When it comes to underutilized fish, I wish the public wasn’t so afraid of different shapes and sizes outside of the standard fillet,” he said.

“I think the giant squid is a perfect example of an undervalued ocean creature. Everyone isn’t afraid of squid but the size and flavor of the giant squid scares people because it has a very intense flavor but it is quite delicious.”

I am surprised he has tasted giant squid?

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

A few months ago, I warned readers that a glaring privacy weakness in voice-over-IP telephony service Skype allows anyone using the network to quickly learn the Internet address of any other Skype user. A new beta version of the popular Microsoft program appears to have nixed that privacy leak with a setting that restricts this capability to connections in your Skype contacts only.

A new privacy feature in Skype Beta 6.5 for Windows and Mac 6.4

As I wrote on March 21, 2013,  number of services have emerged to help snoops and ne’er-do-wells exploit this vulnerability to track and harass others online. For example, an online search for “skype resolver” returns dozens of results that point to services (of variable reliability) that allow users to look up the Internet address of any Skype user, just by supplying the target’s Skype account name.

The resolvers can look up the IP address of any Skype user — whether or not that user is in your contacts list or even online at the time of the lookup. What’s more, resolver services frequently are offered in tandem with “booter” or “stresser” services, essentially sites that will launch denial-of-service attacks against a target of your choosing.

Apparently in response to this problem, Microsoft has added a new option to its Skype 6.5 Beta, released April 30, that allows users to allow direct connections to your contacts only. The information tab on this option, found under Skype->Options->Connection, says “When you call someone who isn’t a contact, we’ll keep your IP address hidden.”

I pinged Microsoft for an answer as to whether this feature was designed to plug the privacy leak exposed by resolver services. The company declined to say specifically what it may have changed about the Skype network and/or its software to address this problem, but it attributed the following emailed statement to a “Skype spokesperson;”

“Skype for Windows Beta 6.5 and Mac 6.4 now offer the option to prevent people not on your contact list from viewing your IP address. With this beta program, only your contacts will be able to access this information. We are allowing users to test this new security function and welcome any feedback as we continue to improve the communication experiences on Skype.”

I tested this beta version of Skype against a free Skype resolver service that has been reliable in the past at looking up IP addresses tied to specific Skype accounts. When I ran it against my everyday account using and older version of Skype, it successfully found my home IP. When I created a new Skype account with the Skype 6.5 beta on a separate machine, enabled the privacy feature and then tried the lookup again, it failed to locate my IP.

I should note that some Skype resolvers will cache previous lookups. That means if your Skype username has previously been looked up at a Skype resolver service, that service may show the correct IP for your Skype username if your IP address hasn’t changed since the last lookup.

This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net

There are three new stable kernels available: 3.9.4, 3.4.47,
and 3.0.80. All contain important fixes.

This post was syndicated from: Спирт, есенция и умора and was written by: Иван Жилин. Original post: at Спирт, есенция и умора

Васил е като след операция – добре като цяло. В реанимация е още, но скоро трябва да го върнат в отделението. Засега всичко е наред, няма нищо притеснително.

All pray the Great Cthulhu.

This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net

A security issue has been identified in the tool used by the Fedora Project
to create cloud images. “Images generated by this tool, including
Fedora Project “official” AMIs (Amazon Machine Images), AMIs whose heritage
can be traced to official Fedora AMIs, as well as some images using the AMI
format in non-Amazon clouds, are affected, as described below.” The
flaw has been assigned CVE-2013-2069.

This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net

Long time Debian developer Ray Dassen died on May 18. “The Debian Project honours Ray’s great work and his strong dedication to
Debian and Free Software. His technical knowledge and his ability to
share that knowledge with others will be missed. His contributions will
not be forgotten, and the high standards of his work will continue to
serve as an inspiration to others.”

This post was syndicated from: LWN.net and was written by: ris. Original post: at LWN.net

Debian has updated libdmx (multiple
vulnerabilities), libxv (multiple
vulnerabilities), libxvmc (multiple
vulnerabilities), libfixes (multiple
vulnerabilities), libxrender (multiple
vulnerabilities), mesa (multiple
vulnerabilities), xserver-xorg-video-openchrome (multiple
vulnerabilities), libxt (multiple
vulnerabilities), libxcursor (multiple
vulnerabilities), libxext (multiple
vulnerabilities), libxi (multiple
vulnerabilities), libxrandr (multiple
vulnerabilities), libxp (multiple
vulnerabilities), libxcb (multiple
vulnerabilities), libfs (multiple
vulnerabilities), libxres (multiple
vulnerabilities), libxtst (multiple
vulnerabilities), libxxf86dga (multiple
vulnerabilities), libxinerama (multiple
vulnerabilities), libxxf86vm (multiple
vulnerabilities), and libxvmc (regression
in previous update).

openSUSE has updated kernel
(multiple vulnerabilities), firefox
(multiple vulnerabilities), and icedtea-web
(multiple vulnerabilities).

Red Hat has updated kvm (privilege
escalation).

SUSE has updated kernel (privilege
escalation).

Ubuntu has updated kernel (13.04; 12.10;
12.04 LTS: multiple vulnerabilities),
quantal HWE kernel (12.04 LTS:
multiple vulnerabilities), and OMAP4 kernel
(12.10: multiple vulnerabilities).

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

The research in G. Giguère and B.C. Love, “Limits in decision making arise from limits in memory retrieval,” Proceedings of the National Academy of Sciences v. 19 (2013) has applications in training airport baggage screeners.

Abstract: Some decisions, such as predicting the winner of a baseball game, are challenging in part because outcomes are probabilistic. When making such decisions, one view is that humans stochastically and selectively retrieve a small set of relevant memories that provides evidence for competing options. We show that optimal performance at test is impossible when retrieving information in this fashion, no matter how extensive training is, because limited retrieval introduces noise into the decision process that cannot be overcome. One implication is that people should be more accurate in predicting future events when trained on idealized rather than on the actual distributions of items. In other words, we predict the best way to convey information to people is to present it in a distorted, idealized form. Idealization of training distributions is predicted to reduce the harmful noise induced by immutable bottlenecks in people’s memory retrieval processes. In contrast, machine learning systems that selectively weight (i.e., retrieve) all training examples at test should not benefit from idealization. These conjectures are strongly supported by several studies and supporting analyses. Unlike machine systems, people’s test performance on a target distribution is higher when they are trained on an idealized version of the distribution rather than on the actual target distribution. Optimal machine classifiers modified to selectively and stochastically sample from memory match the pattern of human performance. These results suggest firm limits on human rationality and have broad implications for how to train humans tasked with important classification decisions, such as radiologists, baggage screeners, intelligence analysts, and gamblers.

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

To protect themselves against excessive monitoring, security exploits and ISP throttling, some BitTorrent users turn to anonymizing services such as VPNs and proxies.

Over the past months interest in these privacy protection services has surged. However, for some less technically skilled people all the talk about privacy settings and IP-leaks may prove to be too much.

The latter group is now catered for by TrafficPrivacy, a new and fully anonymous BitTorrent client that launched this week. Feature wise the client is relatively limited, but unlike others it has a fully configured and dummy proof anonymity option built in. Simply enter your login credentials and everything just works.

“TrafficPrivacy’s mission is to provide users with real 100% protection and anonymity without additional settings, which can be quite difficult for non tech savvy users. That’s why we include protection into a tiny BitTorrent client,” TrafficPrivacy’s Alex told TorrentFreak.

As with other anonymity services a long term subscription to TrafficPrivacy doesn’t come free. The service is currently priced at $6.95 per month, but there is a 7-day free trial available for people who want to give it a spin before committing to it longer term.

Contrary to VPNs or BitTorrent proxies, users will have to swap their current BitTorrent client for the TrafficPrivacy software. This is a deliberate choice from the makers, as it’s the only way to guarantee that all the privacy settings are properly configured.

With Vuze, uTorrent and other clients people often forget to use the right settings or get confused by the terminology, which can result in their true IP-address leaking out. The new client’s goal is to avoid this.

“The target audience for TrafficPrivacy are users who put a lot of value on their safety and anonymity, but do not want to configure all the complicated settings. We want to keep everything as simple as possible and let users feel safe without tinkering with various privacy options in current BitTorrent clients,” Alex says.

TrafficPrivacy BitTorrent Client

One thing to keep in mind is that TrafficPrivacy only offers anonymous BitTorrent transfers. Other traffic, such as that generated by a web browser, will be linked to the user’s regular IP-address. Users can see if anonymity is turned on directly from the client, but it’s always wise to verify it through an external service that checks the BitTorrent IP.

To guarantee the user’s privacy the company says it doesn’t keep any connection logs that can be traced back to individual customers. Also, if the TrafficPrivacy servers happen to go down the client will stop working entirely.

“If TrafficPrivacy server goes down, all downloads stop and it doesn’t leak the real IP-address,” Alex informs TorrentFreak.

The TrafficPrivacy team are no newcomers to the security scene. The new client was developed as part of the existing TorrentPrivacy proxy/VPN service, but when the new client was finished they decided to turn in into a completely new product and a brand of its own.

While TrafficPrivacy might not appeal to all BitTorrent users, its ease of use and simplicity will probably be welcomed by those who are less technically skilled.

Source: TrafficPrivacy Launches Anonymous BitTorrent Client

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Interesting report from the From the Pew Internet and American Life Project:

Teens are sharing more information about themselves on their social media profiles than they did when we last surveyed in 2006:

• 91% post a photo of themselves, up from 79% in 2006.
• 71% post their school name, up from 49%.
• 71% post the city or town where they live, up from 61%.
• 53% post their email address, up from 29%.
• 20% post their cell phone number, up from 2%.

60% of teen Facebook users set their Facebook profiles to private (friends only), and most report high levels of confidence in their ability to manage their settings.

danah boyd points out something interesting in the data:

My favorite finding of Pew’s is that 58% of teens cloak their messages either through inside jokes or other obscure references, with more older teens (62%) engaging in this practice than younger teens (46%)….

While adults are often anxious about shared data that might be used by government agencies, advertisers, or evil older men, teens are much more attentive to those who hold immediate power over them — parents, teachers, college admissions officers, army recruiters, etc. To adults, services like Facebook that may seem “private” because you can use privacy tools, but they don’t feel that way to youth who feel like their privacy is invaded on a daily basis. (This, btw, is part of why teens feel like Twitter is more intimate than Facebook. And why you see data like Pew’s that show that teens on Facebook have, on average 300 friends while, on Twitter, they have 79 friends.) Most teens aren’t worried about strangers; they’re worried about getting in trouble.

Over the last few years, I’ve watched as teens have given up on controlling access to content. It’s too hard, too frustrating, and technology simply can’t fix the power issues. Instead, what they’ve been doing is focusing on controlling access to meaning. A comment might look like it means one thing, when in fact it means something quite different. By cloaking their accessible content, teens reclaim power over those who they know who are surveilling them. This practice is still only really emerging en masse, so I was delighted that Pew could put numbers to it. I should note that, as Instagram grows, I’m seeing more and more of this. A picture of a donut may not be about a donut. While adults worry about how teens’ demographic data might be used, teens are becoming much more savvy at finding ways to encode their content and achieve privacy in public.

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

Yesterday, Renai LeMay of Delimiter broke the news that mass piracy lawsuits are headed back to Australia.

LeMay revealed that a lawfirm has written a series of letters to major Aussie ISPs asking that they hand over the personal details of individuals said to have downloaded and shared their clients’ copyright material without permission.

After confirming with several sources, Delimiter revealed that the company in question is Sydney-based law firm Marque Lawyers.

So far, several of the ISPs contacted have informed Marque that they will not be handing over the information requested. In response the law firm said it is considering using the courts to force them to do so.

Delimiter contacted Marque both by telephone and email yesterday morning requesting an interview, but when we spoke with LeMay last night nothing had yet been heard back. However, when that call does come it is likely to be an uncomfortable one.

Yesterday morning, just after the Delimiter article went live, a tipster sent TorrentFreak an interesting document. Titled “It wasn’t me, it was my flatmate! – a defense to copyright infringement?” the paper, a newsletter published by Marque themselves, details the company’s stance on file-sharing accusations.

The paper begins with a potted history of the Joel Tenenbaum case in the United States but gets the facts wrong straight from the beginning.

“You may have heard that the US Supreme Court recently refused to hear the appeal of a college student who was ordered to pay $675K in damages for illegally downloading and redistributing thousands of songs through BitTorrent,” the Marque paper begins, wrongly mentioning BitTorrent and the number of songs in the case.

The company then moves on to the big issue of the day – U.S.-based companies who write to ISPs in the hope of identifying alleged pirates so that cash settlements can be obtained. This is where it gets awkward – really awkward.

Referencing a previous case in New York, Marque notes that a court refused to hand over the personal details of Internet subscribers to the plaintiff.

“The judge, rightly in our view, agreed with the users that just because an IP address is in
one person’s name, it does not mean that that person was the one who illegally
downloaded the porn,” Marque Lawyers write.

“As the judge said, an IP address does not necessarily identify a person and so you can’t
be sure that the person who pays for a service has necessarily infringed copyright.”

The law firm then goes on to back up its assertion with scenarios in which the account holder would not be the infringer.

“For example, in an office or at home, where there is a WiFi connection, only one IP
address will be allocated to that wireless connection. This means that every user of each
device (computer, iPad, iPhone etc) connected to that WiFi connection will use the same
IP address. Even a random passerby accessing the WiFi network would be using the
same IP address,” the company explains.

“This decision makes a lot of sense to us. If it holds up, copyright owners will need to be a whole lot more savvy about how they identify and pursue copyright infringers and, perhaps, we’ve seen the end of the mass ‘John Doe’ litigation,” they conclude.

The big question is whether Marque’s clients have indeed become “more savvy” or whether they still intend to rely on IP address-only evidence. If so, the Marque Lawyers document (which can be downloaded here and also from Marque’s own server) will come in very handy for letter recipients.

If the lawfirm writing the letter doesn’t believe that the evidence is up to much, there’s no reason the recipient should either. A simple denial is going to be difficult to argue with.

Source: IP Addresses Don’t Positively Identify Infringers, Anti-Piracy Lawfirm Says

This post was syndicated from: xkcd.com and was written by: xkcd.com. Original post: at xkcd.com

This post was syndicated from: Raspberry Pi and was written by: eben. Original post: at Raspberry Pi

Update: Daniel’s blog post here provides some more info, including how to install the technology preview on Raspbian today. And Pekka’s blog post here has some very detailed technical information on the implementation of the Weston backend.

If you’re familiar with the Raspberry Pi desktop experience, you’ll have noticed that windows on the desktop can be a bit slower to move around than you’re used to on your PC or laptop. This is because X, the windowing software (or composition protocol) that we use, is not optimised to use the graphics core of the BCM2835, the chip at the heart of the Raspberry Pi. All the work is done by the ARM processor instead, which slows things down and leaves the graphics core twiddling its thumbs. That graphics core is extremely powerful, so we’re working on putting it to good use to fix the issue.

We’ve made the decision to bypass X completely. Over the past few months we’ve been working with our friends at Collabora to implement the open-source Wayland composition protocol on top of the BCM2835 hardware video scaler (HVS). The HVS is a very powerful piece of hardware, with a scaling throughput of 500 megapixels per second and blending throughput of 1 gigapixel per second. It runs independently of the OpenGL ES hardware, so we can continue to render 3d graphics at the full, very fast rate, even while compositing.

Wayland composited desktop with XWayland and native applications.

In comparison to our current X11 desktop environment, Wayland frees the ARM from the burden of stitching together the top level of the composition hierarchy, and allows us to provide some neat features, including non-rectangular windows, fades for windows which don’t have input focus and an Exposé-like scaled window browser (the sort of thing that Mac users will be familiar with). Legacy X applications can still be supported using XWayland. Check out this video from Collabora to see these features in action, and to compare the current state of affairs with the Wayland future. Those non-rectangular shapes? They’re also windows.

We’re still working to improve performance and memory consumption, and don’t expect to be able to replace X11 as our default desktop environment until later in the year, but we will be including a technology preview in our next Raspbian release. Until then, this post on Collabora’s website gives some more background.

As with PyPy, the Raspberry Pi Foundation has funded this work on Wayland; it’s one of the ways we are trying to give back to the open-source community. Obviously, much of the work on this particular project is Raspberry Pi specific, but there’s a large portion of what’s being done, particularly around XWayland and some of the generic effects in Weston, that can be reused on many other platforms.

We’re looking forward to being able to push out the full release in the next few months. We hope you like the look of it!

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

This post was syndicated from: Raspberry Pi and was written by: clive. Original post: at Raspberry Pi

Raspbian running in the dash of a Ford Focus

Last century I spent weeks researching car computers. I wanted mp3s, videos and access to Notepad on the road. I wanted my car to respect and love me, just like KITT loved David. I wanted it to shout, “Right on tiger!” when I achieved an optimum MPG and to flash up encouraging messages like, “Hello Clive, might I say that you are driving very handsomely today” on a heads-up display.

Sadly it was never to happen. The reality was that you needed a PC the size of a coypu in the boot; an industrial 12/240v inverter; a 15″ CRT monitor strapped to your dash; and hawseholes in your bulkheads. And after a week of constant rebooting halfway through Captain Sensible’s Happy Talk, your hard drive failed because of the vibration and your battery discharged for good.  (I gave up and bought a 32Mb Diamond Rio and a hi-tech cassette adapter instead.)

Back in the 21st century, Derek Knaggs at Flamelily I.T has made the thing of my dreams: a low cost, low maintenance, general purpose car computer. There are other Pi-based car computers about but we especially liked this one because it’s simple, cheap and it looks like a factory fit. Very smart.

A quick swap of SDs and Raspbmc meets all of your multimedia needs

The Raspberry Pi is stored in the centre console and all wires routed underneath. Audio is fed through the aux socket of the car’s radio so no additional hardware is needed for this. A wifi dongle provides internet connectivity on the move via a mobile phone hotspot.

Neatly tucked away in the console — note the wifi dongle for internet on the move.

Full details including a shopping list are on Derek’s blog. I’m off to make one.

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

There are dozens of file-sharing related lawsuits filed every month across the United States so it’s virtually impossible to keep up with them all, but one appeared this week that everyone will want to keep an eye on.

Voltage Pictures are the outfit behind the award-winning movie The Hurt Locker. The company has a record of suing large numbers of alleged copyright infringers across the United States and its latest effort will thrust the filmmaker right back into the spotlight.

The case was filed Tuesday in Portland, Oregon, against a single named defendant. The basic claims are familiar – defendant is a file-sharer who breached Voltage’s copyrights (in this case for the movie ‘Maximum Conviction’) and who must now be held accountable to the tune of $150,000 in damages.

It’s standard fare, until one starts to drill down into the details. The defendant’s name is Jim Choi and he has an eyebrow-raising occupation.

“Defendant Jim Choi is an attorney with offices at 16323 SE Stark Street # 3, Portland,
Oregon, 97233,” the lawsuit reads.

Choi’s website, PDXBankruptcy.com, has been taken down but with help from Google’s cache and Google+ his name and status can be confirmed.

Choi describes himself as a bankruptcy lawyer and a member of both the Oregon and Florida State Bars. He has a keen interest in music and also holds black belts in Tae Kwon Do and Judo. Whether they will help him fight off Voltage remains to be seen – the claims against him are scathing.

Voltage say that the IP address they traced back to Choi through ISP Century Link was observed sharing the movie ‘Maximum Conviction’ in November 2012, but the accusations don’t stop there.

“Choi is a prolific proponent of the BitTorrent distribution system advancing the BitTorrent economy of piracy causing injury to plaintiff,” the complaint reads.

The movie company then goes on to list another 66 claimed instances of copyright infringement allegedly carried out by Choi on a wide range of content including Hollywood movies, TV shows and software.

Voltage’s claims that Choi infringed other company’s copyrights are of real interest. The unnamed anti-piracy outfit hired by Voltage to monitor for infringement on the studio’s torrents is clearly monitoring and cross matching IP addresses on other people’s content too.

Furthermore, in order to accurately prove that Choi had infringed copyright on these other items the monitoring company must actively participate in torrent swarms of content that has nothing to do with Voltage. If the company does not have permission from those rightsholders to do so, it too is breaching copyright.

These facts suggest the involvement of a larger than usual operation. Voltage are known to use Canadian monitoring company Canipre, but they are not named in this lawsuit.

Moving on, the lawsuit also makes some ‘interesting’ assumptions about the nature of Choi’s BitTorrent activities.

“Another growing element of the BitTorrent model is that users are able to attach advertising to the files they upload through various means allowing them to generate revenue through the propagation of the titles they make available to others,” the lawsuit reads.

“In this case, plaintiff’s motion picture as copied and distributed by defendant is associated
with the ‘TORRENTING.COM’ branding in the title.”

The suggestion here is that since Choi allegedly shared a file that that had a website URL in its title (a common occurrence and one generally used to show where a file came from) he was doing so in order to generate revenue. And it doesn’t stop there.

“In information and belief, Choi is either directly affiliated with TORRENTDAY.COM and other third party sites as a subscriber and contributor or indirectly promoting the activities of TORRENTDAY.COM and other third party sites in an effort to profit from piracy through the copying and distribution of plaintiff’s motion picture.”

Essentially, Voltage are claiming that Choi deliberately assisted with the advertising of torrent sites and release groups (and generated profit from such) because he shared content with their names present in file titles. The full range of titles can be seen here (pdf).

The fact that Voltage Pictures have targeted an attorney certainly provides food for thought. Is an attorney more likely to quickly fold and pay up in order to protect his reputation and business, or is he likely to take advantage of his legal knowledge to mount a robust and essentially free defense?

This is a unique case and certainly one to keep an eye on.

Source: Hurt Locker Makers Sue Attorney for Being “Prolific” BitTorrent Pirate

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

I learned yesterday that, after writing my rebuttal, Dr. Hany Farid began to go on tour. He gave an interview with Wired in which he repeated his claim that I do not understand XMP metadata. He further mentioned a communication that FourAndSix had with me prior to their report, in which Kevin Connor repeatedly tried to convince me that I was wrong, but his samples failed to support his claim.

In this blog entry, I’m going to go over the XMP data that I summarized earlier in extreme detail and show how I reached my conclusion. I will follow it by showing how FourAndSix were unable to convince me that I am wrong.

NOTE: Compared to my other blog entries, this is an overly technical entry. Regular readers may not be able to follow all of it, but I’m certain that techies will enjoy the detailed walk-through.

Acquiring the XMP Data

Before we begin, let’s set a basic assumption: assume that the data isn’t tampered or edited. This assumption allows us to interpret everything at face value.

The image we are analyzing is at FotoForensics. FotoForensics does not alter the original uploaded data, and the filename is the file’s sha1 checksum and length: image. To download the image, go to the bottom of the page and click on the ‘Source’ link. After you download the picture, verify the sha1 checksum and length.

Next, we need to extract the XMP data. There are automated tools for analyzing metadata, but most of them reformat the information or add/remove content. For example, ExifTool is a great analysis program, but it reformats the XMP information. Using ExifTool to extract the XMP data will rewrite hashes.

exiftool -tagsfromfile 7d72b2ba004477f4e45203770d7c08392f461a69.274701.jpg data.xmp

Since we want to see the original data, we will be doing the extraction by hand.

To see the XMP data, you can either use Photoshop, dd, or strings. With Photoshop: load the image, then go to the File menu, select “File Info”, and then open the ‘Raw Data’ tab. If you don’t have a ‘Raw Data’ tab, then search around the window for an option to enable it. Keep in mind, Photoshop reformats the XMP data. The ‘Raw’ view isn’t actually the raw XML; it is the XML after being formatted, potentially rearranged, and potentially altered.

For unix people, the ‘dd’ command is the best option for extracting the actual data. The command is ‘dd bs=1 if=7d72b2ba004477f4e45203770d7c08392f461a69.274701.jpg of=data.xmp skip=718 count=3827′.

However, my preference when doing this by hand is to just use ‘strings’ to extract the raw data. XMP is just an XML text block, so the ‘strings’ command properly extracts the data. We can then go in and delete everything before the first ‘<?xml’ and last ‘<?xpacket end=”r”?>’.

In this case, the real XMP data (not formatted by Photoshop) has no newlines, so we can pretty up the format using:

xmllint -format data.xmp > data-formatted.xmp

This alters the formatting for readability, but not the content or record ordering.

Tracking XMP Sources

Usually when evaluating files, there’s a basic belief that consistent tools generate consistent formats. However, that’s not the case with Adobe. There is no consistent layout for an XMP record — it all depends on the library that generated or appended to it.

What’s worse is that Adobe doesn’t even know “which library” is used. This is because their code ships with multiple library versions. For example, my Mac has CS5 installed. Bridge CS5 contains a shared library (/Applications/Adobe Bridge CS5/Adobe Bridge CS5.app/Contents/Frameworks/AdobeXMP.framework/Versions/A/AdobeXMP). Adobe Photoshop CS5 has two shared libraries for XMP (AdobeXMP and AdobeXMPFiles), Adobe Captivate 5 has three libraries, etc. What’s worse is that these libraries don’t even need to be the same. In my case, the “AdobeXMP” library for Bridge CS5 is different from the “AdobeXMP” library for Photoshop CS5. Depending on your installation path, software, and patches, everything can be different.

What this means: If you use the Adobe Bridge and Adobe Photoshop, then the XMP data may be generated by any of three potentially different XMP libraries. This problem is actually a little worse because these are shared libraries. There is a chance that the first one loaded wins — the order that the applications are used may alter the XMP content’s format.

Different Adobe XMP libraries have different output formats and different bugs. I’ve been slowly mapping format artifacts to versions, but that’s a story for some other day. The main thing to keep in mind is that all XMP formatting is effectively arbitrary. In general, the XML format permits keys/value pairs to be listed per tag, or together as attributes in a tag. For example: <tag field=value /> can also be written as <tag><field>value</field></tag>. In the world of XMP, these are functionally equivalent.

Since we don’t know the software and patch levels on the photographer’s computer, we don’t really care about the overall layout. The only important aspects are the fields, values, and XML nesting. Don’t get caught up in the fact that the first block in the raw data uses lots of field=value attributes, and the other blocks use lots of <field>value</field> entries.

Beginning the Evaluation

All XMP records begin the same way: <?xpacket begin=”..” id=”W5M0MpCehiHzreSzNTczkc9d”?>. The “..” is some binary data used for determining endian for multi-byte text, but there’s no multi-byte text in this file. The “W5M0MpCehiHzreSzNTczkc9d” is a unique key used by every XMP file as a “magic signature”; it identifies this record as an XMP record. After this header comes the data.

In the raw XMP, all data is stored in an XMP “rdf:Description” block. It describes where the file came from and the sources that led to it. Some of this XMP data is inherited from other metadata fields in the file, including the original EXIF data. This record contains things like the type of lens (aux:Lens=”EF16-35mm f/2.8L II USM”) and information about the flash (‘aux:FlashCompensation=”0/1″‘ means that no flash was used). The full intro looks like:

<rdf:Description xmlns:photomechanic=”http://ns.camerabits.com/photomechanic/1.0/” xmlns:photoshop=”http://ns.adobe.com/photoshop/1.0/” xmlns:dc=”http://purl.org/dc/elements/1.1/” xmlns:xmp=”http://ns.adobe.com/xap/1.0/” xmlns:aux=”http://ns.adobe.com/exif/1.0/aux/” xmlns:xmpMM=”http://ns.adobe.com/xap/1.0/mm/” xmlns:stEvt=”http://ns.adobe.com/xap/1.0/sType/ResourceEvent#” xmlns:stRef=”http://ns.adobe.com/xap/1.0/sType/ResourceRef#” xmlns:xmpRights=”http://ns.adobe.com/xap/1.0/rights/” rdf:about=”" photomechanic:HasCrop=”False” photomechanic:Prefs=”1:0:0:005403″ photomechanic:PMVersion=”PM4″ photoshop:LegacyIPTCDigest=”435D74FBC12C4007083CF8F390DA6484″ photoshop:Country=”Palestinian Territories” photoshop:DateCreated=”2012-11-20T09:39:38+01:00″ dc:format=”image/jpeg” xmp:ModifyDate=”2013-02-15T11:55:30+01:00″ xmp:CreateDate=”2012-11-20T09:39:38″ xmp:MetadataDate=”2013-02-15T11:55:30+01:00″ xmp:CreatorTool=”Adobe Photoshop CS6 (Macintosh)” xmp:Rating=”0″ aux:SerialNumber=”013021001346″ aux:LensInfo=”16/1 35/1 0/0 0/0″ aux:Lens=”EF16-35mm f/2.8L II USM” aux:LensID=”246″ aux:LensSerialNumber=”0000400fe1″ aux:ImageNumber=”0″ aux:ApproximateFocusDistance=”163/100″ aux:FlashCompensation=”0/1″ aux:Firmware=”1.1.3″ xmpMM:DocumentID=”xmp.did:81D9BBB16F1211E2B21DD3F6B94651E8″ xmpMM:OriginalDocumentID=”11CD104525F505861ED0EC6DAC391558″ xmpMM:InstanceID=”xmp.iid:81D9BBB06F1211E2B21DD3F6B94651E8″ xmpRights:Marked=”False”>

(For XML users, you’ll notice that this is just the opening tag. The close is at the end of the file.)

The header identifies the creator tool as “Adobe Photoshop CS6 (Macintosh)”. Since we have the basic assumption that the file has not been tampered in an effort to throw off a forensic investigation, we can assume that all artifacts in the XMP record are specific to XMP libraries found on this platform.

The most important records in this header are the IDs:

xmpMM:DocumentID=”xmp.did:81D9BBB16F1211E2B21DD3F6B94651E8″
xmpMM:OriginalDocumentID=”11CD104525F505861ED0EC6DAC391558″
xmpMM:InstanceID=”xmp.iid:81D9BBB06F1211E2B21DD3F6B94651E8″

Adobe’s XMP format maintains two types of IDs: Document ID (DID) and Instance ID (IID). The DID is created once per file. Each time you use “Save As”, a new DID is assigned. But simply hitting save (after the first save) does not alter the DID.

In contrast, the IID is updated each time you hit “Save” — indicating another instance of the file. If you save a picture, open it, and continue editing, then the IID will be updated but the DID will not. The DID only changes when you hit “Save As” (or Save For Web or Export… anything that creates a new file). Every file should have a DID that identifies the direct base and an IID that reflects the saved instance. The XMP typically records the IID history as a series of timestamped events. (Notice that I say “typically” — since XMP libraries differ, some don’t timestamp.)

The other thing to notice is right-half of the long random hexadecimal value. CS6 for the Mac (Intel architecture) first generates the value when the program is started. Other than that, CS6 increments one byte. Usually this is the first byte, but sometimes this the 4th byte. (It depends on which XMP library is called.)

With Photoshop CS6 for the Mac, opening a new file will partially randomize the left-half, but not the entire sequence. Typically the initial IID and DID values differ by an incremental value, but sometimes they are the same (it just depends on which XMP library created them). In this case, the DID and IID are incremental at the 4th byte: DID=81D9BBB16F1211E2B21DD3F6B94651E8 and IID=81D9BBB06F1211E2B21DD3F6B94651E8. Since they are incremental, we know that they were created at the same time, during the first save of this file. In effect, we know the user did a “Save As” and not just a “Save”. (Well, a “Save” for the first time may bring up the “Save As” dialogue window. But subsequent saves will just overwrite the file, retaining the DID and updating the IID.)

The other field is the “Original Document ID” (ODID). When you open a file that has an XMP record, it inherits the DID. Doing a “Save As” generates a new DID. The ODID holds the value of the previous DID. This is very explicit: it tell us that the user had edited the file, saved it, opened it, and then did a “Save As”. (We’ll see this same sequence in the History block in a moment.)

Ancestors

The next section in the XMP record is the Document Ancestor block:

<photoshop:DocumentAncestors>
<rdf:Bag>
<rdf:li>xmp.did:068011740720681180A9CEE8487CF300</rdf:li>
<rdf:li>xmp.did:0A8011740720681180A9CEE8487CF300</rdf:li>
<rdf:li>xmp.did:8F19CA801520681180A9CEE8487CF300</rdf:li>
<rdf:li>xmp.did:9119CA801520681180A9CEE8487CF300</rdf:li>
</rdf:Bag>
</photoshop:DocumentAncestors>

According to the XMP specifications (search Google for “XMP Specifications Part” — there are three parts), the Document Ancestors denote “copy-and-paste or place” operations. These do not identify what was incorporated into the file — it could be an entire picture or a portion of a picture. We only know that these four separate files were incorporated into an existing file. These records identify other documents (DID) that were added to this document. This is explicitly the definition of a composition: a picture made form other pictures.

I think it is safe to assume that the four documents are different — either in coloring or content. This is a pretty safe assumption since it is unlikely that the artist would save four copies of the same document and then incorporate all four identical files.

Since the right-side of these hex sequences are identical, it implies that they were all from the same instantiation of the Adobe program. We don’t know what program created these, but we do have a strong reason to believe that the sequence of events was as follows:

1. An Adobe program was started and opened an image. This initialized the common DID bytes.

2. The Adobe program did a “Save As” operation. This generated the “0680117…” DID file. Since CS6 increments — and we have no reason to suspect anything other than CS6 — we even know that the IID for that file is likely “0780117…”. (Could be “05…”, depending on the library, but in this case, it is likely “07″.)
3. The next DID begins with “0A80117…”. So what happened to “08″ and “09″? The user may have hit “Save” twice, or may have done a “Save As” (consuming two IDs) to a file that was not used as an ancestor to this file. (Foreshadowing: We’ll actually see “09″ in the next block; it’s from a “Save As”.)
4. The user did not close the program. He just did another “Save As”, generating DID “0A8117…” and we can assume that it had IID “0B8117…”. Keep in mind, we have no idea how much time has passed or what else the user did to the picture. We only know that there was another “Save As”.
5. Then the left-hand sequence changed. As already mentioned, this means that the user opened a document. We don’t know if the document represents the same picture. We don’t even know if it was related. Seriously, just opening a document will randomize the left side. So we don’t know what happened between 0A80117 and 8F19CA. We just know that the user did a “Save As”, generating DID “8F19CA8…” and we know the IID would likely be “9019CA8…”.
6. The user did one more “Save As”, generating the next sequential IDs: DID “9119CA8…” with IID likely “9219CA8…”.

(Technical note: The Document Ancestors is supposed to be an unsorted array. However, I’ve only seen it as sorted in the order of events. Assuming that it is unsorted, we still know that “0680117…” came before “0A80117…” and “8F19CA8…” came before “9119CA8…” due to incremental sequencing.)

The one thing the XMP record does not tell us is what was in these files. Each could be the entire original image. Each could be colorized differently. Each could be a selection of parts from the file. In fact, the user could have opened a completely different file and pasted from it.

The only thing we do know is that (1) there are four independent documents (as defined by Adobe), and (2) they were combined into a picture to form the final image.

We also know one more thing: We know the order of events. The user started an Adobe product and created these four ancestors. He then closed the Adobe product (or ran a completely different Adobe product) and started creating a file. He then closed that application, generating the ODID (which, at the time, was assigned as the DID). He then opened the file and did a “Save As”, generating the final DID and demoting the old DID to the Original Document ID. We know this, because the right-side of the ancestor IDs are different from the header IDs — and that only seems to happens when the program is restarted. In contrast, if the user had closed all files — but not closed the program — and opened a different file, then the right-side would remain the same and the left-side (at least the first 8 bytes) would be different.

History Records

The next section is the “History” record. This identifies what happened with this specific document. It’s essentially a timestamped, ordered array:

<rdf:li stEvt:action=”saved” stEvt:instanceID=”xmp.iid:A29730BC0A2068119EE9AF3C2BE2913F” stEvt:when=”2012-11-20T17:19:09+01:00″ stEvt:softwareAgent=”Adobe Photoshop Camera Raw 7.1 (Macintosh)” stEvt:changed=”/metadata”/>
<rdf:li stEvt:action=”saved” stEvt:instanceID=”xmp.iid:098011740720681180A9CEE8487CF300″ stEvt:when=”2013-01-04T14:44+01:00″ stEvt:softwareAgent=”Adobe Photoshop Camera Raw 7.1 (Macintosh)” stEvt:changed=”/metadata”/>
<rdf:li stEvt:action=”derived” stEvt:parameters=”converted from image/x-canon-cr2 to image/tiff”/>
<rdf:li stEvt:action=”saved” stEvt:instanceID=”xmp.iid:8F19CA801520681180A9CEE8487CF300″ stEvt:when=”2013-01-04T15:43:45+01:00″ stEvt:softwareAgent=”Adobe Photoshop Camera Raw 7.1 (Macintosh)” stEvt:changed=”/”/>
<rdf:li stEvt:action=”saved” stEvt:instanceID=”xmp.iid:525849A00F206811822A94D83E08B11E” stEvt:when=”2013-01-04T16:08:44+01:00″ stEvt:softwareAgent=”Adobe Photoshop CS6 (Macintosh)” stEvt:changed=”/”/>
<rdf:li stEvt:action=”converted” stEvt:parameters=”from image/tiff to image/jpeg”/>
<rdf:li stEvt:action=”derived” stEvt:parameters=”converted from image/tiff to image/jpeg”/>
<rdf:li stEvt:action=”saved” stEvt:instanceID=”xmp.iid:A0AEE3D11C206811822A94D83E08B11E” stEvt:when=”2013-01-04T16:08:44+01:00″ stEvt:softwareAgent=”Adobe Photoshop CS6 (Macintosh)” stEvt:changed=”/”/>
<rdf:li stEvt:action=”saved” stEvt:instanceID=”xmp.iid:048011740720681180839DD19BA24E58″ stEvt:when=”2013-02-15T11:23:04+01:00″ stEvt:softwareAgent=”Adobe Photoshop CS6 (Macintosh)” stEvt:changed=”/”/>

Since the list is ordered, entries that are missing timestamps had to happen between the two dated elements. (I don’t think it’s documented, but I believe they are associated with the timestamp that comes after them.)

This is the data that I previously, briefly summarized.

1. The first IID ends with “…2BE2913F”. This sequence doesn’t match anything that we have previously seen. It did not come from any of the ancestor documents. It did not come from the header’s DID or ODID. So we explicitly know that another document exists (or existed) that had a DID end with “…2BE2913F”. So here’s what happened: The user started a file. It was assigned a DID. He closed the program, opened it again and did a “Save As”, demoting the DID to an ODID. Then he did it again — “Save As” created a new DID, the old DID is demoted to an ODID, and the old ODID is lost. We have no XMP record identifying the original DID from the first time the file was created, but we have this IID that represents that first iteration.

   The next thing this record tells us is that the IID was generated by “Adobe Photoshop Camera Raw 7.1″. Camera Raw converts a deep-color image into an 8-bit deep image for Photoshop. This means that the first operation was a RAW image import into Photoshop. This means it is the whole picture, but XMP does not identify “which” picture.

   There are different ways to incorporate the converted camera raw picture into Photoshop. Most methods identify the “changed” record as “/”, meaning the picture changed. However, sometimes it only changes “/metadata”. As Adobe describes it, “When you use Camera Raw, the adjustments (or ‘instructions’) you make are stored as metadata.” Don’t assume that he only changed metadata; he likely changed the color since it came from Camera Raw.

2. The second IID is “098011740720681180A9CEE8487CF300″. We’ve seen this before. This is the same “09″ that I previously identified as a missing ancestor. Now we know: it isn’t listed as an ancestor to this file because it is this file.

   In my previous, brief write-up, I commented that this is “typically seen when a picture is spliced from two sources.” We know that there are multiple sources because of the Document Ancestor section. However, without pointing out the ancestors in my brief write-up, I can see how this would appear ambiguous.

3. The third IID is “8F19CA801520681180A9CEE8487CF300″. This is the exact same as the DID found in a document ancestor. However, now it is assigned to an IID instead of a DID.

   Depending on how you save a Camera Raw converted image, Adobe may assign the DID and IID the same value. For example, if you open a RAW image in Camera RAW and click on “Open Image”, then they are assigned incrementally different IID and DID values. However, if you modify a RAW colors and save the changes (by clicking on “Done”), then Adobe creates a separate “.xmp” file, which describes the changes without disrupting the original RAW file. This “.xmp” files does not contain a DID or IID, so one will be assigned when it is used. When the “.xmp” file is used, the same value is assigned to both the DID and IID. However, this may not be the only method for generating the same DID and IID values.

   Although the DID and IID values are the same, implying a basic color adjustment to a RAW image, it does not identify the source RAW file. We cannot identify which file was color adjusted, only that some file was likely color adjusted.

   Because this IID appears as an Ancestor, it means that it was included in this file. However, XMP doesn’t identify when the ancestor was created or incorporated.

   Fortunately, this history record has a timestamp. Now we know: this file was saved on 2013-01-04 at 15:43:45 +01:00. Sometime after that timestamp, the file was re-incorporated into the file through a paste or place operation. We do not know if it was incorporated in whole or in part. In addition, since the change event is assigned to “/” (stEvt:changed=”/”), we know that the picture changed.

4. The next IID is “525849A00F206811822A94D83E08B11E”. We haven’t seen the right-hand part before, so the user closed the program, started it, and hit “Save”. However, we don’t know what was done to the image beyond opening and hitting “Save”. (Foreshadowing: remember that it records when he closed the program and then restarted it. That comes up again at the end of the XMP record.)
5. Then comes a conversion/derived to JPEG, followed by IID “A0AEE3D11C206811822A94D83E08B11E”. Since the right-hand side is the same as the previous operation, we know that he didn’t close the program. Since the left-side is very different, we know that he opened one or more other files. The History array is ordered, but the Ancestor list is not. We don’t know when some of those paste operations happened, but since he opened other files, this seems like a great candidate for incorporating them.

   We know a few more things. Since this is the first (and only) series of conversions to JPEG, we know that this is the first time it was saved as a JPEG. These conversions are the first time we see an action by “Adobe Photoshop CS6″, so this is the first actual save. And this is the last timestamp that pre-dates the contest submission. This likely represents the JPEG that he submitted.

   NOTE: I say “likely”. We have no way of knowing if he had a completely different series of files that were actually submitted. But I’ll get to why that is unlikely in a moment…

6. The final history is “048011740720681180839DD19BA24E58″ and it happens after the winner was announced. Since the right-side is different from anything previously seen, we know that he closed the program and then started it up again. (That makes sense that he would not need to do edits until after the contest ends.) This was likely when he did the final image for public release. (And since I received it as a representation of the final winning image, this makes sense.)

   I had mentioned that the previous step likely represented the submitted content. This is because I don’t think World Press Photo is stupid. If the winner turned in a significantly different picture for distribution after the contest, the judges would have likely noticed.

   We still have a few document ancestors that we cannot associate with any specific save operation. However, since the final image must look like the winning submission, we can assume that the ancestors were incorporated into the image no later than the conversion to JPEG.

To reiterate: We have at least seven files. The base image, four ancestors that were added to it (including one that was a variant of a previous stage), the first picture saved as a JPEG, and the final JPEG. Moreover, we can directly account for three combination steps (the base, work before the known ancestor, and the work after the known ancestor). We can also account for at least two JPEG files: the first conversion to JPEG that predates the contest, and the file we are analyzing which comes right after the contest.

Derived From

The final XMP section identifies the “Derived From” records. According to Adobe’s XMP specification, this is “a reference to the original document from which this one is derived.”

<xmpMM:DerivedFrom stRef:instanceID=”xmp.iid:048011740720681180839DD19BA24E58″ stRef:documentID=”xmp.did:8F19CA801520681180A9CEE8487CF300″ stRef:originalDocumentID=”11CD104525F505861ED0EC6DAC391558″/>

This leads to a nice closed circle regarding the IDs:

• The derived-from reference IID has been seen before — it is the last history showing the final save.
• The reference DID is the same as the ancestor that was created as a variant of this file.
• The reference ODID matches the ODID seen in the header.

This “derived from” record tells us that the JPEG we just analyzed isn’t some arbitrary JPEG. It is based directly on the last JPEG that was listed in the History section.

There is one little sticking point: why does the reference DID point to the saved DID seen in the history and in the document ancestor? As far as I can tell, there is only one way this can happen (there might be other ways; XMP does not record a complete history). In the fifth history step (history array item 8), we noted that he opened up a file — so he could have opened a different previously-saved file. He then managed to include the same file back into itself, creating the one ancestor record. Any other way that I can think of would not retain the same history sequence.

I fully expect critics to point out that I just confirmed: he copied the file back into itself. This is viewed as permitted HDR. However, that only accounts for one of four document ancestors. As I originally wrote in my brief report, he incorporated at least three other files.

Armchair Quarterbacks

A number of comments have voiced the opinion that there is nothing wrong with combining full versions of the entire image. This would be a global alteration and a manual step for performing high-dynamic range (HDR) imaging. However, there is nothing in the XMP data that identifies whole-picture incorporation. These could easily be partial picture overlays. The overlays could explain the difference in the compression ratios. It is also worth noting that a paste operation that contains different content would cause a compression difference, and even pasting the same content but having alignment off by a pixel (assuming a very large picture) would yield this result.

A few people also commented that this could easily be performed in a darkroom. If we assume that all five images (base + four ancestors) were included in their entirety, then this identifies five global, independent operations — not one visit to the darkroom. The XMP identifies a complex series of operations in Photoshop, which would be even more complex if it were performed a darkroom.

A few people claimed that my conservative view would have banned people like Ansel Adams. However, Ansel Adams is known for his art photography. His works are on display in museums of fine art. In contrast, World Press Photo claims to be a contest for photo journalists. As journalists, they are not supposed to alter facts. If WPP is an art contest, then these modifications are fine. As a photo journalism contest, I have serious questions. However, WPP has announced and validated their winner. At this point, I would question their credibility if they recanted their decision.

Regarding FourAndSix

In his interview with Wired and in his expert report summary hosted at World Press Photo, Dr. Hany Farid claimed that I did not understand how XMP records work. However, there is no indication that he noticed that the XMP record explicitly identifies multiple source files.

Dr. Farid also mentioned a private communication (an email exchange). However, he was not included in the list of email recipients. The exchange was between his business partner, Kevin Connor, and myself. This exchange began the day before WPP announced the use of independent reviewers.

As Dr. Farid said in the Wired interview, they privately tried to convince me of their position. Kevin Connor sent me some sample images, but the pictures failed to prove his point. In particular, he wrote:

No, I’m afraid you’re mistaken about this metadata. You will *not* see this happen if you open a new/different raw file. The portion of the metadata you’re looking at doesn’t communicate any information whatsoever related to potential compositing.

As shown in this deep analysis, XMP information can record information about compositing; Kevin Connor is wrong in his conclusion. He also sent me two sample images that he claimed proved his point: NoEdits.jpg and SimpleComposite.jpg. He noted that there are ways to create a composite image that are not denoted in the XMP data. Each of his files only contains one “Adobe Photoshop Camera Raw 7.1 (Macintosh)” history record and no Document Ancestor records. The problem is that their tests did not demonstrate the approach that the photographer used to create the final image.

(I typically keep private emails private. However, Dr. Hany Farid brought these up publicly in his interview with Wired.)

Then again, the time between when World Press Photo (WPP) announced that they were conducting an investigation and when they published their results was measured in hours (5 hours). The time from when FourAndSix’s Kevin Connor first contacted me and when WPP posted their results was about 24 hours, but that was before they were selected as reviewers. Kevin Connor informed me that they were selected as a reviewer about an hour after WPP announced the independent review. As Kevin Connor wrote:

Though I don’t agree with your analysis of the World Press Photo winner, I was avoiding making any public statements about that, because I thought it was best to just share my concerns privately. However, we were contacted this morning by the World Press Photo organization to provide our own analysis of the photo. Of course, we have to share with them our honest opinion.

Considering that a forensic write-up takes about two to three times longer than the actual evaluation, I can only assume that FourAndSix spent no more than an hour or two evaluating the metadata, the RAW image, and the contest submission. I suspect that their expert report was based on a precursory glance at the evidence, and their own incomplete understanding of the XMP format. (In all honesty, most people haven’t taken the time to look that closely at library artifacts.)

In his interview with Wired, Dr. Farid is also quoted as saying, “[Krawetz] claimed the date in the metadata showed it was morning. That’s incorrect because he doesn’t understand basic geometry.” The metadata does not contain any geometry information. As seen in the header portion of the XMP data, the picture was reportedly taken on 2012-11-20 at 09:39:38+01:00. The last time I checked, 9:39am in GMT+01:00 was “morning” in Gaza (GMT+02:00).

Dr. Hany Farid has chosen to make their misunderstanding of the XMP analysis public. FourAndSix did not identify the separate files that were combined to form the final composition, and they generated sample images that failed to demonstrate the methods used by the photographer. Usually Hany and Kevin do good work. I can only assume that a rushed schedule led to their oversight in identifying multiple source files and the composition method used by the photographer.

This post was syndicated from: Linux How-Tos and Linux Tutorials and was written by: Falko Timme. Original post: at Linux How-Tos and Linux Tutorials

How To Use Multiple PHP Versions (PHP-FPM & FastCGI) With ISPConfig 3 (Ubuntu 13.04)

Since ISPConfig 3.0.5, it is possible to use multiple PHP versions on one server and select the optimal PHP version for a website. This feature works with PHP-FPM (starting with PHP 5.3) and FastCGI (all PHP 5.x versions). This tutorial shows how to build PHP 5.3 and PHP 5.4 as a PHP-FPM and a FastCGI version on an Ubuntu 13.04 server. These PHP versions can be used together with the default PHP (installed through apt) in ISPConfig.