TorrentFreak: Expendables 3 Leaks Online, 100K+ Copies Down in Hours

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

expendables3You’d have to be enjoying a Mars residency not to know that all big (and most small) movies get leaked online. If it’s available in a cinema, someone, somewhere will have a copy in a matter of days and it’s just a question of when, not if, it appears on the Internet.

As such, these events aren’t particularly big news but every now and again one comes along to make people sit up and listen. Several hours ago, July 24, 2014, marked one such notable leaking event.

Featuring every action hero known to man, from Sylvester Stallone, Arnold Schwarzenegger, Wesley Snipes, Jason Statham and Jet Li, to UFC stars Randy Couture and Ronda Rousey, Expendables 3 was always going to be a hit. However, the plan was to have it become a hit on the big screen before breaking into the home market.

That is not going to happen. Around twelve hours ago, a near perfect copy of The Expendables 3 appeared online and it’s already a smash hit with home audiences.

Screenshot from the leak


Figures gathered by TorrentFreak reveal that more than 100,000 people have downloaded the presumed ‘DVD screener’ copy using BitTorrent alone, and at one point in excess of 65,000 users were engaged in transfers on a single torrent.

These stats push the leak well ahead of the initial pre-release popularity of the infamous X-Men Origins: Wolverine leak back in 2009 and once the news begins to spread today, things are only going to get worse.

Needless to say, the folks at distributor Lionsgate are going to be absolutely furious. While ‘cams’ are an annoyance, most movie-goers won’t want to destroy the movie experience by watching them. High-quality copies like this one are a different matter altogether and the soaring download numbers are a testament to that.

No blurry cams here, high-quality all the way


So who is behind the leak? At this stage it’s impossible to point the finger at the person who obtained the DVD copy. However, we can take a look at who brought the copy to the wider public Internet.

When leaks come from a so-called ‘Scene’ source it’s possible to track the copy at least as far back as the group that placed it online but with so-called P2P releases, as is the case with Expendables 3, that’s not quite so easy. However, the initial and most popular copy appears to be attributable to an entity known as Drarbg.

Drarbg has accounts on several major torrent sites, including The Pirate Bay, and is one of the most prolific BitTorrent releasers online today. Many presume that this is a single person, but Drarbg has previously indicated that it’s a group of individuals working together as a team. Drarbg, as the name suggests, has affiliations with RARBG, a popular public torrent site.

It seems likely that this high-profile, high-quality leak will become a talking point in the hours, weeks and months to come and will probably be seized upon as a prime example of why piracy crackdowns are needed. However, there is also another angle to be aware of.

Nu Image, the production company behind all three Expendables titles, sued previous downloaders of its titles. Will history repeat itself? Time will tell….

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

The Hacker Factor Blog: A Victory for Fair Use

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

Last week I reported on a copyright infringement letter that I had received from Getty Images. The extremely hostile letter claimed that I was using a picture in violation of their copyright, ordered me to “cease and desist” using the picture, and demanded that I pay $475 in damages. Various outlets have referred to this letter as trolling and extortion.

Not being an attorney, I contacted my good friend, Mark D. Rasch. Mark is a well-known attorney in the computer security world. Mark headed the United States Department of Justice Computer Crime Unit for nine years and prosecuted cases ranging from computer crime and fraud to digital trespassing and viruses. If you’re old enough, then you remember the Hanover Hackers mentioned in The Cuckoo’s Egg, Robert Morris Jr. (first Internet worm), and Kevin Mitnick — Mark worked all of those prosecutions. He regularly speaks at conferences, appears in news interviews, and has taught cyberlaw to law enforcement and big universities. (If I were a big company looking for a chief privacy officer, I would hire him in a second.)

This letter from Getty had me concerned. But I can honestly say that, in the 12 years that I’ve known him, I have never seen Mark so animated about an issue. I have only ever seen him as a friendly guy who gives extremely informative advice. This time, I saw a side of Mark that I, as a friend, have never experienced. I would never want to be on the other side of the table from him. And even being on the same side was really intimidating. (Another friend told me that Mark has a reputation for being an aggressive bulldog. And this was my first time seeing his teeth.) His first advice to me was very straightforward. He said, “You have three options. One, do nothing. Two, send back a letter, and three, sue them.” Neither of us were fond of option #1. After a little discussion, I decided to do option #2 and prepare for #3.

First I sent the response letter. Then I took Mark’s advice and began to prepare for a lawsuit. Mark wanted me to take the initiative and file for a “Copyright Declaratory Judgment“. (Don’t wait for Getty.) In effect, I wanted the court to declare my use to be Fair Use.

Getty’s Reply

I honestly expected one of three outcomes from my response letter to Getty Images. Either (A) Getty would do nothing, in which case I would file for the Declaratory Judgment, or (B) Getty would respond with their escalation letter, demanding more money (in which case I would still file for the Declaratory Judgment), or (C) Getty would outright sue me, in which case I would respond however my attorney advised.

But that isn’t what happened. Remarkably, Getty backed down! Here’s the letter that they sent me (I’m only censoring email addresses):

From: License Compliance
To: Dr. Neal Krawetz
Subject: [371842247 Hacker Factor ]
Date: Tue, 22 Jul 2014 20:51:13 +0000

Dr. Krawetz:

We have reviewed your email and website and are taking no further action. Please disregard the offer letter that has been presented in this case. If you have any further questions or concerns, please do not hesitate to contact us.

Nancy Monson
Copyright Compliance Specialist
Getty Images Headquarters
605 Fifth Avenue South, Suite 400
Seattle WA 98104 USA
Phone 1 206 925 6125
Fax 1 206 925 5001

For more information about the Getty Images License Compliance Program, please visit

Helpful information about image copyright rules and how to license stock photos is located at and Copyright 101.

Getty Images is leading the way in creating a more visual world. Our new embed feature makes it easy, legal, and free for anybody to share some of our images on websites, blogs, and social media platforms.

(c)2014 Getty Images, Inc.

This message may contain privileged or confidential information and is intended only for the individual named. If you are not the named addressee or an employee or agent responsible for delivering this message to the intended recipient you should not disseminate, distribute or copy this e-mail or any attachments hereto. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail and any attachments from your system without copying or disclosing the contents. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Getty Images, 605 5th Avenue South, Suite 400. Seattle WA 98104 USA, PLEASE NOTE that all incoming e-mails will be automatically scanned by us and by an external service provider to eliminate unsolicited promotional e-mails (“spam”). This could result in deletion of a legitimate e-mail before it is read by its intended recipient at our firm. Please tell us if you have concerns about this automatic filtering.


In preparing to file the Copyright Declaratory Judgment, I performed my due diligence by checking web logs and related files for information pertaining to this case. And since Getty has recanted, I am making some of my findings public.

Automated Filing
First, notice how Getty’s second letter says “We have reviewed your email and website…” This clearly shows up in my web logs. Among other things, people at Getty are the only (non-bot) visitors to access my site via “” — everyone else uses “”. In each case, the Getty users initially went directly to my “In The Flesh” blog entry (showing that they were not searching or just browsing my site.) Their automated violation bot also used The big catch is that nobody at Getty ever reviewed “In The Flesh” prior to mailing their extortion letter.

In fact, I can see exactly when their bot visited my web site. Here are all of my logs related to their bot:

2014-06-08 23:41:44 | | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 | GET / |
2014-06-08 23:41:44 | | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 | GET / |
2014-06-09 21:08:00 | | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 | GET / |
2014-06-09 21:08:00 | | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 | GET / |
2014-06-14 23:05:36 | | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 | GET / |
2014-06-14 23:05:36 | | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 | GET / |
2014-06-14 23:05:44 | | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 | GET /blog/index.php?/archives/423-In-The-Flesh.html |
2014-06-14 23:06:39 | | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0 | GET /blog/index.php?/categories/18-Phones |
2014-06-16 05:35:47 | | Mozilla/5.0 (Windows NT 6.1; rv:29.0) Gecko/20100101 Firefox/29.0 | GET / |
2014-06-16 05:35:47 | | Mozilla/5.0 (Windows NT 6.1; rv:29.0) Gecko/20100101 Firefox/29.0 | GET / |

This listing shows:

  • The date/time (in PST)
  • The bot’s IP address (two in Israel and one in India; none from the United States)
  • The user-agent string sent by the bot
  • Where they went — they most went to “/” (my homepage), but there is exactly one that went to “/blog/index.php?/archives/423-In-The-Flesh.html”. That’s when they compiled their complaint.
  • The “Referer” string, showing what they clicked in order to get to my site. Notice how their accesses are associated with a couple of complaint numbers. “371842247″ is the number associated with their extortion letter. However, “371654690″ appears to be a second potential complaint.

Getty’s complaint has a very specific timestamp on the letter. It’s doesn’t just have a date. Instead, it says “7/10/2014 11:05:05am” — a very specific time. The clocks may be off by a few seconds, but that “11:05″ matches my log file — it is off by exactly 12 hours. (The letter is timestamped 11:05am, and my logs recorded 11:05pm.) This shows that the entire filing process is automated.

When I use my bank’s online bill-pay system, it asks me when I want to have the letter delivered. Within the United States, it usually means mailing the letter four days earlier. I believe that Getty did the exact same thing. They scanned my web site and then mailed their letter so it would be delivered exactly one-month later, and dated the letter 4 days 12 hours before delivery.

Getty’s automated PicScout system is definitely a poorly-behaved web bot. At no time did Getty’s PicScout system retrieve my robots.txt file, showing that it fails to abide by Internet standards. I am also certain that this was a bot since a human’s web browser would have downloaded my blog’s CSS style sheet. (PicScout only downloaded the web page.)

Failure to perform due diligence
I want to emphasize that there are no other accesses to that blog entry by any address associated with Getty within months before their complaint. As of this year (from January 2014 to July 23, 2014), people at Getty have only visited the “In The Flesh” web page 13 times: once by the PicScout bot, and 12 times after they received my reply letter. This shows that Getty never viewed the web page prior to sending their letter. In effect, their “infringement” letter is nothing more than trolling and an attempt to extort money. They sent the letter without ever looking at the context in which the picture is used.

My claim that Getty never manually reviewed my web site prior to mailing is also supported by their second letter, where they recanted their claim of copyright infringement. Having actually looked at my blog, they realized that it was Fair Use.

My web logs are not my only proof that no human at Getty viewed the blog page in the months prior to sending the complaint. Getty’s threatening letter mentions only one single picture that is clearly labeled with Getty’s ImageBank watermark. However, if any human had visited the web page, then they would have seen FOUR pictures that are clearly associated with Getty, and all four pictures were adjacent on the web page! The four pictures are:

The first picture clearly says “GettyImages” in the top left corner. The second picture (from their complaint) is watermarked with Getty’s ImageBank logo. The third and fourth pictures come from Getty’s iStockPhoto service. Each photo was properly used as part of the research results in that blog entry. (And right now, they are properly used in the research findings of this blog entry.)

After Getty received my reply letter, they began to visit the “In The Flesh” URL from — Getty’s corporate outbound web proxy address. Based on the reasonable assumption that different browser user-agent strings indicate different people, I observed them repeatedly visiting my site in groups of 3-5 people. Most of them initially visited the “In The Flesh” page at; a few users visited my “About Me” and “Services” web pages. I am very confident that these indicate their attorneys reviewing my reply letter and web site. This is the absolute minimum evaluation that Getty should have done before sending their extortion letter.

Legal Issues
Besides pointing out how my blog entry clearly falls under Fair Use, my attorney noted a number of items that I (as a non-lawyer person) didn’t see. For example:

  • In Getty’s initial copyright complaint, they assert that they own the copyright. However, the burden of proof is on Getty Images. Getty provided no proof that they are the actual copyright holder, that they acquired the rights legally from the photographer, that they never transferred rights to anyone else, that they had a model release letter from the woman in the photo, that the picture was never made public domain, and that the copyright had not expired. In effect, they never showed that they actually have the copyright.

  • Getty’s complaint letter claims that they have searched their records and found no license for me to use that photo. However, they provided no proof that they ever searched their records. At minimum, during discovery I would demand a copy of all of their records so that I could confirm their findings and proof of their search. (Remember, the burden of proof is on Getty, not on me.) In addition, I have found public comments that explicitly identify people with valid licenses who reported receiving these hostile letters from Getty. This brings up the entire issue regarding how Getty maintains and searches their records.
  • Assuming some kind of violation (and I am not admitting any wrong here), there is a three-year statute of limitations regarding copyright infringement. My blog entry was posted on March 18, 2011. In contrast, their complaint letter was dated July 10, 2014 — that is more than three years after the pictures were posted on my site.

Known Research
Copyright law permits Fair Use for many purposes, including “research”. Even Getty’s own FAQ explicitly mentions “research” as an acceptable form of Fair Use. The question then becomes: am I a researcher and does my blog report on research? (Among other things, this goes toward my background section in the Copyright Declaratory Judgment filing.)

As it turns out, my web logs are extremely telling. I can see each time anyone at any network address associated with Getty Images visits my site. For most of my blog entries, I either get no Getty visitors or a few visitors. However, each time I post an in-depth research entry on digital photo forensics, I see large groups of people at Getty visiting the blog entry. I can even see when one Getty person comes through, and then a bunch of other Getty people visit my site — suggesting that one person told his coworkers about the blog entry. In effect, employees at Getty Images have been regular readers of my blog since at least 2011. (For discovery, I would request a forensic image of every computer in Getty’s company that has accessed my web site in order to determine if they used my site for research.)

Getty users also use my online analysis service, FotoForensics. This service is explicitly a research service. There are plenty of examples of Getty users accessing the FotoForensics site to view analysis images, read tutorials, and even upload pictures with test files that have names like “watermark.jpg” and “watermark-removed.jpg”. This explicitly shows that they are using my site as a research tool.

(For the ultra paranoid people: I have neither the time nor the desire to track down every user in my web logs. But if you send me a legal threat, I will grep through the data.)

However, the list does not stop there. For example, the Harvard Reference Guide lists me as the example for citing research from a blog. (PDF: see PDF page 44, document page 42.) Not only does Getty use my site as a research resource, Harvard’s style guide uses me as the example for a research blog (my bold for emphasis).

Blogs are NOT acceptable academic sources unless as objects of research

Paraphrasing, Author Prominent:
Krawetz (2011) uses a blog to discuss advanced forensic image analysis techniques.

Paraphrasing, Information Prominent:
Blogs may give credence to opinion, in some cases with supporting evidence; for example the claim that many images of fashion models have been digitally enhanced (Krawetz 2011).

Reference List Model:
Krawetz, N 2011, ‘The hacker factor blog’, web log, viewed 15 November 2011,

I should also point out that the AP and Reuters have both been very aware of my blog — including a VP at the AP — and neither has accused me of copyright infringement. They appear to recognize this as Fair Use. Moreover, with one of blog entries on a Reuters photo (Without a Crutch), a Reuters editor referred to the blog entry as a “Great in-depth analysis” on Reuter’s web site (see Sep 30, 2011) and on her twitter feed. This shows that Getty’s direct competition recognize my blog as a research resource.

One of the things my attorney mentioned was California’s Anti-SLAPP law. Wikipedia explains SLAPP, or Strategic Lawsuit Against Public Participation, as “a lawsuit that is intended to censor, intimidate, and silence critics by burdening them with the cost of a legal defense until they abandon their criticism or opposition.” Wikipedia also says:

The plaintiff’s goals are accomplished if the defendant succumbs to fear, intimidation, mounting legal costs or simple exhaustion and abandons the criticism. A SLAPP may also intimidate others from participating in the debate. A SLAPP is often preceded by a legal threat. The difficulty is that plaintiffs do not present themselves to the Court admitting that their intent is to censor, intimidate or silence their critics.

In this case, Getty preceded to send me a legal threat regarding alleged copyright infringement. Then they demanded $475 and threatened more actions if I failed to pay it. In contrast, it would cost me $400 to file for a Declaratory Judgment (more if I lived in other states), and costs could rise dramatically if Getty filed a lawsuit against me. In either scenario, it places a financial burden on me if I want to defend my First Amendment rights.

In the United States, California has special anti-SLAPP legislation. While not essential, it helps that Getty has offices in California and a network trace shows that some packets went from Getty to my blog through routers in California. As Wikipedia explains:

To win an anti-SLAPP motion, the defendant must first show that the lawsuit is based on claims related to constitutionally protected activities, typically First Amendment rights such as free speech, and typically seeks to show that the claim lacks any basis of genuine substance, legal underpinnings, evidence, or prospect of success. If this is demonstrated then the burden shifts to the plaintiff, to affirmatively present evidence demonstrating a reasonable probability of succeeding in their case by showing an actual wrong would exist as recognized by law, if the facts claimed were borne out.

This isn’t even half of his legal advice. I could barely take notes fast enough as he remarked about topics like Rule 11, tortious interference with a business relationship, Groucho Marx’s reply to Warner Brothers, and how Getty’s repeated access to my web site could be their way to inflate potential damage claims (since damages are based on the number of views).

A Little Due Diligence Goes A Long Way

Although this entire encounter with Getty Images took less than two weeks, I was preparing for a long battle. I even contacted the Electronic Freedom Foundation (EFF) to see if they could assist. The day after Getty recanted, I received a reply from the EFF: no less than four attorneys wanted to help me. (Thank you, EFF!)

I strongly believe that Getty Images is using a “cookie cutter” style of complaint and is not actually interested in any lawsuit; they just want to extort money from people who don’t know their rights or don’t have the fortitude for a long defense (SLAPP). Getty Images made no effort to evaluate the content beyond an automated search bot, made no attempt to review the bot’s results, provided no evidence that they are the copyright holder, provided no proof that they tried to verify licenses, and threatened legal action against me if I did not pay up.

I am glad that I stood up for my First Amendment rights.

SANS Internet Storm Center, InfoCON: green: ISC StormCast for Friday, July 25th 2014, (Fri, Jul 25th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License. Chaos

This post was syndicated from: and was written by: Original post: at

Although the oral exam for the doctorate was just 'can you do that weird laugh?' Fedora 21 delayed three weeks

This post was syndicated from: and was written by: jake. Original post: at

At yesterday’s Fedora Engineering Steering Committee (FESCo) meeting, the release of Fedora 21 was delayed by three weeks (FESCo ticket), with the final release now scheduled for November 4. There are some problems with “test composes” of the release (creating test ISO images) that mean the deadline for the alpha release would be missed. The original plan was to delay for two weeks, but that put the freeze just before the Flock conference, so it was decided to push out an additional week.

TorrentFreak: University Sets Fines & Worse For Pirating Students

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

lsuAnyone providing an Internet-access infrastructure to third parties needs to be aware of the online piracy issue. For service providers, whether that’s a regular ISP, web host, or the operator of a free open WiFi in a local coffee shop, knowledge of how other people’s actions can affect them is a useful asset.

For universities in the United States, awareness of how Internet piracy can affect their establishment is especially crucial. On top of the requirements of the DMCA, in July 2010, exactly four years ago, the U.S. put in place a new requirement for colleges and universities to curtail illegal file-sharing on their networks. Failure to do so can result in the loss of federal funding so needless to say, campuses view the issue seriously.

Yesterday the The Daily Reveille, the official news resource of the Louisiana State University, revealed that LSU’s IT Services receive between 15 and 20 complaints a month from copyright holders, an excellent result for around 30,000 students.

At the start of the last decade it was music companies doing most of the complaining, but Security and policy officer Craig Callender says that with the advent of services such as Spotify being made available, reports from TV companies are more common.

But no matter where they originate, LSU acts on these allegations of infringement. A first complaint sees a student kicked offline, with Internet access only restored after the completion of an educational course covering illegal file-sharing.

Those who breach the rules again have worse to look forward to, starting with a fine.

“LSU is effectively combating unauthorized distribution of copyrighted material by fining students implicated in a verified DMCA copyright violation,” the university’s official policy document reads.

“The $50 fine provides a mechanism for recovering costs incurred in reviewing and processing DMCA notifications, and funding programs for awareness (e.g., education and ad campaign costs).”

Educational campaigns include the promotion of legal services, such as those outlined on the university’s chosen official resource list. Interestingly, while the links for music and books work, the MPAA page for legal TV shows and movies (for which the university receives the most notices) no longer exists.

But while the $50 fine might be harsh enough for a student on a limited budget, LSU warns of even tougher sanctions. Allegations of illegal file-sharing are noted on the student’s academic record which can have implications for his or her career prospects.

In addition, complaints can result in a referral to the Dean of Students’ office for violation of the LSU Code of Student Conduct. According to official documentation, the Student Conduct Office keeps Student Conduct files for seven years after the date of the incident, or longer if deemed necessary.

It’s clear that the work of the RIAA and MPAA in the last decade seriously unnerved universities who have been forced to implement strict measures to curtail unauthorized sharing. LSU says it employs filtering technology to eliminate most P2P traffic but it’s clear that some users are getting through.

Almost certainly others will be using VPN-like solutions to evade not only the P2P ban, but also potential complaints. Still, universities will probably care much less about these users, since they don’t generate DMCA notices and have no impact on their ability to receive federal funding.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Grigor Gatchev - A Weblog: Оставката: Най-сетне…

This post was syndicated from: Grigor Gatchev - A Weblog and was written by: Григор. Original post: at Grigor Gatchev - A Weblog

„Най-сетне“ вече мислят не само противниците на това правителство, но и поддръжниците му. Не зная дали сте забелязали, че ден преди оставката Орешарски първо заяви, че няма да я подава на следващия ден, но след няколко часа се коригира. Свържете това с призива в БСП ден по-рано те да му поискат вот на недоверие. До какъв извод стигате? Аз лично – че той се е държал за креслото, докато собствените му мандатоносители не са му заявили в прав текст, че ще го отлепят с динамит. Връзва се чудесно с психологията на човек, известен като „г-н Заден вход“ и „г-н Смажи ги с полиция“.

Толкова за премиера и правителството. Оттам нататък обаче са въпросите.

Протестите и протестиращите ли свалиха това правителство? Уви, не. Българският народ за пореден път доказа, че дори да се намерят сред него шепичка хора с глави на раменете си и достойнство в сърцата, огромното мнозинство са добитъци. На няколко пъти се събрахме по двайсетина-трийсет хиляди протестиращи, един-два пъти може би доближихме петдесет хиляди, но това е нищо. Ако дори само една седмица бяхме излизали по двеста хиляди, това правителство щеше да падне.

Щеше ли да има разлика? Ситна и дребна като цяло стадо камилчета:

- нямаше да са взети намсиколко нови милиарда заеми, и ситуацията докарана дотам поне още година-две да трябва да взимаме още. За само една година. В период на възстановяване на световната икономика, с която сме тясно обвързани, от криза. При положение, че на върха на кризата успяхме да не вземем повече заеми, отколкото върнахме. И че това беше постигнато от безспорно неподходящия по европейски критерии за премиер Бойко и от атомно некадърния Дянков. (Казвал съм го и преди – да си стиснат не е достатъчно, за да си финансов министър. Иначе всеки ротен старшина щеше да е велик финансист.)
- нямаше да е даден ход на „Южен поток“ на условия, които са в пряко нарушение на европейските наредби. Съответно, нямаше пред нас да стои въпросът дали да изплатим милиарди обезщетения на Русия, или да ни спрат милиарди от Европейската комисия.
- и най вече, нямаше политиците да знаят от опит, че българинът колкото и да го доиш и дереш, само мучи и се подлага да ти е удобно. Познайте как действа това на кандидатите за доячи и дерачи, как – на кандидатите за съживители на България, и как се отразява на бъдещето ни.

Повечето протестиращи срещу това правителство са закалени българофили и патриоти. Иначе щяха да са напуснали България много отдавна. Като трите милиона, които вече го направиха за последните двайсет и пет години. От мизерията ли избягаха, или от нас, дето останахме тук – преценете си сами… Но протестът отвори очите и на доста от тях. Разбраха, че да будиш българския народ значи да будиш мъртвец, и че единствено правилното е да се махнеш по-далече от него, преди да е почнал да гние. Доколкото знам, много от тях вече обмислят как да се махнат оттук завинаги. И това го правят хора, издържали и борили се по над двайсет години…

Това правителство вдигна масови протести и сред българите в чужбина. Сред избягалите оттук, понеже са разбрали това с буденето на мъртвеца. Дори много от тях се надигнаха отчаяно. Други им се подиграха, че се надяват на чудеса. Че вярват, че за България има каквато и да е надежда. И се оказаха прави.

Докато пиша това, ми се реве от яд и срам. От това докъде е стигнал народът ми, владял неведнъж Балканите. Отблъснал османската армия на Шипка по начин, който би възхитил спартанците от Термопилите. Газил като валяк враговете си в Балканската, Първата и Втората световни войни… Стигнал е дотам тези българи, които могат да напишат изречение без правописна грешка и знаят коя е столицата на Франция, да се срамуват от народността си. Иска ми се да се събудя в една друга реалност, в която може да сме потъпкана и малка държава, но сме народ. И в която този запис да е само един гаден кошмар… Уви.

Сега сигурно тези или онези протестиращи ще си припишат заслугата за падането на това правителство. Или част от нея. За съжаление ще е лъжа. Бесен съм от това, но истината е, че ще е лъжа. Това правителство се срина под собствената си некадърност и неспособност да се справя с пасенето дори на на най-кроткото и послушно стадо на света.

Засега смятам на следващите избори да гласувам за Бойко. Причината? Като премиер се показа като страхливец, който с отстъпките си пред протести научи шепа хора, че има смисъл да протестират и да се борят. Орешарски се справи да ги отучи обратно, това е единственото, за което го биваше. Може Бойко да е разбрал, че може да е нагъл колкото си иска, че не рискува нищо, че сме безнадежден добитък. Но може и да е толкова безгранично и неповторимо тъп, че да не го е разбрал, и пак да се плаши, и пак да понаучи този-онзи на смелост. Защото свястната държава се прави единствено от решителен народ, готов на всичко, за да държи управниците си с желязна ръка.

Ще се оправим, ако един ден станем такъв народ – иначе ще се затрием, за щастие и поука на останалото човечество. Бих работил и бих се борил да уча хората да бъдат такива. Ако успявам, ще търся начин да остана тук и да продължа да се боря. Ако не успявам, ще търся начин да се махна оттук, за да спася бъдещите си деца.

А истински бих гласувал за Живко Тодоров, ако си направеше партия. Кметът на Стара Загора, който срина без колебание незаконните цигански къщи. Не мразя циганите, напротив – мисля, че те имат нужда от разбиране и помощ за интегриране. Но смятам, че тази помощ трябва да се състои в това да бъдат научени да работят честно и да спазват закона, а не да бъдат хранени от джобовете ни и недосегаеми за закона. Второто е помощ единствено за шепичка криминални барони. За обикновените хора е помощ първото. И спирането на беззаконията с твърда ръка е част от него.

Дано този път денят ни за размисъл да е този преди изборите, а не този след тях. Дали сме мислели правилно ще си проличи по нещо много просто и очевадно. Ако загражденията около парламента изчезнат, значи сме избрали правилно. Ако останат, значи сме избрали пак старото, без значение под какво ново лице е.

… Ще пиша и още по въпроса, но някъде по-нататък. An Interview with Karen Sandler (Model View Culture)

This post was syndicated from: and was written by: jake. Original post: at

Over at Model View Culture, Adam Saunders interviews Karen Sandler, executive director of the Software Freedom Conservancy (SFC) and formerly the executive director of the GNOME Foundation. Sandler talks about SFC, the Outreach Program for Women, as well as being a cyborg: “I was diagnosed with a heart condition and needed a pacemaker/defibrillator, and none of the device manufacturers would let me see the source code that was to be literally sewn into my body and connected to my heart. My life relies on the proper functioning of software every day, and I have no confidence that it will. The FDA generally doesn’t review the source code of medical devices nor can the public. But multiple researchers have shown that these devices can be maliciously hacked, with fatal consequences.

Once you start considering medical devices, you quickly start to realize that it’s all kinds of software that is life and society-critical – cars, voting machines, stock markets… It’s essential that our software be safe, and the only way we can realistically expect that to be the case over time is by ensuring that our software is free and open. If there’s catastrophic failure at Medtronic (the makers of my defibrillator), for example, I wouldn’t be able to fix a bug in my own medical device.” Security updates for Thursday

This post was syndicated from: and was written by: jake. Original post: at

CentOS has updated httpd (C7; C6; C5: multiple vulnerabilities).

Debian has updated iceweasel
(multiple vulnerabilities) and openjdk-7 (multiple vulnerabilities).

Fedora has updated firefox (F20: multiple vulnerabilities).

Oracle has updated dovecot (OL7:
denial of service), firefox (OL7; OL7; OL5:
multiple vulnerabilities), gnutls (OL7: two
vulnerabilities), httpd (OL7; OL6; OL5:
multiple vulnerabilities), java-1.6.0-openjdk (OL7; OL7:
multiple vulnerabilities), java-1.7.0-openjdk (OL7; OL7:
multiple vulnerabilities), json-c (OL7: two
denial of service flaws), kernel (OL7; OL6: two
privilege escalations), kernel (OL7:
multiple vulnerabilities), kernel
(OL7:privilege escalation), libtasn1 (OL7:
three vulnerabilities), libvirt (OL7:
information disclosure/denial of service), lzo (OL7: denial of service/possible code
execution), mariadb (OL7: multiple
unspecified vulnerabilities), nss, nspr
(OL7: code execution), openssl (OL7:
multiple vulnerabilities), openssl098e
(OL7: man-in-the-middle attack), qemu-kvm
(OL7: many vulnerabilities), qemu-kvm (OL7:
code execution), samba (?:), (tomcat (OL7: three vulnerabilities), and tomcat (OL7: three vulnerabilities).

Red Hat has updated kernel ( RHEL7; RHEL6.4; RHEL6; RHEL5: two privilege escalations) and qemu-kvm (RHEL7: many vulnerabilities).

Scientific Linux has updated kernel (SL6; SL5: two
privilege escalations).

Slackware has updated httpd
(multiple vulnerabilities), thunderbird
(multiple vulnerabilities), and firefox
(multiple vulnerabilities).

SUSE has updated libtasn1
(SLE11SP3: three vulnerabilities) and ppc64-diag (SLE11SP3: two vulnerabilities).

Ubuntu has updated apache2
(14.04, 12.04, 10.04: multiple vulnerabilities), jinja2 (12.04: code execution), lzo2 (14.04, 12.04: denial of service/possible
code execution), and oxide-qt (14.04:
multiple vulnerabilities).

TorrentFreak: Online Store Can Sell ‘Used’ Ebooks, Court Rules

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

tomskabinetPeople who buy an MP3, digital movie or an eBook assume that they have the right to do whatever they want with it, but copyright holders see things differently.

Platforms that allow people to resell digital goods are meeting fierce resistance from the entertainment industries, who view them as a threat to their online business models.

For example, the major record labels previously pointed out that MP3s are simply too good to resell, as they don’t deteriorate in quality. Similarly, movie studios complained that the ability to sell “used” videos would kill innovation.

The book industry is also concerned and in an attempt to counter this threat several publishers launched a lawsuit against Tom Kabinet, an online marketplace for used eBooks based in the Netherlands.

The publishers fear that the site will negatively impact their business, and that it can’t prevent people from reselling pirated copies. The companies asked the Amsterdam Court for a preliminary injunction against Tom Kabinet, but the request was denied this week.

The Amsterdam Court concluded that selling used eBooks is a legal grey area and not by definition illegal in Europe.

Previously the EU Court of Justice previously ruled that consumers are free to resell games and software, even when there’s no physical copy. That case applied to licensed content, which is different from the Tom Kabinet case, so further investigation is needed to arrive at a final verdict.

The court therefore dismissed the publishers’ claims and ordered them to pay €23.469,56 in legal fees. Tom Kabinet, meanwhile, is still allowed to facilitate the sale of used eBooks.

It’s clear that the publishers didn’t get the result they hoped for. In fact, things have gotten worse, as Tom Kabinet’s visitor numbers have exploded. Shortly after the verdict was announced the site went offline because it couldn’t handle the surge in traffic.

These connectivity issues have been fixed now, and the site’s owner is happy with the outcome thus far.

“There is still a long way to go before legislation is clear on eBooks, but we’ve made a pretty good start,” Tom Kabinet informed TorrentFreak.

The publishers on the other hand are considering further steps, and it’s likely that the case will head to a full trial in the future.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Pirate Bay Launches Mobile Site, Teases More Expansions

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pirate bayOne of The Pirate Bay’s strengths has been its resilience. No matter how hard the movie and music industries try, the site remains operational.

Over the years the Pirate Bay site has undergone many changes to make it harder to shut down. The tracker was put into retirement, torrents were traded in for magnet links, and the site moved its servers to the cloud.

What remained the same, however, was the site’s general appearance and its lack of support for mobile devices. That changes today.

The Pirate Bay has just debuted a new site for mobile devices. The Mobile Bay offers a much more usable interface to browse the torrent site on mobile devices.

Previously mobile users were simply presented with a smaller version of the regular Pirate Bay site, which was coded long before smartphones and tablets became popular. With banners on both sides it was rather hard to navigate on smaller devices.

The mobile version doesn’t change the overall appearance much, but it’s definitely more readable and easier to navigate.

The new vs. old mobile look

Users on mobile devices are now redirected to the new Mobile Bay domain, which will exist next to the regular site. People have the option to continue using the old layout if they prefer, but The Pirate Bay team doesn’t see any reason why people would.

“The normal version of the site renders like crap on mobile devices,” the TPB team told us.

The Mobile Bay is one of the largest visible updates to the site in years, but according to The Pirate Bay it’s only the beginning. Behind the scenes the TPB team is working on a series of new niche sites that will provide extra features and make it easier to find content.

The TV, movie and music sections on The Pirate Bay will each get their own dedicated sites. The TV site, for example, will allow users to see a complete overview of all episodes per show, download season packs, and more.

Another new project in the pipeline is the RSSbay which will support personalized RSS feeds enabling people to launch torrents remotely.

“We will add more features later on, such as personal RSS feeds so users can browse torrents at work or school, and start the downloads at home,” the TPB team tells us.

Aside from improving the user experience, the other advantage of these separate domain names is that TPB can’t be taken out as easily.

“We’re trying to separate the site into different domain names to make it more resilient. In the event one domain get taken down, there will be plenty others left,” the TPB team says.

As always with the Pirate Bay, it will be hard to predict how long it will take before these new sites will see the light of day, but the mobile edition is live now.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Director Wants His Film on The Pirate Bay, Pirates Deliver…

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

suzyDutch movie director Martin Koolhoven sent out an unusual request on Twitter a few days ago.

While many filmmakers fear The Pirate Bay, Koolhoven asked his followers to upload a copy of his 1999 film “Suzy Q” to the site.

“Can someone just upload Suzy Q to The Pirate Bay?” Koolhoven asked.

The director doesn’t own all copyrights to the movie himself, but grew frustrated by the fact that his film is not available through legal channels.

The TV-film, which also features the film debut of Game of Thrones actress Carice Van Houten, was paid for with public money but after the music rights expired nobody was able to see it anymore.

The main problem is with the film’s music, which includes tracks from popular artists such as The Rolling Stones and Jimi Hendrix. This prevented the film from being released in movie theaters and on DVD, and the TV-network also chose not to extend the licenses for the TV rights.

Since the music was no longer licensed it couldn’t be shown anymore, not even on the websites of the public broadcasters.

“To me, it felt like the movie had died,” Koolhoven tells TorrentFreak.

Hoping to bring it back to life, Koolhoven tweeted his upload request, and it didn’t take long before the pirates delivered. Within a few hours the first copy of the film was uploaded, and several more were added in the days that followed.

“I had no idea the media would pick it up the way they did. That generated more media attention. At first I hesitated because I didn’t want to become the poster boy for the download-movement. All I wanted was for people to be able to see my film,” Koolhoven says.

Unfortunately the first upload of the movie that appeared on The Pirate Bay was in very bad quality. So the director decided to go all the way and upload a better version to YouTube himself.

“I figured it would probably be thrown off after a few days, due to the music rights issue, but at least people could see a half decent version instead of watching the horrible copy that was available on The Pirate Bay,” Koolhoven tells us.

Interestingly, YouTube didn’t remove the film but asked the director whether he had the right to use the songs. Since this is not the case the money made through the advertisements on YouTube will go to the proper rightsholders.

“We’re a few days later now and the movie is still on YouTube. And people have started to put higher quality torrents of Suzy Q on Pirate Bay. Even 720p can be found, I’ve heard,” Koolhoven notes.

While the director is not the exclusive rightsholder, he does see himself as the moral owner of the title. Also, he isn’t shying away from encouraging others to download and share the film.

In essence, he believes that all movies should be available online, as long as it’s commercially viable. It shouldn’t hurt movie theater attendance either, as that remains the main source of income for most films and the best viewing experience.

“I know not everybody cares about that, but I do. The cinema is the best place to see movies. If you haven’t seen ‘Once Upon a Time in the West’ on the big screen, you just haven’t seen it,” Koolhoven says.

In the case of Suzy Q, however, people are free to grab a pirated copy.

“Everyone can go to The Pirate Bay and grab a copy. People are actually not supposed to, but they have my permission to download Susy Q,” Koolhoven said in an interview with Geenstijl.

“If other people download the movie and help with seeding then the download time will be even more reasonable,” Koolhoven adds.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services. Oracle Linux 7 released

This post was syndicated from: and was written by: jake. Original post: at

Another of the Red Hat Enterprise Linux (RHEL) rebuilds has released its version of RHEL 7: Oracle Linux 7 for x86_64 is now available. It does add some features, including DTrace, Ksplice, and Xen. More information can be found in the release notes.

Linux How-Tos and Linux Tutorials: Share a Directory Quickly on Ubuntu Using Boa Webserver

This post was syndicated from: Linux How-Tos and Linux Tutorials and was written by: Muktware. Original post: at Linux How-Tos and Linux Tutorials

When it comes to HTTP servers, there are many options to choose from. Apache and Nginx are two of the most well known names. Boa is a lesser known lightweight (only ~300 KB) webserver that delivers good performance. Unlike traditional webservers it doesn’t create a new fork for each connection, or, in other words, it is a single-tasking HTTP server. It has a light memory footprint and makes it suitable for running on embedded devices. Configuring Boa is also easy.

Boa runs on desktops, too. Let’s say you want to share a directory from your Ubuntu system with your colleague in a remote branch with a Microsoft Windows system but on the same office network. The files are bigger than your email attachment limit and your colleague needs to choose several files from the directory as per his needs. Boa can be a handy choice in situations like this where you would like to share a directory quickly over HTTP. Of course you can choose other options like Apache but Boa merely takes a minute to install, setup and share any directory over HTTP. This guide will show you how to do that on Ubuntu.

Read more at Muktware

Raspberry Pi: Exploring computing education in rural schools in India

This post was syndicated from: Raspberry Pi and was written by: Helen Lynn. Original post: at Raspberry Pi

Earlier this year, the Raspberry Pi Foundation supported a University of Cambridge team of two researchers, Dr Maximilian Bock and Aftab Jalia, in a pilot project exploring the possibilities of providing computing access and education in rural schools in India. Working with local organisations and using an adaptable three-day programme, they led two workshops in June 2014 introducing students and teachers to computing with the Raspberry Pi. The workshops used specially designed electronics kits, including Raspberry Pis and peripherals, that were handed over to the partner organisations.

Karigarshala students connect Raspberry Pis and peripherals The first workshop took place at Karigarshala Artisan School, run by Hunnarshala Foundation in Bhuj, Gujarat; the attendees were a group of 15-to-19-year old students who had left conventional education, as well as three local instructors. The students started off with very little experience with computers and most had never typed on a keyboard, so a session introducing the keyboard was included, followed by sessions on programming, using the Raspberry Pi camera module and working with electronics.

Karigarshala students mastering hardware control of an LED via the Raspberry Pi GPIO

Karigarshala students mastering hardware control of an LED via the Raspberry Pi GPIO

Students chose to spend their evenings revisiting what they had learned during the day, and by the end of the course all the students could write programs to draw shapes, create digital documents, connect electronic circuits, and control components such as LEDs using the Raspberry Pi.

Chamoli students practise on their own using a TV as a monitor

Chamoli students practise on their own using a TV as a monitor

The second workshop welcomed six- to twelve-year-old pupils of the Langasu Primary School in the remote Chamoli district, Uttarakhand, along with three of their teachers. This younger group of students followed a programme with more focus on activities featuring immediate feedback — for example, Sonic Pi for live-coding music — alongside programming and electronics tasks. As they learned, students soon began teaching other students.

Weather station/forecaster
Battery-operated inverter
Pi-controlled chores robot

In an Ideas Competition held at the end of the workshop, entries reflected students’ engagement with the Raspberry Pi as a device with which to build solutions: an inverter system to deal with frequent power outages, a weather station that gives warnings, a robot to assist with menial chores.

The Cambridge team’s “Frugal Engineering” approach, delivering computing education without the need for elaborate infrastructure, proved very successful in both schools. Hunnarshala Foundation has decided to integrate the Raspberry Pi into its vocational training curriculum, while students at Langasu Primary School will not only carry on learning with Raspberry Pis at school but will be able to borrow self-contained Raspberry Pi Loan Kits to use at home. The Cambridge team remains in touch with the schools and continues to provide off-site support.

September 2014 and February 2015 will see the team build on this successful pilot with induction workshops in three new schools, as well as follow-up visits to evaluate the use of Raspberry Pi in past project sites and to provide support and resources for expanding the programmes.

Велоеволюция: За велосипедистите и за планирането на улиците

This post was syndicated from: Велоеволюция and was written by: hap4oteka. Original post: at Велоеволюция

376377�00D�00:�00�00P�00�00v�00e�00l�00o�00�00s�00o�00f�00i�00a�00�00v�00e�00l�00o�00a�00l�00e�00i�00-�00S�00o�00f�00i�00a�00�00O�00b�00i�00k�00o�00l�00n�00a�00-�00D�00r�00u�00j�00b�00a�00�00O�00b�00i�00k�00o�00l�00n�00a�00-�00D�00r�00u�00j�00b�00a�00-�00n�00a�00p�00r�00e�00c�00h�00n�00i�00_�00p�00r�00o�00f�00i�00l�00i�00-�00a�00p�00p�00r�00o�00v�00e�00d�00 �00M�00o�00d�00e�00l�00 �00(�001Как в София е на път да стане една малка революция – за велосипедистите и за планирането на улиците?

След дълга еволюция на отношението към велосипедистите, интегрираната транспортна политика и начинът на планиране на улиците, е на път да стане една малка, но все пак революция в София. Улицата е “Обиколна”, в жк. “Дружба” 2, в
момента – една тясна кална пътечка зад Цариградски комплекс. Тя беше планирана да се превърне в четирилентов автомобилен път, който да достигне бул.”Проф. Цв. Лазаров” и да се свърже с друг такъв четирилентов бул. ”К.Пастухов”. Велоалеята трябваше да се добави при вече одобрен регулационен план, беше планирана върху тротоара, оставайки на пешеходците удоволствието да се разхождат на зиг-заг между стълбовете на уличното осветление.

Планът бе променен – пътят за автомобили се редуцира до реално необходимите за движението там – две ленти, обособи се лента за паркиране – так се регламентира паркирането вместо да се спира нелегално в дясната лента и така остана място да се изпълни двупосочна велоалея, която наистина да може да се използва, широки тротоари за пешеходци и озеленяване. Велоалеята е с ширина 2,5 м и е отделена от автомобилите. Това ще позволи спокойно и сигурно движение на велосипедистите в квартала, добра велосипедна връзка към бул. „Кръстьо Пастухов” и парка при езерото в жк. „Дружба“, както и връзка в посока бул.”Копенхаген” и бул. „Цариградско шосе“.

 Как се случи тази промяна?

С плана на улицата представители на Велоеволюция се запознаха на среща на (бившата вече) работна група за изготвяне на Програма за развитие на велосипедния транспорт в София.

Представен ни бе четирилентовия път, велоалеята беше на тротоара – ту двупосочна, ту от двете страни еднопосочна, като на места мястото за пешеходци беше твърде оскъдно.

Въпреки, че за планa имаше много кратки срокове и се бързаше със строителството, ние не се отказахме да защитаваме най-доброто решение – а именно промяна на профила на цялата улица, вместо да решаваме къде точно на тротоара да начертем жълтата линия между велосипедистите и пешеходците. Категорично застанахме зад позицията новата инфраструктура да не създава конфликт между пешеходци и велосипедисти, още повече, че улицата не съществува в момента. Въпреки това се изтъкваха аргументи, че велосипедното движение пак трябва да се намести по този неудачен и конфликтен начин.

Решихме да оформим всички аргументи в становище до управата на града и да обявим, че решението на този казус ще е лакмус за бъдещето на транпортната политика на града. Улицата не се очаква да е много натоварена – това го доказват вече изпълнената част на ул.”Обиколна”, бул.”К.Пастухов”, а паркирането в дясната лента ще е неизбежно, особено около по-новите блокове. Обявихме се и против безсмисленото разходване на обществени средства за създаването на твърде широка улица, чиято настилка после ще трябва и да се поддържа, а нерегламентираното паркиране само ще създава допълнителна работа на пътните полицаи и ще пропилее обществено пространство (т.е. улицата). Изпратихме нашето становище с предложение за нов профил на улицата до общината (цялото становище на сдружение „Велоеволюция” можете да прочетете тук). Промяната се случи благодарение на разбирането, проявено от членовете на работната група, проектантите от ОП”Софияпроект”, както и на активната подкрепа от страна на общинския съветник Зафир Зарков и последващ разговор с кмета на града Йорданка Фандъкова.

Въпреки че има още какво да се направи, за да може улицата да изглежда с напълно съвременен профил – велоалеята да е отделена с бордюр, широк поне 50-75 см, а не с делинеатор 25 см за сметка на велоалеята, пресичането на страничните улички да стане с повдигната пешеходна и велосипедна пътека, озеленяването да е по-богато и като цяла ивица, (много често в чужбина садят дървета в лентата за паркиране) и др., все пак промяната на профила е малката голяма стъпка в правилната посока.

 Има и други добри новини:

Първо пресичане на софийски околовръстен път за велосипедисти!

Още преди две години когато изграждането на западната дъга на околовръстното шосе при жк. “Люлин” започна да се осъществява, Велоеволюция предложи да се реализира велосипедно пресичане. Първата стъпка бе направена с недълга велоалея по последния участък на бул.„Царица Йоана” в посока Околовръстен път. Впоследствие разбрахме, че въпреки това при кръговото кръстовище на двата пътя велоалеята е забравена. След нашето напомняне и координацията на колегите от работната група на общината, се надяваме проектантът на кръстовището (инфраструктурата по софийски околовръстен път е в ресора на Агенцията за пътна инфраструктура, а не на общината) да проведе безопасно и удобно велосипедното движение. Ако то бъде осъществено, ще даде реалната възможност да се изпълни двупосочно велосипеден трасе до гр. Божурище и гр. Банкя, което би се превърнало в първия извънградски велосипеден път на София.

София иска да промени важна наредба

Много често прилагането на някои добри практики от чужбина за велосипедна инфраструктура се спъва от конкретни ограничения в нормативната уредба. За редица въпроси, касаещи инфраструктурата в градовете ключова е Наредба № 2 от 29 юни 2004 г. на МРРБ за планиране и проектиране на комуникационно-транспортните системи на урбанизираните територи. Тази наредба в момента е твърде остаряла и неактуална – лаконична е относно различни велосипедни пътища и ситуации, но пък има определени рестрикции и твърде малки минимални ширини. Заради това, а и поради други нужди в проектирането София (напр. облекчаване на условията за обособяване на BUS-ленти) ще предложи промени в наредбата, а Велоеволюция ще се включи с идеи за детайлни подобрения при проектирането на велосипедна инфраструктура – велоалеи, велоленти, велосипедни булеварди, паркиране и др. Очаква се съвсем скоро да се сформира работна група за целта и добре дошли са всякакви предложения от организации и администрация и на други градове.

С тези три стъпки на Столична община сме обнадеждени, че промяната в отношението към велосипедистите започва да се превръща в решаващ фактор за подобряването на условията за движение и живот в града. Ние винаги ще изискваме само най-доброто за велосипедистите и  сме щастливи, че макар и след години неуморното ни писане на становища и вглеждане в чертежи дава резултат. Въпреки че транспортната политика в София е твърде разнопосочна, опитваща се да даде предимство както на обществения транспорт, така и на автомобилите (нерешима задача при ограничено пространство и твърде скъпо преустройство на кръстовища на две нива със спорен ефект), то усещането ни е, че в Столична община вече има воля за реализиране на добри велосипедни практики. Надяваме се тя да бъде подкрепена и с други добри инфраструктурни реализации, които да дадат предимство на обществения транспорт, велосипедите и ходенето пеш.



SANS Internet Storm Center, InfoCON: green: Windows Previous Versions against ransomware, (Thu, Jul 24th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

One of the cool features that Microsoft actually added in Windows Vista is the ability to recover previous versions of files and folders. This is part of the VSS (Volume Shadow Copy Service) which allows automatic creation of backup copies on the system. Most users “virtually meet� this service when they are installing new software, when a restore point is created that allows a user to easily revert the operating system back to the original state, if something goes wrong.

However, the “Previous Versions� feature can be very handy when other mistakes or incidents happen as well. For example, if a user deleted a file in a folder, and the “Previous Version� feature is active, it is very easy to restore a deleted file by clicking the appropriate button in the Properties menu of the drive/folder that contained the deleted file. The user can then simply browse through previous versions and restore the deleted file, as shown in the figure below:

Previous Versions tab

You can see in the figure above that there are actually multiple versions of the Desktop folder that were saved by the “Previous Versions� feature. A user can now simply click on any version he/she desires and browse through previous files.

How can this help against Cryptolocker and similar ransomware? Well simply – when such ransomware infects a machine, it typically encrypts all document files such as Word and PDF files or pictures (JPG, PNG …). If the “Previous Versions� feature is running, depending on several factors such as allocated disk space for it as well as the time of last snapshot (since “Previous Versions� saves files comparing to the last snapshot, which would normally take place every day), you just might be lucky enough that *some* of the encrypted files are available in “Previous Versions�.

Monitoring “Previous Versions� activities

As we can see, by using this feature it is very simple to restore previous files. This is one of the reasons why I see many companies using this feature on shared disks – it can be very handy in case a user accidentally deleted a file.

However, there are also security implications here. For example, a user can restore a file that was previously deleted and that you thought is gone. Of course, the user still needs access rights on that file – if the ACL does not allow him to access the file he won’t be able to restore it, but in case an administrator set ACL’s on a directory, which is typically the case, and everything else below it is inherited, the user might potentially be able to access a file that was thought to be deleted.

This cannot be prevented (except by changing ACL’s, of course), so all we can do in this case is to try to monitor file restoration activities. Unfortunately, Windows is pretty (very?) limited in this. The best you can do is to enable Object Access Audit to see file accesses and then see what a particular user accessed. That being said, I have not been able to stably reproduce logs that could tell me exactly what version the user accessed – in some cases Windows created a log such as the following:

Share Information:
                Share Name:                    \\*\TEST
                Share Path:                    \??\C:\TEST
                Relative Target Name:          @GMT-2014.07.02-11.56.38\eula.1028.txt

This is event 5145 (“A network share object was checked to see whether client can be granted desired access�), and it is visible which copy was accessed but, as I said, I was not able to have this event generated by this constantly.


The “Previous Versions� feature is very handy in cases when you need to restore a file that was accidentally deleted or modified and can sometimes even help when a bigger incident such as a ransomware infection happened. Make sure that you use this feature if you need it, but also be aware of security implications – such as the fact that it automatically preserves deleted files and their modified copies.

Finally, for some reason Microsoft decided to remove, actually modify this feature in Windows 8. The “Previous Versions� tab does not any more exist in Explorer (actually it does, but you need to access files over a network share). For saving local files Windows 8 now use a feature called “File History�. It needs to be manually setup and it needs to have an external HDD which will be used to save copies of files. This is definitely better since, if your main HDD dies, you can restore files off the external one, but keep in mind that it needs to be setup manually. Finally, if you use EFS to encrypt files, the “File History� feature will not work on them.

​bojanz on Twitter


(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Дневника на един support: Музиката брат …

This post was syndicated from: Дневника на един support and was written by: darkMaste. Original post: at Дневника на един support

Вторник е, часът е към 2-3 следобед, чудя се какво да правя вече па и някак си не ми се спи, прибрал съм се и съм си легнал пред 3-4 часа ама няма свъртане ( дет са пее Ain’t no rest for the wicked  ) Проверявам Таня прекрасная и естествено се мятаме навън, по пътя си взимам една чепка грозде и си ги мятам във въздуха да ги ловя с уста ( успеваемост 50% ). Мотаме се по улиците и се разпукваме от забавлявки, купих си раница ( най-накрая ), прибори ( под формата на разноцветни китайски прички И ( голямо И задълже ) джобен часовник !

Провалих и плановете на момата за съжаление ( нейно и то за кратко ) да оди на кино и на среща с някакъв младеж ама съдба …
Открихме сезончето с Ромче ( а дамата с уиски ) после на бири ( тя си държеше на уискито ). Оказва се че барманката ( кака Лори ) е нейна приятелка ( след 2 часа висене там се разпознаха а бяхме всичко 4 човека … ).
Понеже скоро реших че ще си правя галерия с прекрасните жени който срещам дори и за кратко започвам от сега: 
Понеже нямам снимки от самото караоке шоу ( защото през половинта време бях захапал микрофона ) на ви малко отвън на някой от прекрасните хора с койт са запознахме :

Самото караоке протече нечовешки добре, много веселост, желание, либоф, бири, пяли сме какво ли не, Таничка след няколко часово мрънкане че не може да пее, хвана микрофоно и направо сцепи мрака, изкърти мивката и сякакви такива подобни! 
Купон пълен ама става към 2-3 и идват кукери, единия е видимо заядлив педераст, музиката се намаля, микрофоните се спират, но ние не. Милицията си тръгва, ние правим “акустично” караоке, демек бучим в неработещи микрофони и пак се забавляваме.
Става 5 и ние с Таничка фанати под ръчички тръгваме към тях. Изпращам девойката, прибирам се по светло ( пак ) и си мисля да си легна, което не ми се отдава, няколко часа размотавка пред компа и накрая към 9 заспивам. 
“Нов ден”, нов късмет разираш ли, няма 12 часа ама аз вече съм навън и виждам нещо което не вярвах че някога ще видя :
Ако някой не е успял да разбере, това е камион който кара ГАРАЖ !
Милито ми Поли ( не папагал ) има рожден ден и аз съм у тех да започваме празненството но първо трябва да си дооправи документите защото предния ден е напуснала работа. Отиваме ние, аз чакам в местната кръчма и понеже става на 30 решавам че трябва да изпием 30 бири ( до края на вечерта изпихме повече ), започваме добре аз на 8 тя на 4. 
Изкарваме няколко часа в кръчмата и решаваме че вече трябва да мърдаме на някъде и къде мислите отиваме, при кака Дидка която също имаше рожден ден но предния ден. Продължаваме да набухваме бирите, бате Весо този път вече може да пие и помага. Билянчето има няква работа и после ще ни води на репетиция. Скачаме и в колата ( след като я изчакахме 3 бири време ) и отиваме в “студиото”. 
Групата - ( мноу добре свирят между другуту )
Вънка се пие, вътре се свири и като цяло кеф. Леко лирическо отклонение защото се появява малък скакалец който подскача от мене на Биляна и обратно докато не го занесох в едни храсти
Билянка се оказва най-добрия шофьор от женски пол който съм срещал, разтоварва ни всичките по къщите и към 1 аз вече съм си легнал. 7 сутринта вече съм станал. Поглеждам компутуря и получавам еи тази прекрасна снимка. Е просто когато нещата започнат добре няма как да свършат зле (;
П.П. Отбелязване на бирите ( до 30-тата ) защото сме разсеяни и забравяме (;

SANS Internet Storm Center, InfoCON: green: ISC StormCast for Thursday, July 24th 2014, (Thu, Jul 24th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License. [$] Weekly Edition for July 24, 2014

This post was syndicated from: and was written by: corbet. Original post: at

The Weekly Edition for July 24, 2014 is available.

Клошкодил: Sysadmin day – 2014 (URG)

This post was syndicated from: Клошкодил and was written by: Vasil Kolev. Original post: at Клошкодил

Този петък (25 юли) празнуваме пак денят на системния администратор, в “Кривото” на ъгъла на “Дондуков” и “Будапеща”, след 19:00. Всякакви админи и хора, които искат да почерпят админи са добре дошли.
(добре, че някой ми напомни, щях да пропусна) [$] Browser tracking through “canvas fingerprinting”

This post was syndicated from: and was written by: n8willis. Original post: at

Recently, public attention has been called to a new online
user-tracking method that is purported to be nearly impossible to
block. Called “canvas fingerprinting,” the technique relies on
forcing the browser to generate an image on the client side of the
connection—an image that is unique enough to serve as a
fingerprint for the browser that created it. In fact, the basis for
this fingerprinting approach is several years old, but it does now
seem to be in use in the wild. Whether or not it truly amounts to an
insurmountable blocking challenge, however, remains to be seen. ownCloud 7 released

This post was syndicated from: and was written by: corbet. Original post: at

The ownCloud 7 release has been announced.
The headline feature this time around appears to be server-to-server
sharing, but it also has mobile web browser support, file activity
notifications, and an improved management interface. Security advisories for Wednesday

This post was syndicated from: and was written by: ris. Original post: at

CentOS has updated firefox (C6; C5:
multiple vulnerabilities), firefox,
(C7: multiple vulnerabilities), libvirt (C7: information disclosure/denial of
service), nss, nspr (C7: code execution),
nss (C5; C6: code execution), nss-util (C6: code execution), nspr (C6; C5: code
execution), and thunderbird (C5; C6: multiple vulnerabilities).

Debian has updated acpi-support (privilege escalation) and mysql-5.5 (unidentified vulnerabilities).

Fedora has updated libXfont (F19:
multiple vulnerabilities), python-simplejson (F19: information
disclosure), and readline (F20: insecure temporary files).

Oracle has updated firefox (OL6:
multiple vulnerabilities), nss, nspr (OL6; OL5: code
execution), and thunderbird (OL6: multiple vulnerabilities).

Red Hat has updated firefox
(RHEL5,6,7: multiple vulnerabilities), httpd (RHEL5,6; RHEL7: multiple vulnerabilities), httpd24-httpd (RHSC1: multiple
vulnerabilities), kernel-rt (RHE MRG2.5:
multiple vulnerabilities), libvirt (RHEL7:
information disclosure/denial of service), nss (RHEL5.6,5.9,6.2,6.4: code execution), nss, nspr (RHEL5,7: code execution), nss, nspr (RHEL6: multiple vulnerabilities),
and thunderbird (RHEL5,6: multiple vulnerabilities).

Scientific Linux has updated firefox (SL5,6: multiple vulnerabilities), httpd (SL5,6: multiple vulnerabilities),
nss and nspr (SL6; SL5: code execution), and thunderbird (SL5,6: multiple vulnerabilities).

Ubuntu has updated acpi-support
(12.04 LTS: privilege escalation), firefox (14.04 LTS, 12.04 LTS:
multiple vulnerabilities), libtasn1-3,
(14.04 LTS, 12.04 LTS, 10.04 LTS: multiple
vulnerabilities), and thunderbird
(14.04 LTS, 12.04 LTS: multiple vulnerabilities).

Schneier on Security: Security Vulnerability in the Tails OS

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

I’d like more information on this.