Posts tagged ‘Facebook’

Backblaze Blog | The Life of a Cloud Backup Company: Backblaze + Time Machine = ♥

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

blog-time-machine

“Why do I need online backup if I have Time Machine Already?” We get that question a lot. Here, we recommend you use both. Backblaze strongly believes in a 3-2-1 backup policy. What’s 3-2-1? Three copies of your data, on two different media, and one copy off-site. If you have that baseline, you’re in good shape. The on-site portions of your backup strategy are typically, the original piece of data, and an external hard drive of some sort. Most of our Mac customers use Time Machine, so that’s the one we’ll focus on here.

Raising Awareness
Apple did a great job with Time Machine, and with building awareness for backups. When you plugged in your first external hard drive, your Mac would ask if you wanted to use that drive as a Time Machine backup drive, which was instrumental in teaching users about the importance and potential ease of backups. It also dramatically simplified data backup, making it automatic and continuous. Apple knew that having people manually drag and drop files into folders and drives so they were backed up was not a reliable backup strategy. By making it automatic, many people used Time Machine for their local backup, but this still left a hole in their backup strategy, they had nothing off-site.

Why Bother
Having an off-site backup comes in handy when your computer and local backup (Time Machine in this case) are both lost. That can occur because of fire, theft, flood, forgetfulness, or a wide variety of other unfortunate reasons. Stories of people neglecting to replace their failed Time Machine drive then having their computer crash are well known. An off-site backup that is current, such as an automatic online backup can also be used to augment the local Time Machine backup, especially when traveling. For example, your hard drive in your laptop crashes while you’re on vacation. Time Machine can be used to recover up to the point where you left for your trip and your online backup can be used to fill in the rest.

Some Limitations
One thing about using Time Machine, is that as a hard drive, it doesn’t scale with the amounts of data that you have. When you purchase a 500GB drive, that’s all the space you have for your backup. For example, if you have your Mac Pro or MacBook and have a Time Machine hard drive connected to it, it will back up the data that’s on the computer. If you add an additional hard drive in to the mix as a storage drive, the Time Machine drive may not be large enough to handle both data sets, from the Mac and from the additional storage. So the more data you accumulate, the larger the Time Machine drive you have to use.

Additionally, if you store data on your Time Machine drive itself, those files are not actually going to be included in the Time Machine backup, so be wary! Apple and Backblaze strongly recommend using a separate, dedicated drive for your Time Machine backup, and not keeping any original data on that drive. That way, if the drive fails, you only lose one copy, and avoid potentially losing both copies. Backblaze works similarly, because you have an off-site backup with Backblaze, it’s another layer of protection from data loss.

Diversification
So use both! And if you’re on a PC, use an external hard drive as your second media type (most come with their own local-backup software). There’s no such thing as too many backups. Backing up is like a retirement or stock portfolio, the more diversification you have, the less vulnerability you have!

Author information

Yev

Yev

Social Marketing Manager at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP | LinkedIn: Yev Pusin | Google+: Yev Pusin

The post Backblaze + Time Machine = ♥ appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Backblaze Blog | The Life of a Cloud Backup Company: There’s No I in Bryan

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company

blog-bryan
Straight out of Portland, Bryan joins our Datacenter staff to help backup your world! Having had a wide variety of jobs before joining the Backblaze team, including farming and store clerking, Bryan is excited to join the tech industry, and can’t wait to help ensure your data is safe. Let’s learn some more about our fourth, and latest “Brian”!

What is your Backblaze Title?
Datacenter Technician

Where are you originally from?
Before Sacramento, I lived in Portland, Oregon. Before that, I called upstate New York “home”.

Why did you move to Sacramento?
I moved to California to help backup your world!

What attracted you to Backblaze?
I’ve lost data before and it’s horrible. I like knowing that my stuff is backed up securely, and I’d like to help other people know their stuff is backed up too. Backblaze is the place to do this.

From the outside, Backblaze struck me as inventive and ambitious, and the data center work looked like it would switch from thinking/planning to moving/doing and back again throughout the day at a good clip. I’ve been here for a week, and it really does function that way. I love it.

Where else have you worked?
Farms, video rental stores, gas stations, radio waves, computer stores, and offices. You know, the usual.

Tell us how you currently backup your photos, music, data, etc. on your home computer?
Local backups: Time Machine
Bootable backups: Shirt-Pocket’s Super Duper! and Bombich’s Carbon Copy Cloner
Offsite backups: Backblaze

If you won the lottery tomorrow, what would you do?
I would buy you lunch!

How did you get into computers?
In sixth grade when I was 12, my grandparents bought a Packard Bell so they could make spreadsheets tracking their stats in fantasy NASCAR. Every day after school I pedaled my bicycle to their house along ATV trails through the forest, so that I could use the computer. Eventually I was given someone’s used computer. I still visited my grandparents though.

Welcome Bryan! We’re jazzed to have you on board, and will definitely look forward to that lunch after you hit it big withe lotto!

Author information

Yev

Yev

Social Marketing Manager at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP | LinkedIn: Yev Pusin | Google+: Yev Pusin

The post There’s No I in Bryan appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Raspberry Pi: MagPi issue 28

This post was syndicated from: Raspberry Pi and was written by: Liz Upton. Original post: at Raspberry Pi

I’m in a bit of a rush today; we’re all at the factory in Wales where the Raspberry Pi is built to show the team that works in Cambridge how to make a Pi. So I’ll hand over to Team MagPi, who have just released their 28th edition of the free monthly Raspberry Pi magazine, written by Raspberry Pi fans for Raspberry Pi fans.

Screen Shot 2014-11-18 at 14.17.27

Editor Ash Stone says:

This month’s Issue is packed with hardware and programming articles.  We are pleased to present the first article in an OpenCV (open source computer vision) image recognition software series by Derek Campbell.  The robot that Derek used to test the software configuration is shown on this month’s cover.

Expanding the I/O possibilities of the Raspberry Pi is often a first step of electronics projects.  This time, Dougie Lawson presents a review of the Arduberry board from Dexter Industries.  This little board provides an ideal microcontroller interface for more complicated electronics projects.  This month’s hardware articles are rounded off by Karl-Ludwig’s third BitScope article, which includes examples of preamplifier circuits and associated test and measurement.

The Raspberry Pi provides the opportunity to run many different software applications.  Voice over IP (VoIP) allows telephone calls to be carried over an internet connection.  Walbarto Abad continues his mini-series by describing how to setup an Asterisk VoIP server.

The second application article this month continues the discussion of git (distributed version control system).  Git was originally produced for Linux kernel development, but is now a mainstay of many different development projects and has been adopted by several schools too.  Alec Clews leads us through his second tutorial on the subject.

This month’s programming article demonstrates how to build an arcade game using FUZE BASIC.  Jon Silvera includes instructions, code and images to build a horizontally scrolling game.

We are on the look out for more articles at all levels and on all subjects.  If you are interested in submitting an article, please get in touch with us by emailing articles@themagpi.com.

If you have any other comments, you can find us on Twitter (@TheMagP1) and Facebook (www.facebook.com/MagPiMagazine) too.

 

 

Backblaze Blog: How Backblaze Achieved 917% Growth

This post was syndicated from: Backblaze Blog and was written by: Gleb Budman. Original post: at Backblaze Blog

blog-fast500

With 917% revenue growth over the last 5 years, Backblaze has just secured itself the 128th spot on the list of the fastest growing technology companies in the United States. The journey has been exciting but could have come to an abrupt end at various times. Let me share a bit about how we grew and what we’ve learned.

Start
In 2007, Jeanine had a computer crash and begged Brian for help recovering her files. She had no backup. He could not help.

Five of us talked about this experience and realized that 100% of the photos, movies, and personal and work documents were going digital. But with fewer than 10% of people backing up their computers, eventually all of these digital items would vaporize. We quit our jobs and started Backblaze to solve the impending disaster.

Financing
While we had previously raised VC funding for startups, we decided to start Backblaze differently, committing to each other that we would work for 1 year without pay, and to put a bit of money into the business. This would effectively be the seed round.

After five years of steady growth, we decided to raise our first VC round.

Challenges
From the outside it seems like a simple, beautiful exponential growth curve up and to the right. From the inside, the challenges along the way don’t fit onto a single page. Probably not into a book either. Paul Graham has a fantastic chart of this experience he calls the “Startup Curve”.

I thought of many issues we might have: not getting the product/market fit right, not being able to build the product, not being able to attract customers, running out of cash. And some of these bumps, such as finding that many of the expected ways to find customers don’t work, we actually did run into.

But others, such as the distraction of almost being acquired or the massively impactful challenge of a flood in Thailand were harder to predict.

Successes
Despite the challenges, there were two things that kept the company succeeding: 1) focused, determined, hard work, and 2) luck.

The day of our initial beta launch on June 4th, 2007, we had glowing articles in TechCrunch and Ars Technica. People were signing up in droves and it was thrilling. But a week later the servers were bored – no one was showing up to the website. The initial external excitement vaporized and what happened next was all of us having to put our heads down and plow forward. Day after day we needed to do the small things required to build the business, that over time, add up to growth.

And then there was luck. We planned to store data on Amazon S3. Since we couldn’t afford it, we designed our own storage. Not only did that end up being a huge boon to us as it dramatically reduced our costs, but open-sourcing our Backblaze Storage Pod design hit a nerve and 1 million people read that blog post. It helped put us on the map.

Growth
Early on the data center asked us to commit to ¼ of one cabinet for one year. At the time that was a $12,000 commitment and we negotiated it down to 6 months to reduce our risk. Now we have over 100 petabytes of data stored in over 100 cabinets, adding 3 cabinets of equipment every month, and committed for several years. Sometimes growth sneaks up on you.

From 2009 through 2013 we’ve grown revenue 917%. That was good enough for 128th place in the 2014 Deloitte Technology Fast 500™ in the United States – just beating out Facebook in the 129th spot.

To qualify for the Fast 500 a business had to earn over $50K in revenue in 2009 and over $5M in revenue in 2013. We obviously exceeded those numbers. (While we don’t disclose revenue, Backblaze is in double-digit millions of dollars in revenue.)

Balance
In the same period as Backblaze has grown 917%, it is estimated that 55% of companies failed. Mortality rates are even higher in the information technology space where Backblaze resides, and over the years multiple online backup companies and services have folded.

There is a saying I’ll paraphrase: Businesses don’t fail because they are unprofitable; they fail because they run out of cash.

Bootstrapping a company, especially a capital-intensive one, meant we constantly had to watch cash-flow. Initially we were “afraid of customers” because a large influx of new customers meant having to buy another $10,000 storage pod, for customers who would pay us $5 per month. Eventually it would make sense, but for the first year we would be cash-flow negative. We came up with one simple way to solve this cash-flow challenge, but without raising capital, sometimes you have to make the tradeoff that things that make sense in the long run aren’t feasible because you won’t make it to the ‘long run’ if you run out of cash.

Takeaways
I’m honored that Backblaze has received this Fast 500 award and there has been a lot that we have learned. Here are 4 key takeaways:

  1. Build a sustainable business

    I don’t mean a ‘green’ business; I mean a business that can last. A business can’t be high-growth if it’s out of business. Aim toward a model where customers support the company, even if at times you decide to raise funding. If customers are the cash-engine, your business won’t be at the whim of the funding markets.

  2. Plan for the long term

    Some companies are a flash-in-the-pan – founded, launched, and acquired in a year. There’s a draw to this quick-buck approach. But most successful companies take years to build. Work on something you’ll be excited to do for many years. It’ll make the journey great, help overcome the bumps, and increase the chances of success.

  3. Work a day-at-a-time

    A great launch or customer-win feels fantastic. Celebrate the successes, but don’t fear the small steps. A business that makes $1 in revenue the first day and grows a mere 1% per day will only make $37 in revenue per day after an entire year…but it will make $76,240,508 in revenue per day after five years.

  4. Stay focused

    When we started Backblaze, we wrote an entire wall of products and features we wanted to build. After 7 years, we’re still working on the first one. Solving the right problem takes focus and time, and doing that is generally much better than partially solving many different problems.

Today is one of those exciting ‘success’ days when we celebrate an achievement. But this growth is looking in the rearview mirror. And tomorrow it’s time to get our heads back down and charge on.

 

Author information

Gleb Budman

Co-founder and CEO of Backblaze. Founded three prior companies. He has been a speaker at GigaOm Structure, Ignite: Lean Startup, FailCon, CloudCon; profiled by Inc. and Forbes; a mentor for Teens in Tech; and holds 5 patents on security.

Follow Gleb on: Twitter / LinkedIn / Google+

The post How Backblaze Achieved 917% Growth appeared first on Backblaze Blog.

TorrentFreak: Hey UK: Jailing File-Sharers for Years is Shameful

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

jailMonday this week, Kane Robinson and Richard Graham, an admin and uploader of now-defunct file-sharing forum Dancing Jesus, had their lives turned upside down when they were handed jail sentences of 32 and 21 months respectively.

The pair had got involved in Dancing Jesus years ago, when they were teenagers. The site dealt in leaked music, no one disputes that, but if you knew of Dancing Jesus before the site got raided you were in the minority. It was a niche site, to say the least.

Still, the UK record labels claimed the duo had cost them around £240m ($378m) in losses. It appears the court believed them and as a result the pair are locked away at this very moment for a very long time indeed.

Sadly that estimate can only be a dramatic exaggeration. If we are to believe claims from the other side of the Atlantic, the behemoth that was Megaupload – the subject of the world’s largest copyright case – ‘only’ managed to cost the entertainment industry an alleged $500m, and that’s the estimate of a notoriously aggressive US Government.

Also, Megaupload hosted 12 billion unique files and had 100 million users. Dancing Jesus had 12,000 registered users and carried 22,500 allegedly infringing links. Robinson and Kane made no money from their activities, that much was accepted in court. Megaupload made an alleged $175m.

The sums don’t add up, anyone can see that, but at this point, today, none of that means much to the pair staring at four gray walls with devastated families at home and ruined lives behind them.

Ok, they knew what they were doing and many will argue that there needs to be some kind of punishment for distributing content to the public without permission, but this week’s sentences go way too far by most sensible standards.

Before his incarceration, Graham told TF that he’d been taking school exams when the music industry first homed in on him, and since being arrested he’d gone on to university and obtained a degree.

And leading up to Dancing Jesus, Kane Robinson was headhunted to run the official Arctic Monkeys website by the band’s manager.

“Kane’s fansite (which ironically shared their tracks for free and gained the band a lot of exposure) was receiving a lot more traffic than theirs. He ran that for several months,” Kane brother Kyle informs TF.

After the closure of Dancing Jesus, both men had put file-sharing behind them and were working in legitimate jobs. Dangerous? No. Violent? No. Dancing Jesus years behind them? No doubt. Compassion then? Not a chance.

To underline the harshness of this week’s sentences we could compare them with cases recently before the UK courts.

Consider the pilot who admitted to flying a plane whilst three times over the drink limit yet faces a maximum two years in jail? Or what about the sex offender caught file-sharing Category A-rated child abuse images on file-sharing networks? He got a 15 month suspended sentence just days after Robinson and Graham were given 32 and 21 months each.

Instead, however, let’s take a look at a file-sharing case that concluded last week in Finland. It involved a 40-year-old man also accused of making copyrighted content available to the public – 964 video files, 49,951 music tracks and 573 other sundry files to be precise.

Last week the court found the man guilty of copyright infringement, fined him 1,000 euros with 2,000 euros in legal costs. He was also ordered to pay damages to local music rights group Teosto to the tune of 1,500 euros plus 3,000 euros to IFPI. Jail wasn’t on the agenda.

Whether this is a fair punishment for the offenses in hand is for others to decide. However, it seems unlikely that those with the ability to look beyond this week’s “£240 million losses” headlines will feel that it’s proportionate for two non-violent men to spend the next few Christmas Days behind bars.

That said, in today’s legal climate it’s unrealistic to expect UK-based file-sharing site operators to simply walk away from a court without some kind of punishment, even if they did only operate a linking forum. But even then, several years in jail makes little to no sense for non-commercial operators, especially when supposed financial losses are either plucked from thin air or a product of highly speculative accounting.

The lesson here is simple. The ground rules, at least in the UK, have changed. The last three big cases in the UK (SurftheChannel, Fast and Furious ‘cammer’, Dancing Jesus) were all private prosecutions by the entertainment industries and have all ended in prison time for the defendants. There is no reason to think things are about to change.

In the meantime, people like Kane’s family are left trying to rally support on Facebook in an attempt to scrape together £5,000 in a GoFundMe fundraiser to finance an appeal aimed at achieving a more realistic sentence.

In conclusion it now appears that anyone other than low-level UK file-sharers need to consider whether their “fun” hobby is really worth losing years of their freedom over. And of course, shameful as it might be, that’s the message the industry wanted to send all along.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Krebs on Security: ‘Microsoft Partner’ Claims Fuel Support Scams

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

You can’t make this stuff up: A tech support company based in the United States that outsources its work to India says its brand is being unfairly maligned by — wait for it…..tech support scammers based in India. In an added twist, the U.S.-based tech support firm acknowledges that the trouble may be related to its admittedly false statements about being a Microsoft Certified Partner — the same false statements made by most telephone-based tech support scams.

Tech support scams are, unfortunately, an extremely common scourge. Most such scams are the telephonic equivalent of rogue antivirus attacks, which try to frighten consumers into purchasing worthless security software and services. Both types of scams try to make the consumer believe that the caller is somehow associated with Microsoft or with a security company, and each caller tries to cajole or scare the consumer into giving up control over his or her PC.

Earlier this month, a reader shared a link to a lengthy Youtube video by freelance journalist Carey Holzman, in which Holzman turns the tables on the tech support scammers. During the video, Holzman plays along and gives the scammer remote control access to a test computer he’s set up specifically for this video.  The scammer, who speaks with a strong Indian accent but calls himself “Steve Wilson” from the “Microsoft technical department,” tries to convince Holzman that he works for a company that is a legitimate Microsoft support partner.

“Let me show you who we are,” the scammer says, opening up Google.com and typing SB3 Inc. Clicking on the first result brings up sb3inc[dot]com, which proudly displays an icon in the upper right corner of its home page stating that it is a Microsoft Certified Partner. “This is our mother company. Can you see that we are a Microsoft certified partner?”

When Holzman replies that this means nothing and that anyone can just put a logo on their site saying they’re associated with Microsoft, the scammer runs a search on Microsoft.com for SB3. The scammer shows true chutzpah when he points to the first result, which — if clicked — leads to a page on Microsoft’s community site where members try to warn the poster away from SB3 as a scam.

When Holzman tries to get the scammer to let him load the actual search result link about SB3 on Microsoft.com, the caller closes the browser window and proceeds to enable the SysKey utility on Windows, which allows the scammer to set a secret master password that must be entered before the computer will boot into Windows (effectively an attempt at locking Holzman out of his test computer if he tries to reboot).

The video goes on for some time more, but I decided to look more closely at SB3. The Web site registration records for the company state that it is based in New Jersey, and it took less than a minute to find the Facebook page of the company’s owner — a Suvajit “Steve” Basu in Ridgewood, NJ. Basu’s Facebook feed has him traveling the world, visiting the World Cup in Brazil in 2014, the Ryder Cup in 2012, and more recently taking delivery on a brand new Porsche.

Less than 24 hours after reaching out to him on Facebook and by phone, Basu returns my call and says he’s working to get to the bottom of this. Before I let him go, I tell Basu that I can’t find on Microsoft’s Partner Site any evidence to support SB3’s claim that it is a Microsoft Certified Partner. Basu explains that while the company at one time was in fact a partner, this stopped being the case “a few months ago.” For its part, Microsoft would only confirm that SB3 is not currently a Microsoft partner of any kind.

SB3's homepage, before it removed the false "Microsoft Partner" claim.

SB3’s homepage, before it removed the false “Microsoft Partner” claim.

Basu explained that Microsoft revoked SB3’s partner status after receiving complaints that customers were being cold-called by SB3 technicians claiming to be associated with Microsoft. “Microsoft had gotten complaints and we took out all references to Microsoft as part of our script,” that the company gives to tech support callers, Basu said.

As for why SB3 still falsely claimed to be a Microsoft Partner, Basu said his instructions to take the logo down from the site had apparently been ignored by his site’s administrators.

“That was a mistake for which we do take the blame and responsibility,” Basu said in a follow-up email. “We have corrected this immediately on hearing from you and you will no longer find a mention of Microsoft on our SB3Inc Website.”

Basu said SB3 is a legitimate company based in the USA which uses off-shore manpower and expertise to sell tech support services through its iFixo arm, and that the company never participates in the sort of scammy activities depicted in Holzman’s video. Basu maintains that scammers are impersonating the company and taking advantage of its good name, and points to a section of the video where the scammer loads a payment page at support2urpc[dot]com, suggesting that Support to Your PC is the real culprit (the latter company did not return messages seeking comment).

“After viewing your video it is obvious to us that one or more persons out there are misusing our brand and good-will,” Basu wrote.”We feel horrible and feel that along with the unknowing consumers we are also victims. This is corporate identity theft.”

SB3 may well be a legitimate company that is being scammed by the scammers, but if that’s true the company has done itsself and its reputation no favors by falsely stating it is a Microsoft partner. What’s more, complaints about tech support scammers claiming to be from SB3 are numerous and date back more than a year. I find it remarkable that a tech support company with the uncommon distinction of having secured a good name in this line of work would not act more zealously to guard that reputation. Alas, a simple Internet search on the SB3 brand would have alerted the company to these shenanigans.

SB3 has since removed the Microsoft Certified Partner logo from its home page, but the image is still on its server. Running a search on that image at Tineye.com — an extremely useful image search Web site — produces more than 11,700 results. No doubt Microsoft and other scam hunters have used this investigative tool to locate tech support scams, which may explain why support2urpc[dot]com does not appear to include the same image on its site but instead claims association with sites that do.

LWN.net: Linux Security Distros Compared: Tails vs. Kali vs. Qubes (Lifehacker)

This post was syndicated from: LWN.net and was written by: jake. Original post: at LWN.net

Three security-oriented Linux distributions are compared and contrasted over at Lifehacker. The three (Tails, Kali Linux, and Qubes OS) have distinct use cases that are surveyed in the article. “The crux of Tails is anonymity. While it has cryptographic tools in place, its main purpose is to anonymize everything you’re during online. This is great for most people, but it doesn’t give you the freedom to do stupid things. If you log into your Facebook account under your real name, it’s still going to be obvious who you are and remaining anonymous on an online community is a lot harder than it seems.

Backblaze Blog: Obama Backs Backblaze – Throttling is Bad

This post was syndicated from: Backblaze Blog and was written by: Brian Wilson. Original post: at Backblaze Blog

President Obama is now on the record stating that Internet providers have “a legal obligation not to block or limit your access to a website.” We agree and want to thank the President for following in our footsteps by telling the world that throttling is bad. Backblaze itself does not actively throttle our customers. The….

Author information

Brian Wilson

I completed my undergraduate at Oregon State University in 1990, then completed a Stanford Masters degree in 1991. Ever since then I’ve worked at various companies as a software engineer, in the last few years starting my own software startups called MailFrontier (started in 2002) and most recently Backblaze (started in 2007).

I have a personal web site at http://www.ski-epic.com that I started in 1999 (it was originally just for one vacation, but it kept growing) where I put up my vacation pictures and videos. Nothing professional, it’s all just for fun.

In my spare time I enjoy skiing, motorcycling, and boating. I have been lucky enough to travel to a few countries, and I enjoy scouting out new places for the first time.

Follow Brian on:

Twitter: @brianwski

YouTube: brianwski

LinkedIn: brianwski

Google+: brianwski

Reddit: brianwski

The post Obama Backs Backblaze – Throttling is Bad appeared first on Backblaze Blog.

Errata Security: This Vox NetNeutrality article is wrong

This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security

There is no reasoned debate over NetNeutrality because the press is so biased. An example is this article by Timothy B. Lee at Vox “explaining” NetNeutrality. It doesn’t explain, it advocates.

1. Fast Lanes

Fast-lanes have been an integral part of the Internet since the beginning. Whenever somebody was unhappy with their speeds, they paid money to fix the problem. Most importantly, Facebook pays for fast-lanes, contrary to the example provided.

One prominent example of fast-lanes is “channels” in the local ISP network to avoid congestion. This allows them to provide VoIP and streaming video over their own private TCP/IP network that won’t be impacted by the congestion that everything else experiences. That’s why during prime-time (7pm to 10pm), your NetFlix streams are low-def (to reduce bandwidth), while your cable TV video-on-demand are hi-def.

Historically, these channels were all “MPEG-TS”, transport streams based on the MPEG video standard. Even your Internet packets would be contained inside the MPEG streams on channels.

Today, the situation is usually reversed. New fiber-optic services have TCP/IP network everywhere, putting MPEG streams on top of TCP/IP. They just separate the channels into their private TCP/IP network that doesn’t suffer congestion (for voice and video-on-demand), and the public Internet access that does. Their services don’t suffer congestion, other people’s services do.

The more important fast-lanes are known as “content delivery networks” or “CDNs”. These companies pay ISPs to co-locate servers on their network, putting servers in every major city. Companies like Facebook then pay the CDNs to host their data.

If you monitor your traffic, you’ll see that the vast majority goes to CDNs located in your city. When you access different, often competing companies like Facebook and Apple, your traffic may in fact go to the same IP address of the CDN server.

Smaller companies that cannot afford CDNs most host their content in just a couple locations. Since these locations are thousands of miles from most of their customers, access is slower than CDN hosted content like Facebook. Pay-for-play has, with preferred and faster access, has been an integral part of the Internet since the very beginning.

This demonstrates that the Vox example of Facebook is a complete lie. Their worst-case scenario already exists, and has existed since before the dot-com era even started, and has enabled competition and innovation rather than hindering it.

2. Innovation

Vox claims: “Advocates say the neutrality of the internet is a big reason there has been so much online innovation over the last two decades“.

No, it’s opponents who claim the lack of government regulation is the reason there has been so much online innovation in the last decades.

NetNeutality means sweeping government regulation that forces companies to ask permission first before innovating. NetNeutrality means spending money lobbying for government for special rules, surviving or failing based on the success of paying off politicians rather than surviving or failing based on the own merits.

Take GoGo Inflight broadband Internet service on airplanes. They block NetFlix in favor of their own video streaming service. This exactly the sort of thing that NetNeutrality regulations are supposed to block. However, it’s technically necessary. A single person streaming video form NetFlix would overload the connection for everyone else. To satisfy video customers, GoGo puts servers on the plane for its streaming service — allowing streaming without using the Internet connection to the ground.

If NetNeutrality became law, such things would be banned. But of course, since that would kill Internet service on airplanes, the FCC would immediately create rules to allow this. But then everyone would start lobbying the FCC for their own exceptions. In the end, you’d have the same thing with every other highly regulated industry, where companies with the most lobbying dollars win.

Innovation happens because companies innovate first and ask for permission (or forgiveness) later. A few years ago, Comcast throttled BitTorrent traffic during prime time. NetNeutrality proponents think this is bad, and use it as an example of why we need regulation. But no matter how bad it is, it’s a healthy sign of innovation. Not all innovations are good, sometimes companies will try things, realize they are bad, then stop doing them. Under NetNeutrality regulations, nothing bad will happen ever again, because government regulators won’t allow it. But that also means good innovations won’t happen either — companies won’t be able to freely try them out without regulators putting a stop to it.

Right now, you can start a company like Facebook without spending any money lobbying the government. In the NetNeutrality future, that will no longer be possible. A significant amount of investor money will go toward lobbying the government for favorable regulation, to ask permission.

3. What’s Taking So Long

Vox imagines that NetNeutality is such a good idea that the only thing stopping it is technicalities.

The opposite is true. The thing stopping NetNeutrality is that it’s a horrible idea that kills innovation. It’s not a technical idea, but a political one. It’s pure left-wing wing politics that demands the government run everything. The thing stopping it is right-wing politics that wants the free-market to run things.

The refusal of Vox to recognize that this is a left-wing vs. right-wing debate demonstrates their overwhelming political bias on this issue.

4. FCC Bypassing Congress

The Internet is new and different. If regulating it like a utility is a good idea, then it’s Congress who should pass a law to do this.

What Obama wants to do is bypass congress and seize control of the Internet himself.

5. Opponent’s arguments

Vox gets this partly right, but fundamentally wrong.

The fundamental argument by opponents is that nothing bad is happening now. None of the evil scenarios of what might happen are actually happening now.

Sure, sometimes companies do bad things, but the market immediately corrects. That’s the consequence of permission-free innovation: innovate first, and ask for permission (or forgiveness) later. That sometimes companies have to ask for forgiveness is a good sign.

Let’s wait until Comcast actually permanently blocks content, or charges NetFlix more than other CDNs, or any of the other hypothetical evils, then let’s start talking about the government taking control.

6. Red Tape

Strangling with red-tape isn’t a binary proposition.

What red-tape means is that network access becomes politicized, as only those with the right political connections get to act. What red-tape means is that only huge corporations can afford the cost. If you like a world dominated by big, connected corporations, then you want NetNeutrality regulations.

While it won’t strangle innovation, it’ll drastically slow it down.

7. YouTube

Vox claims that startups like YouTube would have difficulty getting off the ground with NetNeutrality regulation. The opposite is true: companies like YouTube would no longer be able to get off the ground without lobbying the government for permission.

8. Level Playing Field

Vox description of the NetFlix-Comcast situation is completely biased on wrong, taking NetFlix’s and leftist description at face value. It’s not true.

Descriptions of the NetFlix-Comcast issue completely ignore the technical details, but the technical details matter. For one thing, it doesn’t stream “across the Internet”. The long-distance links between cities cannot support that level of traffic. Instead, NetFlix puts servers in every major city to stream from. These servers are often co-located in the same building as Comcast’s major peering points.

In other words, what we are often talking about is how to get video streaming from NetFlix servers from one end of a building to another.

During prime time (7pm to 10pm), NetFlix’s bandwidth requirements are many times greater than all non-video traffic put together. That essentially means that companies like Comcast have to specially engineer their networks just to handle NetFlix. So far, NetFlix has been exploiting loopholes in “peering agreements” designed for non-video traffic in order to get a free ride.

Re-architecting the Internet to make NetFlix work requires a lot of money. Right now, those costs are born by all Comcast subscribers — even those who don’t watch NetFlix. The 90% of customers with low-bandwidth needs are subsidizing those 10% who watch NetFlix at prime time. We like to think of Comcast as having monopolistic power, but it doesn’t. The truth is that Comcast has very little power in pricing. It can’t meter traffic, charging those who abuse the network during prime time to account for their costs. Thus, instead of charging NetFlix abusers directly, it just passes its costs to NetFlix.

Converting the Internet into a public-utility wouldn’t change this. It simply means that instead of fighting in the market place, the Comcast-NetFlix battle would be decided by regulators. And, the result of the decision would be whichever company did the best job lobbying the FCC and paying off politicians — which would probably be Comcast.

Krebs on Security: Feds Arrest Alleged ‘Silk Road 2′ Admin, Seize Servers

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Federal prosecutors in New York today announced the arrest and charging of a San Francisco man they say ran the online drug bazaar and black market known as Silk Road 2.0. In conjunction with the arrest, U.S. and European authorities have jointly seized control over the servers that hosted Silk Road 2.0 marketplace.

The home page of the Silk Road 2.0 market has been replaced with this message indicating the community's Web servers were seized by authorities.

The home page of the Silk Road 2.0 market has been replaced with this message indicating the community’s Web servers were seized by authorities.

On Wednesday, agents with the FBI and the Department of Homeland Security arrested 26-year-old Blake Benthall, a.k.a. “Defcon,” in San Francisco, charging him with drug trafficking, conspiracy to commit computer hacking, and money laundering, among other alleged crimes.

Benthall’s LinkedIn profile says he is a native of Houston, Texas and was a programmer and “construction worker” at Codespike, a company he apparently founded using another company, Benthall Group, Inc. Benthall’s LinkedIn and Facebook profiles both state that he was a software engineer at Space Exploration Technologies Corp. (SpaceX), although this could not be immediately confirmed. Benthall describes himself on Twitter as a “rocket scientist” and a “bitcoin dreamer.”

Blake Benthall's public profile page at LinkedIn.com

Blake Benthall’s public profile page at LinkedIn.com

Benthall’s arrest comes approximately a year after the launch of Silk Road 2.0, which came online less than a month after federal agents shut down the original Silk Road community and arrested its alleged proprietor — Ross William Ulbricht, a/k/a “Dread Pirate Roberts.” Ulbricht is currently fighting similar charges, and made a final pre-trial appearance in a New York court earlier this week.

According to federal prosecutors, since about December 2013, Benthall has secretly owned and operated Silk Road 2.0, which the government describes as “one of the most extensive, sophisticated, and widely used criminal marketplaces on the Internet today.” Like its predecessor, Silk Road 2.0 operated on the “Tor” network, a special network of computers on the Internet, distributed around the world, designed to conceal the true IP addresses of the computers on the network and thereby the identities of the network’s users.

“Since its launch in November 2013, Silk Road 2.0 has been used by thousands of drug dealers and other unlawful vendors to distribute hundreds of kilograms of illegal drugs and other illicit goods and services to buyers throughout the world, as well as to launder millions of dollars generated by these unlawful transactions,”reads a statement released today by Preet Bharara, the United States Attorney for the Southern District of New York. “As of September 2014, Silk Road 2.0 was generating sales of at least approximately $8 million per month and had approximately 150,000 active users.”

Benthall's profile on Github.

Benthall’s profile on Github.

The complaint against Benthall claims that by October 17, 2014, Silk Road 2.0 had over 13,000 listings for controlled substances, including, among others, 1,783 listings for “Psychedelics,” 1,697 listings for “Ecstasy,” 1,707 listings for “Cannabis,” and 379 listings for “Opioids.” Apart from the drugs, Silk Road 2.0 also openly advertised fraudulent identification documents and computer-hacking tools and services. The government alleges that in October 2014, the Silk Road 2.0 was generating at least approximately $8 million in monthly sales and at least $400,000 in monthly commissions.

The complaint describes how federal agents infiltrated Silk Road 2.0 from the very start, after an undercover agent working for Homeland Security investigators managed to infiltrate the support staff involved in the administration of the Silk Road 2.0 website.

“On or about October 7, 2013, the HSI-UC [the Homeland Security Investigations undercover agent] was invited to join a newly created discussion forum on the Tor network, concerning the potential creation of a replacement for the Silk Road 1.0 website,” the complaint recounts. “The next day, on or about October 8, 2013, the persons operating the forum gave the HSI‐UC moderator privileges, enabling the HSI‐UC to access areas of the forum available only to forum staff. The forum would later become the discussion forum associated with the Silk Road 2.0 website.”

The complaint also explains how the feds located and copied data from the Silk Road 2.0 servers. “In May 2014, the FBI identified a server located in a foreign country that was believed to be hosting the Silk Road 2.0 website at the time. On or about May 30, 2014, law enforcement personnel from that country imaged the Silk Road 2.0 Server and conducted a forensic analysis of it . Based on posts made to the SR2 Forum, complaining of service outages at the time the imaging was conducted, I know that once the Silk Road 2.0 server was taken offline for imaging, the Silk Road 2.0 website went offline as well, thus confirming that the server was used to host the Silk Road 2.0 website.”

The government’s documents detail how Benthall allegedly hatched a selfless plan to help the Silk Road 2.0 community recover from an incident in February 2014, wherein thieves stole millions of dollars worth of Bitcoins from community users.

“On or about September 11, 2014, Defcon had an online conversation with the HSI-UC, in which he discussed, in sum and substance, his intention to reopen the Silk Road 2.0 marketplace, and his plan to recoup the deficit of Bitcoins that had been stolen from Silk Road 2.0. Specifically, Defcon confirmed that the site needed to recoup approximately 2,900 Bitcoins to cover the loss, and stated that he intended to donate approximately 1,000 of his own Bitcoins to return liquidity to Silk Road 2.0 (“I’m planning to throw my1000 BTC to kickstart the thing.”).”

“Defcon further acknowledged that the site had approximately 150,000 monthly active users (“We have 150,000 monthly active users. That’s why we have to save this thing.”). The HSI‐UC asked how long it would take to recover from the theft, and Defcon replied that it would take approximately three months’ worth of commission payments, if sales on Silk Road 2.0 continued at a steady rate (“Three months if sales continue at current pace and we don’t bottom out”). Thus, Defcon appears to have expected Silk Road2.0 to generate approximately $6 million in monthly sales over the next three months, which would have resulted in commissions over that three‐month period totaling approximately $900,000 ‐ equal to approximately 1,900 Bitcoins at the then prevailing exchange rate. “

Benthall’s biggest mistake may have been using his own personal email to register the servers used for the Silk Road 2.0 marketplace. In the complaint against Benthall, an undercover agent who worked the case said that “based on a review of records provided by the service provider for the Silk Road 2.0 Server, I have discovered that the server was controlled and maintained during the relevant time by an individual using the email account blake@benthall.net.”

“To me, it appears that both the human element, an undercover agent, plus technical attacks in discovering the hidden service, both played a key part in this arrest,” said Nicholas Weaver, a researcher at the International Computer Science Institute (ICSI) and at the University of California, Berkeley.

Federal agents also say they tracked Benthall administering the Silk Road 2.0 from his own computer, and using Bitcoin exchanges to make large cash withdrawals. In one instance, he allegedly cashed out $270,000, and used $70,000 for a down payment on a Tesla Model S, a luxury electric car worth approximately USD $127,000.

Benthall faces a raft of series charges that could send him to federal prison for life. He is facing one count of conspiring to commit narcotics trafficking, which carries a maximum sentence of life in prison and a mandatory minimum sentence of 10 years in prison; one count of conspiring to commit computer hacking, which carries a maximum sentence of five years in prison; one count of conspiring to traffic in fraudulent identification documents, which carries a maximum sentence of 15 years in prison; and one count of money laundering conspiracy, which carries a maximum sentence of 20 years in prison.

A copy of the complaint against Benthall is available here.

Krebs on Security: Still Spamming After All These Years

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

A long trail of spam, dodgy domains and hijacked Internet addresses leads back to a 37-year-old junk email purveyor in San Diego who was the first alleged spammer to have been criminally prosecuted 13 years ago for blasting unsolicited commercial email.

atballLast month, security experts at Cisco blogged about spam samples caught by the company’s SpamCop service, which maintains a blacklist of known spam sources. When companies or Internet service providers learn that their address ranges are listed on spam blacklists, they generally get in touch with the blacklister to determine and remediate the cause for the listing (because usually at that point legitimate customers of the blacklisted company or ISP are having trouble sending email).

In this case, a hosting firm in Ireland reached out to Cisco to dispute being listed by SpamCop, insisting that it had no spammers on its networks. Upon investigating further, the hosting company discovered that the spam had indeed come from its Internet addresses, but that the addresses in question weren’t actually being hosted on its network. Rather, the addresses had been hijacked by a spam gang.

Spammers sometimes hijack Internet address ranges that go unused for periods of time. Dormant or “unannounced” address ranges are ripe for abuse partly because of the way the global routing system works: Miscreants can “announce” to the rest of the Internet that their hosting facilities are the authorized location for given Internet addresses. If nothing or nobody objects to the change, the Internet address ranges fall into the hands of the hijacker (for another example of IP address hijacking, also known as “network identity theft,” check out this story I wrote for The Washington Post back in 2008).

So who’s benefitting from the Internet addresses wrested from the Irish hosting company? According to Cisco, the addresses were hijacked by Mega-Spred and Visnet, hosting providers in Bulgaria and Romania, respectively. But what of the spammers using this infrastructure?

One of the domains promoted in the spam that caused this ruckus — unmetegulzoo[dot]com — leads to some interesting clues. It was registered recently by a Mike Prescott in San Diego, to the email address mikeprescott7777@gmail.com. That email was used to register more than 1,100 similarly spammy domains that were recently seen in junk email campaigns (for the complete list, see this CSV file compiled by DomainTools.com).

Enter Ron Guilmette, an avid anti-spam researcher who tracks spammer activity not by following clues in the junk email itself but by looking for patterns in the way spammers use the domains they’re advertising in their spam campaigns. Guilmette stumbled on the domains registered to the Mike Prescott address while digging through the registration records on more than 14,000 spam-advertised domains that were all using the same method (Guilmette asked to keep that telltale pattern out of this story so as not to tip off the spammers, but I have seen his research and it is solid).

persaud-fbOf the 5,000 or so domains in that bunch that have accessible WHOIS registration records, hundreds of them were registered to variations on the Mike Prescott email address and to locations in San Diego. Interestingly, one email address found in the registration records for hundreds of domains advertised in this spam campaign was registered to a “michaelp77x@gmail.com” in San Diego, which also happens to be the email address tied to the Facebook account for one Michael Persaud in San Diego.

Persaud is an unabashed bulk emailer who’s been sued by AOL, the San Diego District Attorney’s office and by anti-spam activists multiple times over the last 15 years. Reached via email, Persaud doesn’t deny registering the domains in question, and admits to sending unsolicited bulk email for a variety of “clients.” But Persaud claims that all of his spam campaigns adhere to the CAN-SPAM Act, the main anti-spam law in the United States — which prohibits the sending of spam that spoofs that sender’s address and which does not give recipients an easy way to opt out of receiving future such emails from that sender.

As for why his spam was observed coming from multiple hijacked Internet address ranges, Persaud said he had no idea.

“I can tell you that my company deals with many different ISPs both in the US and overseas and I have seen a few instances where smaller ones will sell space that ends up being hijacked,” Persaud wrote in an email exchange with KrebsOnSecurity. “When purchasing IP space you assume it’s the ISP’s to sell and don’t really think that they are doing anything illegal to obtain it. If we find out IP space has been hijacked we will refuse to use it and demand a refund. As for this email address being listed with domain registrations, it is done so with accordance with the CAN-SPAM guidelines so that recipients may contact us to opt-out of any advertisements they receive.”

Guilmette says he’s not buying Persaud’s explanation of events.

“He’s trying to make it sound as if IP address hijacking is a very routine sort of thing, but it is still really quite rare,” Guilmette said.

The anti-spam crusader says the mere fact that Persaud has admitted that he deals with many different ISPs both in the US and overseas is itself telling, and typical of so-called “snowshoe” spammers — junk email purveyors who try to avoid spam filters and blacklists by spreading their spam-sending systems across a broad swath of domains and Internet addresses.

“The vast majority of all legitimate small businesses ordinarily just find one ISP that they are comfortable with — one that provides them with decent service at a reasonable prince — and then they just use that” to send email, Guilmette said. “Snowshoe spammers who need lots of widely dispersed IP space do often obtain that space from as many different ISPs, in the US and elsewhere, as they can.”

Persaud declined to say which companies or individuals had hired him to send email, but cached copies of some of the domains flagged by Cisco show the types of businesses you might expect to see advertised in junk email: payday loans, debt consolidation services, and various nutraceutical products.

In 1998, Persaud was sued by AOL, which charged that he committed fraud by using various names to send millions of get-rich-quick spam messages to America Online customers. In 2001, the San Diego District Attorney’s office filed criminal charges against Persaud, alleging that he and an accomplice crashed a company’s email server after routing their spam through the company’s servers. In 2000, Persaud admitted to one felony count (PDF) of stealing from the U.S. government, after being prosecuted for fraud related to some asbestos removal work that he did for the U.S. Navy.

Many network operators remain unaware of the threat of network address hijacking, but as Cisco notes, network administrators aren’t completely helpless in the fight against network-hijacking spammers: Resource Public Key Infrastructure (RPKI) can be leveraged to prevent this type of activity. Another approach known as DNSSEC can also help.

Backblaze Blog: Backblaze Blog: No Comment.

This post was syndicated from: Backblaze Blog and was written by: Yev. Original post: at Backblaze Blog

One of the great things about the Internet (and possibly one of the worst) is the ability to leave comments and interact with individuals on their blogs or web pages. Recently, Backblaze switched our web site and blog to HTTPS. We also moved the blog from blog.backblaze.com to backblaze.com/blog and we updated our blog design….

Author information

Yev

Yev

Social Marketing Manager at Backblaze

Yev enjoys speed-walking on the beach. Speed-dating. Speed-writing blog posts. The film Speed. Speedy technology. Speedy Gonzales. And Speedos. But mostly technology.

Follow Yev on:

Twitter: @YevP

LinkedIn: Yev Pusin

Google+: Yev Pusin

The post Backblaze Blog: No Comment. appeared first on Backblaze Blog.

TorrentFreak: VKontakte Asks U.S. To Remove “Pirate Site” Stamp

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

vkThe Russian social network VKontakte (VK) has long been criticized for its passive approach to piracy. The site has millions of users, some of whom use it to share copyrighted content.

As a result the United States Trade Representative (USTR) has labeled the site a “notorious market” on several occasions, and last week the MPAA and RIAA advised the Government to maintain this listing in its upcoming report.

The movie studios and record labels claim that VK is still not doing enough to address the piracy issue. However, in a letter (pdf) to the USTR, VK director Dmitry Sergeev disagrees.

VK’s director admits that the social network has a history of being used for piracy, especially audio. However, in recent years the company has put a lot of effort into its anti-piracy measures, often in cooperation with rightsholders.

“Over the last years, especially in 2013 and 2014, VK took numerous steps to address copyright holders’ concerns. These steps were part of the VK long-term plan of improvement and cooperation with the rightsholders and copyright industry associations,” Sergeev notes.

Sergeev says that his company can’t control all information that’s uploaded to the site. Scanning all uploaded files for possible copyright infringement is therefore not a realistic option.

“VK does not have the technical capability to pre-moderate, filter, or otherwise prevent the uploading of works due to the enormous volume of information being uploaded by users on a daily basis and the fact that VK does not have reliable information confirming violation of copyright in advance,” he notes.

However, VK has clear terms of service that forbid sharing of unauthorized material. In addition, users have to agree that they are authorized to share a file every time they upload something.

The company also processes DMCA-style takedown notices. This means that copyright holders can make files inaccessible if they spot infringing content. This is similar to how other large Internet services work and more than 450,000 notices have been submitted so far.

While the MPAA and RIAA label VK as a piracy haven, VK emphasizes that plenty of content is shared legally. Many starting artists in Russia use it as the most important platform to promote their work, and many established musicians are happy to share their work as well.

“A very large amount of VK’s content is uploaded absolutely legitimately. For instance, lots of famous musicians, singers, authors and other IP owners enthusiastically use VK.com for their own purposes of promotion,” he says.

VK’s director lists several examples of popular artists that have official profiles, including Tiësto, Armin Van Buren, Shakira, Moby, Coldplay and Arctic Monkeys.

And there’s more. VK says it has reached agreements with various copyright holders to share revenue and it’s currently negotiating licensing deals with Sony/ ATV, Warner Chappell and Music Publishing Group and others.

In addition, the company also implemented a fingerprinting technology that automatically prevents uploads of infringing audio files for which it already received a takedown notice. This measure aims to prevent the takedown “groundhog day” the RIAA complained about.

Considering its long list of anti-piracy initiatives VK asks the United States Trade Representative not to include the site in the upcoming 2014 Out of Cycle Review of Notorious Markets. Whether this will be the case or not, will become clear in a few weeks.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

TorrentFreak: Swedish Police in Bangkok to Detain Pirate Bay Founder

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

After the final guilty verdicts were handed down in the historic Pirate Bay trial, Fredrik Neij decided that life in a Swedish prison wasn’t for him.

Instead, Neij flew to the Asian country of Laos where he has been enjoying family life with this wife and three children. He made no secret of his whereabouts, with Facebook updates appearing to show a relaxed man enjoying life in the capital Vientiane, a city situated on the Mekong near the border with Thailand.

Vientiane’s location appears to have played a big part in both Neij’s life and his eventual downfall. Laos is somewhat lacking in facilities so being right on the border with Thailand was convenient when Neij’s family required things such as healthcare.

However, according to Thai authorities he crossed that border 27 times in recent years and Monday was to be his unlucky day. Neij was already the subject of Swedish and Interpol warrants so when he was spotted wearing the same shirt as he was wearing in his ‘wanted’ photo, Thai border police arrested him.

After being held in custody during Monday and Tuesday, Neij is now on his way to Bangkok pending his almost certain return to Sweden. While it is being reported that Neij will be extradited, Sweden and Thailand have signed no extradition treaty. That being said, removing him is not expected to be an issue.

Local media is reporting that Thai authorities have revoked Neij’s visa, meaning that he can now be deported. Most people being removed from the country are taken to Bangkok and Neij is now confirmed as being en route to the Thai capital.

“Three Thai policemen will escort him on the flight to Bangkok and Swedish police will help us whisk him to the immigration bureau before he is handed over to Swedish authorities,” Police Colonel Panlop Suriyakul na Ayutthaya told AFP.

That Swedish authorities are in Thailand ready for Neij was confirmed by his lawyer Jonas Nilsson.

“As I understood it, staff from the Swedish embassy are on their way to where he is. [Fredrik has] also been informed that he will be transported to Sweden,” Neij’s lawyer, Jonas Nilsson told SR.

The deportation procedure is relatively straightforward and an initial investigation could be completed within 48 hours but extended for seven days and beyond if necessary. [Update: Thai authorities say Neij will be sent to Sweden “within the next month”]

If earlier plans for Neij’s incarceration in Sweden play out, on his return he will be processed and taken to Kirseberg prison in Malmö. The prison first came into operation during 1914 and has a capacity of 131 inmates and around 170 staff. According to the decision of the court, Neij is set to spend a total of 10 months inside.

neij-prison

In addition to his prison sentence, Neij is required to pay his share of roughly $6.78m in damages owed to copyright holders.

Previous investigations by Swedish authorities turned up no assets in his name but yesterday Thai authorities revealed that the Swede has a house on the island of Phuket and five million baht ($153,000) in a local bank account. Whether this is within reach of copyright holders remains to be seen.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

The Hacker Factor Blog: Don’t Forget to Vote!

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

Today is election day in the United States. While the President is elected every four years, we only vote for part of congress at that time. Two years later are the midterm elections, were we vote for the another part of congress. (This year is a midterm election.) The idea behind only voting for part of congress at a time is to ensure a smooth transition. But really, I wish we could vote out all of them at once since congress seems completely incapable of doing their basic duties: voting on laws and managing the budget. A smooth transition from the most incompetent congress in history does not seem necessary.

I had originally planned to blog today about all of the pre-election phone calls. Two years ago, my phone rang non-stop with robocalls and humans who wanted to give biased surveys or tell me how they feel. I was ready to record all of the calls, but they just were not worth it this time.

Yes, my phone rang, but they were almost all robocalls. They were recordings that followed a basic template: “Hi, my name is single-word-name and I’m furious/angry/opinionated about candidate name…” Or “This is Callers For Swaying Voters (or similar organization name) and I’d like to conduct a brief survey. Please press ‘1’ to continue.” During these calls, I would try to reach a human, but either the call would drone on or they would hang up on me.

It’s the hang-ups that really got my attention. “Please press ‘1’ to continue.” If you press “0” or anything other than “1” then they hang up. As one non-survey robocaller began to talk, I kept repeating “Hello? Hello? Hello?” By the third “Hello?”, it hung up on me. I really suspect that these robocalls were listening for me. And thinking about it… if, during their monologue, they hear me say “this is bullshit”, then they know my opinion.

Then again, some robocallers really sounded human. But they were clearly automated systems. As an example (MP3), one automated system sounded like a person. Except, when I interrupted it, it politely hung up on me.

I did receive a few human callers, but none of them wanted to be played with.

  • One caller wanted my opinion on some survey. I told him that I’m a professional consultant and my opinion is not free. He politely thanked me for my time and hung up quickly.

  • There were a few callers where I requested their information in order to verify that they were a registered organization that was authorized to make a political phone call, and not just a telemarketer violating no-call laws. For the ones who gave me their organization’s name, none of them were registered. That means they were all violating the no-call restrictions.
  • A few callers really wanted to verify that I am “Neal Kramnwetz”. (I enjoy having a hard-to-pronounce surname.) I wanted to verify who they are first. “What is you company’s name?” “What is you company’s address?” “What is your phone number?” I need these answers to look them up and validate them. With each question, the callers repeated that they could not tell me due to “security concerns”. I pointed out that they wanted to verify me for security but that they would not let me verify them. Each time, they got frustrated and hung up.
  • One caller called at 7pm on Halloween. She wanted to give a survey. I informed her that we had trick-or-treaters and then I hung up. Seriously, do they really think their survey is more important than seeing a kid dress as a Viking ship! His candy bag was strapped to the bow and he had a six-foot tall mast!

For most of this voting season, my phone rarely rang. Rather than 3-8 calls per day, I received a call every 2-3 days.

I had really wanted to record some of these surveys in order to show how biased they really are. Unfortunately, none of the calls lasted long enough for me to get to the questions. Then again, I really had expected more phone calls to play with.

What’s that, sonny?

One of my friends pointed out that this year’s ads really focused on older voters. They emphasized soapbox sermons filled with anger rather than friend-building and social networking.

I have this long-held belief that ads on web pages denote wasted real estate. The whole concept of placing ads everywhere and talking at potential customers is a pre-technology approach. It worked back when newspapers used paper and AM radio had broadcast stations. But today, we have social networks and word of mouth and viral videos.

I’m sure that the advertisers think that their approach works, but that’s only because they don’t know how to best exploit new technologies. Constantly posting political ads on Facebook and Twitter is a quick way to get ignored. And who watches live TV over the air anymore? TiVo makes it easy to skip political ads. I like how Netflix has no commercials. And I’ve learned how to take off my headphones when Hulu ads start playing and it even gives me a nice indicator: in 30 seconds, put the headphones back on.

Perhaps this is why Obama’s election six years ago came as such a surprise to the ad and survey crowd… Obama embraced social media and played it to his strengths, while all of the negative campaigning went over ignored mediums. The only times McCain/Palin had anything go viral was when they said something stupid. (And they had a lot of things go viral.)

Paid for by…

The one thing I did notice about the election this year was how they were seriously targeting emotions. Anger, frustration, disappointment. I heard a lot about how paid actors feel and their negative opinions, but almost nothing promoting the candidates.

As far as I can recall, every message from a third-party entity was negative. Unfortunately, when it came time to vote, I could remember the candidate’s name but almost no details about them. Do I like him or hate him? I don’t remember. (Fortunately, I keep notes and referred to them to decide how to vote.) For something as important as this election, both parties seem to be going out of the way to not be memorable.

An Almost-Perfect Ad

I rarely watch live TV. I just feel that there is nothing worthwhile except maybe the local news. For the last few weeks, even the local news has been showing non-stop political commercials. None of these ads really got my attention… except one. It was for some guy running for some office. He gave his name, but did not mention any party affiliation or even where he stands on any issues. He said he was only going to have one commercial and this was it. Then he said to go out and vote.

(If anyone can find a copy of this commercial, let me know and I’ll link to it here.)

This guy and his ad really stood out and got my attention. Nothing negative and he aligned with my belief that it is important to vote. He didn’t say to vote for him; he only said to vote. He didn’t even mention any issues or address his competition; he only said to vote. Honestly, I know nothing about him at all, except that he wants me to participate in the election process and he kept his word: he only had one commercial.

Unfortunately, there is something to be said for repetition. I only saw his commercial once. If I could recall his name, I would have definitely voted for him.

Блогът на Юруков: Рискът от бедност и информационно изкривяване

This post was syndicated from: Блогът на Юруков and was written by: Боян Юруков. Original post: at Блогът на Юруков

Интерпретацията на всяка една статистика е най-важната част от отразяването ѝ. Затова трябва да сме сигурни, че сме я разбрали. В последните дни излезе новият доклад за риска от бедност и социално изключване. Както се очакваше, гръмнаха заглавия, че сме най-бедни, половината българи живеят в немотия и не могат да си намерят работа. Да, най-бедни сме в ЕС. С колко обаче и дали останалите скандални твърдения в медиите са верни?

Нека погледнем изводите от доклада – 48% от българите са в риск от бедност или социално изключване. Някои цитират, че през 2008-ма цифрата е била 44.8%, но пропуснат да кажат, че миналите три години сме били над 49%, а преди 2008-ма – над 60%. Тоест – подобрение има. Все пак, цифрата е изключително висока – почти половината население. При това сме доста над Румъния, Латвия и Румъния, които имат между 35 и 40%.

За да разберем причините, трябва да се вгледаме в дефиницията на този индекс. „Риск от бедност или социално изключване“. Дефиницията (1) показва, че има няколко компонента. За да е човек в такъв риск, трябва да отговаря на поне едно от изброените условия.

Риск от бедност

Това означава (2), че човек получава по-малко от 60% от средния изравнен доход за страната след социални плащания. Изравненият доход (3) се смята за домакинство с различните тежести за членовете и е 280 лв. на човек на месец за България. Тоест за семейство с едно дете целият доход трябва да е под 840 лв. Този критерий не означава, че тези хора са бедни, а че през тази и поне две от предходните три години са получавали доста по-малко от останалите в страната. Рискът от бедност също така не означава непременно нисък стандарт на живот, както изясняват от Евростат.

За България процентът преди социалните плащания е … 25.9% за 2012. Това явно се пропуска от доста медии. По-внимателните казват, че почти половината българи са в риск от бедност. Останалите директно ги обявяват, че са бедни. Всъщност нивото от почти 26% е същото както в Австрия и Швеция и доста по-ниско от Белгия, Дания и Англия. Причината е в сравнително равното разпределение на заплатите в България.

След социалните плащания дялът пада до 21%, което е високо за Европа, но не от най-високите. По-добре е от Румъния, Гърция и Испания. Пенсиите и социалните плащания у нас са най-ниските, но ниската цена на живота компенсира донякъде. Отново обаче тези 21% са доста по-малко от 49.6%.

Сериозни материални лишения

Този индикатор ми е любим, защото с него най-много се спекулира. Той означава (4), че едно домакинство има сериозен проблем с поне четири от следните неща:

  • да плаща наем, заема или сметки
  • да отоплява дома си адекватно
  • да посрещне неочаквани разходи
  • да яде месо поне през ден
  • да си позволи една седмица почивка
  • телевизор
  • миялна машина
  • телефон
  • кола
  • Процентът българи, които декларират, че не могат да посрещнат неочаквани разходи е около 69% за 2012 при 40% средно за ЕС. 52% от българите заявяват, че не могат да си позволят месо или риба всеки втори ден при 12% средно за ЕС. 44.9% заявяват, че не могат да си затоплят дома адекватно. Тук изброявам само цифри. Познавам малко хора, които биха си признали, че могат да си позволят едноседмична почивка където и да е, независимо, че го правят дори два пъти годишно. То нашето море почивка ли е? Или в планината?

    Около 45% (5) от българите са отговорили, че имат проблем с 4 или повече от изброените горе неща. Вие си преценете доколко това е реално. На практика този компонент е отговорен за високия процент на целия индекс. Другите два са значително ниски и ни поставят ако не в средното за ЕС, то поне малко над средното.

    Домакинство с ниска трудова интензивност

    Това е сложен термин обясняващ (6), че семейството е предимно безработно. Под „предимно“ се разбира, че общо за годината се събират не повече от 4-5 месеца работа за семейство с двама възрастни в трудоспособна възраст. Този индикатор показва каква част от населението живее в такива семейства.

    По всички индикатори (7) сме на добри позиции в Европа. При самотните възрастни – 24.3% сме по-добре от Белгия, Дания, Финландия и Англия. При самотните родители с деца – 35.4% изпреварваме Белгия, Гърция, Малта и Англия. При най-честия случай – двама родители с деца – 8.2% и сме по-добре от Хърватска, Белгия и Гърция. Единствено при двама възрастни с три или повече деца сме на най-ниското ниво, най-вероятно заради сериозната безработица при ромите. Средното ниво на всички тези показатели обаче ни поставя пред доста европейски държави.

    Е да, ама сме бедни

    Абсолютно. Няма спор, че заплатите, пенсиите, социалните плащания и свободния капитал след всички разходи за живот са най-ниски в Европа. Индексът „Риск от бедност или социално изключване“ обаче не мери това. Той мери каква част от населението обективно получава доста по-малко от останалите или декларира, че има проблем с основни нужди.

    В България индексът се припокрива почти изцяло с деклариралите, че не могат да си затоплят къщата, че не могат да си позволят едноседмична почивка и че не могат да си позволят месо или риба всеки втори ден. За първото бях спорил преди. Липсата на изолация и свободен пазар на енергия е сред основната причина за проблемите с отоплението, но има го и момента с възприятието. Всъщност всяко изследване включващо анкета за личното възприятие според мен трябва да се нормализира спрямо индекса на щастието, колкото идиотски да е той сам по себе си.

    Най-вече, трябва да имаме едно наум като четем за подобни индекси и съответно журналистите трябва да внимават какво пишат и как интерпретират данните. Днес Иван Бедров писакак читателите не трябва да вярваме на очевидно идиотските новини. Как трябва да сме критични и да се замисляме преди да споделяме нещо. Да, наистина филтърът не трябва да е само при журналистите, а най-вече при читателите. Ние като потребители на новини трябва да награждаваме или наказваме на база качеството. В същото време новини като тези, които споменах в началото, са значително по-трудни за отсяване. Първо, защото повечето хора не разбират грам от статистика, но най-вече защото не всеки читател има време да се рови в дефинициите на Евростат кое какво означава.

    Най-лошо обаче е, че такива гръмки заглавия, дори да ги пренебрегваме, изкривяват възприятието ни за нещата. Който и да питате по улицата ще ви каже, че всички в България живеят в немотия, освен ония няколко дето много крадат. Всеки вярва, че средната продължителност на живота от над 70 години е глупост, защото, виждаш ли, всички негови починали познати са били около 50-60. Докато пиша това пуснах бърза анкета във Facebook – не колко от познатите ми са в горния индекс, а каква е преценката им за процента българи в риск. Цитираните цифри бяха 60, 70 и дори 80%. Реално са доста по-малко от това, а тук дори не включваме сивата икономика.

    Това крайно песимистично възприятие не почива очевидно на цифри или факти, а на масово наложената депресия. Лошите новини стряскат, продават и привличат, но страничният им ефект е, че изкривяват възприятието. Така сме склонни да вярваме на всякакви крайно лоши и натрапчиво идиотски новини. Защото Не!Новините започнаха да приличат на истински съдейки по заглавията на уж сериозните медии. Не защото са, а защото просто ги възприемаме така.

    Дефиниции и данни:
    (1): Risk of poverty or social exclusion
    (2): Risk of poverty
    (3): Equivalised disposable income
    (4): Material deprivation
    (5): Material deprivation and low work intensity statistics
    (6): Persons living in households with low work intensity
    (7): Proportion living in households with very low work intensity 2012

    TorrentFreak: MP3Juices Recovers From UK Police Shutdown With New Domain

    This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

    mp3juicesOver the past few months City of London’s PIPCU anti-piracy unit has been working together with copyright holders to topple sites that provide or link to pirated content.

    One of the most-used tactics is to contact domain name registrars, asking them to suspend allegedly infringing domain names. This has resulted in the “shutdown” of a few pirate sites, with the MP3 search engine MP3Juices one of the most recent targets.

    With millions of visitors each month MP3Juices was one of the largest sites of its kind, but that changed in September when the site lost its domain name. After the suspension weeks went by without a sign of life from the operators, until this weekend.

    Yesterday MP3Juices returned using a new .to domain name. The surprise comeback was announced through the site’s official Facebook page. “We are back:) www.mp3juices.to. Have fun, post any errors/problems below,” the status update reads.

    The unexpected resurrection was welcomed by many of the site’s followers, who were delighted to see their favorite MP3 search engine back in action.

    MP3Juices is back
    facebook-comments

    At the moment it’s unclear why it took more than a month for the site to move to a new domain. TorrentFreak asked the MP3Juices team for a comment on the comeback and their future plans, but they have yet to respond.

    While PIPCU’s domain name suspension was bypassed by MP3Juices, it certainly wasn’t without damage. The site has lost most of its users, with many going to MP3Juices.cc, a site that launched last month.

    The MP3Juices.cc team informed TF that they created their site for those who miss the old site. It offers a search engine similar to the original service, and has grown to 150,000 daily visitors in just a few weeks.

    So the end result of PIPCU’s actions is that they damaged one site, but inspired the launch of another. Whether the actions of the police have actually resulted in less copyright infringement is doubtful, as availability of pirated content has increased.

    Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

    Darknet - The Darkside: Facebook Allows Tor Access To Site

    This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

    Facebook started out blocking users of the Tor network in 2013, but have recently had a change of mind and now Facebook allows Tor access to the site even providing a special .onion address for users of the network to directly connect to Facebook infrastructure. It’s an interesting decision as many of the Facebook ‘security […]

    The…

    Read the full post at darknet.org.uk

    Блогът на Юруков: Да си изфабрикуваме скандал

    This post was syndicated from: Блогът на Юруков and was written by: Боян Юруков. Original post: at Блогът на Юруков

    цик франкфурт людмила шнайдер избори вас  bylgariq

    Представете си, че отивате на празненство – парти, среща на класа или нещо подобно. Познавате доста от присъстващите, но има предимно непознати лица. Тиха музика, приятни разговори. Всичко минава добре, прибирате се вкъщи и почти забравяте за него. След няколко дни научавате, че на партито е било ужасно, масово са били обрани чанти, едно момиче е било пребито, а вместо тихата музика, която си спомняте, се е дънила мазна чалга. Всичко това ви се струва странно, разпитвате познатите си, които сте срещнали там и всички са също толкова изненадани. Споменавате на няколко места, че това са глупости и набързо ви обвиняват, че вие сте крали чанти, че сте поръчвали чалгата и че прикривате онези пребили момичето.

    Какво?

    Приблизително това се случва в последните 6 месеца около изборите във Франкфурт, Германия. От Европейските избори насам се въртят истории за изборни измами, контролиран вот от страна на наблюдатели и доброволци, купуване на гласове и дори лични заплахи към член на комисия. Всички тези нападки се подкрепят по-късно с жалби до ЦИК и съда.

    Честно казано от самото начало си обещах да не се занимавам с всичко това. Мислех, че ако не се дава публичност на нечии глупости, то те ще бъдат отхвърлени от общественото съзнание като такива. Оказа се обаче точно обратното – от думите на няколко души се изфабрикува скандал, който беше постепенно украсяван и доразвиван. Тъй като много като мен не им се занимаваше, тези думи останаха единствената история висяща в пространството и бяха превърнати във факт. Сто пъти повторена лъжа и прочие.

    Какво точно?

    Под статията съм описал хронологията на всички жалби и решенията по тях. От тях и протоколите стават ясни няколко неща. Почти всички жалби за нарушения в изборите във Франкфурт са отхвърлени. ЦИК не потвърждава, че е имало нарушения, а отхвърля проект за решение написан от един неин член. Този проект и твърденията в него обаче се тиражират като факт. Жалбата до ВАС е подадена след законовия срок с ясното съзнание, че ще бъде отхвърлена. Две жалби подадени 6 месеца след евроизборите са написана сякаш нарочно така, че да бъдат отхвърлени – не съдържат никаква фактология и възможност да бъдат ясно идентифицирани евентуалните нарушители. И накрая, жалбата за отказ да се гласува срещу председателката на комисията Людмила Шнайдер се разглежда сега от прокуратурата.

    Тук може да добавим и становището на останалите членове на секционната комисия, че единственият проблем по време на изборите е било държанието на Шнайдер. Това се подкрепя от наблюдателите на изборите, включително онези от партията, която я е предложила за председател. Никой от присъствалите на самите избори пък не е видял купуването на гласове и контролирания вот, за който се говори в сигналите на Шнайдер, роднините и приятелите ѝ. Самият аз останах доста време пред секцията на евроизборите, за да говоря с познати в опашката и със сигурност мога да кажа, че определенията в последните две жалби са пълна глупост.

    Къде е проблемът?

    Сега би трябвало да разбирате защо започнах с историята за партито. Макар никой да не е видял някакви нарушения, освен тези на самата председателка, реално не може да се твърди, че такива е нямало. Странно е обаче, че всички жалби са подадени като ответна реакция на предишни сигнали – часове, дни и месеци по-късно. Цитирането на един отхвърлен проект на ЦИК като фактология, непознаването на процедурите и изискванията в Избирателния кодекс нямат значение при създаването на една сензация. Отхвърлянето на жалби като неоснователни или закъснели се представя като дългата ръка на мафията, която брани статуквото.

    Няма дим без огън. За обзетото ни от цинизъм общество това е основна максима. Затова въобще не е нужно да доказваш нещо или някой да отсъди, че си прав. Достатъчно е да пуснеш достатъчно димки, за да решат всички, че огънят е факт. Журналистите ще го поемат с охота и също както с наводненията, ще показват несвързани преекспонирани кадри, за да илюстрират история, която вероятно не съществува. Скандалите донасят зрители. Отхвърлените жалби до ЦИК – не. Скандали на етническа основа носят подкрепа на отделни партии. Жалбите за нарушения срещу членове на комисии и наблюдатели от същите тези парии – по-скоро не.

    За насъщната драма се борим

    Ситуацията е малко дума срещу дума. При толкова ниско доверие в ЦИК и съда и принципната им непоследователност е съвсем естествено да не виждаме авторитет в отсъжданията им. В тази среда всяко обвинение – безпочвено или не – набира сила и популярност. Това пречи също толкова на демократичния процес, колкото и несанкционираните случаи на контролиран вот и изборни измами.

    Бях си обещал да не се занимавам със случая и навярно не трябваше. Всичко обаче започна от едно обаждане малко след евровота и някак се разви пред очите ми в последните месеци. Работил съм доста по организацията на изборите в чужбина и знам колко е трудно да се направи всичко както трябва. Учудващо е обаче колко лесно личните предразсъдъци на един човек могат да нанесат толкова вреда. Затова реших да пусна всичко. Документите са публични. Който му се чете – да чете и да си направи изводите. За останалите остава медийната драма и патос.


    Хронология на жалбите и решенията по тях:

  • 25.05 – Евроизбори във Франкфурт. Изборният ден преминава спокойно. Няма никакви жалби и забележки в протоколите на двете секции – тук и тук
  • 27.05 – получавам обаждане от председателката на едната комисия Людмила Шнайдер, че иска да пусне жалба срещу доброволците пред секцията помагащи с декларациите. Повече за разговорa ще намерите тук. Предлага да подпиша нейната жалба „за повече тежест“ и отказвам, защото не съм съгласен с твърденията ѝ.
  • 28.05-12.06 – пусна ти са три приблизително идентични сигнала описващи контролиран вот, кражба на лични данни, фалшиви документи (надраскана лична карта) и нарушения от страна на консула. Един от сигналите е Людмила Шнайдер и баща ѝ – членове на комисията и подписали се по-рано, че няма никакви нарушения на изборния процес – ЕП-22-757, ЕП-22-766, ЕП-22-757, ЕП-22-781
  • 13.06 – писмо от изпълняващия длъжността консул Иван Йорданов във Франкфурт до Външно и ЦИК относно обвиненията в сигналите описващо какво е направило консулството в изборния ден – ЕП-04-01-133
  • 18.06 – възражение на Людмила Шнайдер срещу писмото на Йорданов цитиращо дискусията ми с нея на личната ми страница във Facebook – ЕП-22-757
  • 19.06 – предложение от единия член на ЦИК за решение по жалбите е отхвърлено с мнозинство – 605-ЕП
  • 23.06 – жалба до ВАС срещу решението на ЦИК. Адвокат е Капка Гергинова – ЕП-08-29
  • 26.06 – ВАС отхвърля жалбата, защото е подадена повече от 3 дни след решението на ЦИК. Определението не подлежи на обжалване – 8435-2014
  • 05.10 – две жалби от Людмила Шнайдер, че в секцията са допуснати наблюдатели на Атака без обозначителен бадж и че изпълняващ длъжността консул Иван Йорданов е използвал груб и заплашителен тон в личен разговор. Първата жалба е била в 13:24, а втората – три часа и половина по-късно описваща събития случили са преди първата жалба. Интересното в случая е, че тя е председател на комисията, тоест първият сигнал го подава срещу себе си. Вторият сигнал пък е бил за това, че Йорданов ѝ е отбелязал, че има наблюдатели на Атака без бадж и ако не предприеме действия като председател, ще подаде сам сигнал до ЦИК. Въпросните наблюдатели са двама от подалите жалби заедно с Шнайдер на европейските избори (точка 3) – С-75 и С-145-222
  • 05.10 – протоколът на едната секция завършва без забележки. В протокола на секцията на Шнайдер е записано, че е подала жалба директно до ЦИК и твърденията в тази жалба не са били представени и обсъждани в СИК-а – тук и тук
  • 13.10 – декларация от останалите четирима членове на СИК-а до ЦИК и Външно описващи изборния ден като „спокоен и законосъобразен“. Благодарят на служителите на консулството и консула Йорданов за помощта и отбелязват, че за съжаление Шнайдер „не допринесе за създаване на колегиална атмосфера и условия за своевременно приключване на работата в комисията“ – тук (получена от член на ЦИК)
  • 13.10 – жалба/питане от Андрей Златинов срещу Людмила Шнайдер за отказ от гласуване. В жалбата се казва, че е бил върнат, защото е написал немския си адрес на латиница, а след това, защото не е носил със себе си немска адресна регистрация. Нито едно от тези изисквания не присъства в ИК. От двете секции единствено в едната по нареждане на Людмила Шнайдер са връщали хора за тези неща. Следвайки стандартната процедура, ЦИК изпраща сигналът до прокуратурата и Външно – НС-00-502
  • 20.10 – Людмила Шнайдер изпраща жалба срещу решението на ЦИК да изпрати сигнала срещу нея в прокуратурата. Интересното в случая е, че нито жалбата на Златинов е публикувана тогава на страницата на ЦИК, нито има публично решение за изпращането. Това е стандартна практика в такива случаи. Въпреки това Людмила незнайно как е научила за сигнал срещу себе си и протестира срещу процедурата. ЦИК решава да не разглежда жалбата ѝ – НС-1348
  • 21.10 и 22.10 – Постъпват два идентични сигнала за европейските избори от две жени твърдейки, че „30-33 годишен мъж“ им е предложил 120 евро да гласуват за ДПС и след като са отказали „защото са патриоти“, им е било отказано да гласуват, защото не носят адресна регистрация. Жалбите също така описват „бит пазар“ за купуване на гласове пред секцията и автобуси с български турци дошли да гласуват. Текстовете не включват конкретни имена или описание на участниците в целия този пазар, правещи невъзможно идентифицирането на който и да е било от жалбата. Обяснението за 6-те месеца закъснение е „поради провокация от лужите в интернет пространството“ (запазил съм правописа) – ЕП-22-803, ЕП-22-804
  • The Hacker Factor Blog: Parasites

    This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

    Every now and then, old security concepts resurface as if they were something new. Recently, I’ve been seeing a lot more activity related to parasitic attachments in pictures.

    A parasitic attachment, or parasite, is an unrelated file that is simply attached to another file. With pictures, it is an unrelated chunk of data attached to the image file. When rendering a picture, the parasite is ignored. And when transferring the picture, the parasite follows along for the ride.

    Attaching Parasites

    To understand how this works, let’s focus on JPEG. Every JPEG has a header, information related to decompression settings, and the compressed binary image stream. The stream has a well-defined start and a well-defined end. When rendering pictures, your graphics program stops at the end of stream marker. It doesn’t look beyond that point, so anything attached after the JPEG becomes ignored information.

    There’s actually a lot of information that may be intentionally stuffed after the image. Some vendors store thumbnail images after the main image. Back in 2010, I pointed out that some Android devices store operating system information after the picture.

    Parasites are not limited to JPEG formats. Virtually every image format out there has a well-defined “end”, and rendering programs stop when they hit the defined end. PNG, BMP, and even GIF can all have parasites without impacting how the picture is rendered. There’s even a nice tutorial from 2010 for how to attach a parasite. And a similar tutorial from 2006. (And I remember doing this type of thing back in 1992, and it definitely wasn’t “new” back then.) Creating a parasitic attachment is literally as easy as appending data to an existing JPEG.

    Parasites are not limited to the end of the file. They may be stuffed in comment fields, proprietary data blocks, and other unused areas in the picture file format. Both JPEG and PNG support custom data blocks. If the rendering software doesn’t support the custom data block, then the block is ignored. For parasites, you just define your own custom data block and expect it to be ignored.

    Finally, there is the payload carried by the parasite. At FotoForensics, about 0.05% (yes, less than a tenth of a percent) of all files contain some kind of parasitic attachment. Zip files, RAR files, 7zip, and text are all common. But I’ve also seen PDF, PKCS7 certificates, encrypted data, word documents, unrelated pictures, and much more. In September 2014, FotoForensics received 34,206 unique file uploads. Of those, 17 files have parasites that my software readily identifies. Most of the parasites were zip files, but there were also a few RAR files and other types of data.

    Hamster Dance

    As an example, the following picture was uploaded to FotoForensics on 1-Sept-2014.

    This file looks like a picture of some hamsters. But inside JPEG file is a parasitic zip file stuffed in an APP1 data field. This non-standard APP1 data block is ignored when the image is rendered. Even program like ExifTool and exiv2 ignore the unknown binary block. However, the APP1 data definitely contains a zip file and most zip programs will happily unzip it without even extracting it from the JPEG. Inside the zip file is another picture that gives clues to some GPS coordinates.

    This hamster picture actually came from a geo-caching forum. In fact, most of the files with parasites at FotoForensics come from geo-caching forums.

    “Why geo-caching?” They love puzzles. It used to be fun to give someone GPS coordinates and let them see if they could find some prize at the physical location. When that was too simple, they began to use remote coordinates — get ready for a three-hour hike or a mountain climb. When remote locations became too easy, they began to hide the objects — you might need to bring a shovel or a flashlight to find the prize. Then they began to turn the coordinates into puzzles: if you can solve the puzzle, then you will find the coordinates. Today? Hard-core steganography. First you have to find the puzzle. Then you have to solve it. Then you have to go to the coordinates (where there may be more puzzles) until you find the final prize. Seriously — if you want to see steg in real life, watch the geo-caching community.

    As an aside, one of my friends keeps saying that we should start up a get-rich-quick business. Since FotoForensics receives lots of these geo-caching puzzles, we should solve them first and park a food truck at the prize location. You just know the players will be hungry when they get there.

    Chimeric Parasites

    Last month I read about a proof-of-concept tool that will turn a JPEG into a PDF or PNG file after applying AES or 3DES cryptography. Corkami works by using parasitic attachments. Specifically, they encrypt a PNG file and PDF, one with AES and the other with 3DES.

    With many cryptographic algorithms, decrypting an already decrypted file is just another way to encrypt data. The results are binary data that can only be restored by encrypting the file.

    After encrypting (technically, decrypting) the PNG and PDF, they store them in the JPEG. The example encodes the encrypted PNG at the beginning of the JPEG (in a comment) and the PDF as a huge binary parasite at the end of the JPEG.

    The hard part for all of this is choosing the right key for all of the cryptography. The AES key is chosen so that it generates a proper PNG header (8 bytes) when given the JPEG header as input. Applying AES encryption to the JPEG creates a PNG header, some binary junk, and then decodes the encrypted PNG data. This results in a valid PNG with binary crud that is ignored by any graphics software.

    Similarly, the 3DES key is chosen to generate the PDF header (8 bytes). And the encoded 3DES PDF is placed at the end of the JPEG. This way, the 3DES encoding reconstructs a PDF. And since PDFs start parsing at the end of the file, the binary garbage at the beginning of the file (created from the JPEG) is ignored and the entire thing looks renders a valid PDF.

    Infectious Behavior

    Discussions about parasitic attachments seem to come up annually. Last year, some researcher discovered that they could hide PHP or Perl or other types of code in text comment fields. If your web site processes back-end server scripts, displays JPEG comments, and isn’t careful about protecting output when displaying image comments, then this could run code on the server. (FotoForensics has captured plenty of examples of these hostile comment fields, and I’ve been seeing this sort of thing for years; the announcement last year may be new to them, but it wasn’t new.)

    Keep in mind, hiding malware in a parasitic attachment is not the same as renaming an EXE to “JPEG” and emailing it as an attachment. (“Just double click on the picture!”) A properly created parasite will not interfere with the host image. Just renaming an executable to “.jpg” does not make it a parasite.

    Harmless Parasites

    There’s a difference between steganography and cryptography. Cryptography refers to making data inaccessible. You can see the data, but you cannot understand it. Steganography refers to making data hard to find. But if you find it, you may be able to immediately understand it.

    Parasitic attachments are one form of steganography. However, as hiding places go, they are relatively easy to detect. Anyone parsing the file format will see a large, non-standard binary blob buried in the file. While your friends may not readily notice these large binary chunks stuffed in your pictures, forensic investigators are likely to find the hidden data very quickly. If you’re doing something malicious and investigators see these parasitic attachments, then they may be interpreted as “intent” to hide activities. (I’m not an attorney; if you find yourself in this situation, then you should get an attorney.)

    Parasites are also trivial to remove. I frequently mention “resaved” images. That’s where a picture is decoded and then re-encoded as it is saved to a new file. Facebook resaves pictures. Twitter resaves pictures. And nearly every online picture sharing service that scales pictures also performs a resave. The simple action of resaving an image is enough to remove parasites. (I am pretty certain that Facebook and Twitter resave pictures as an explicit method for removing metadata, including any parasites.)

    As far as the threat level goes, these parasitic attachments are explicitly hiding. They won’t activate on a double-click and, with few exceptions, remain passive and unnoticed. In order to use the data, you must know it is there and know how to extract the content.

    Even though the technique has been around for decades, I still think finding parasites within pictures is a treat. You never know what you’re going to find. (I have no idea what “APdb6″ means, but GrrCon sounds like a fun conference.)

    Linux How-Tos and Linux Tutorials: Three Outstanding Music Streaming Clients for Linux

    This post was syndicated from: Linux How-Tos and Linux Tutorials and was written by: Jack Wallen. Original post: at Linux How-Tos and Linux Tutorials

    If you’re a lover of music and Linux, you’re in for a treat. As streaming music services slowly take over as the means for listening to your favorite tunes, the Linux platform has quickly matured into an outstanding ecosystem for that very purpose. With plenty of streaming servers, everyone knows how powerful Linux is at serving up tunes…but did you know it was equally powerful at playing those streaming services?

    spotify

    That’s right, Linux can get that music stream to your desktop in many ways. If you’re a lover of Spotify, Pandora, Last.fm, SoundCloud…you name it, there’s a way to stream that music. But don’t think you’re limited to using a web browser. Linux has clients, and plenty of them.

    I want to highlight what I consider to be some of the best streaming music clients for Linux. Some of these are a one-trick pony, while others allow for the streaming of multiple services. Either way, you’ll be rockin’ open source on your desktop of choice.

    1. Spotify 

    I must confess that I am a Spotify premium subscriber. I listen to this streaming server pretty much all day at my desk. What I really like about Spotify (other than the CD-quality streaming) is the client (Figure 1). It’s incredibly simple to use, offers all the features you need for streaming. With it, you can search for artists and other users, follow artists, add songs/albums to custom playlists, and much more. With the Spotify client, you can also add your own local music sources.

    Though Linux is not an officially supported platform for Spotify, installing Spotify on Linux is actually quite simple. I’ll demonstrate on the Ubuntu platform (specifically, Ubuntu 14.04). Here are the commands, to be run in a terminal window, to install the Spotify client:

    • sudo apt-add-repository -y “deb http://repository.spotify.com stable non-free”

    • sudo apt-key adv –keyserver keyserver.ubuntu.com –recv-keys 94558F59

    • sudo apt-get update

    • sudo apt-get install spotify-client

    Once the client is installed, you will find the Spotify launcher in the Unity Dash. Start it up and then log into your Spotify account. The client allows you to log in via Facebook or using a Spotify username/password. You may have to log onto Spotify via Facebook on the web-browser client and then set up a device username/password. This is done under your profile (you’ll see the link for “Set a password for your devices”). The username will be a string of random numbers and you have to send your default email address a link in order to set the password.

    2. Pithos

    This simple Pandora streaming client has long been one of my favorite streaming tools. With an incredibly easy-to-use interface, and the ability to add new stations (based on artists) and even select a quick mix (based on your current listing of stations). The best aspect of Pithos is its stripped-down interface (Figure 2). There are few bells and whistles here, just pure Pandora streaming goodness.

    pithos

    To install Pithos, issue these commands in a terminal window (again, illustrating on the Ubuntu platform):

    • sudo add-apt-repository ppa:pithos/ppa

    • sudo apt-get update

    • sudo apt-get install pithos

    Once installed, you’ll find the launcher in the Unity Dash. Fire up Pithos and you’ll be prompted to log into your Pandora account. Once logged in, you can start creating stations. Here’s how:

    1. Click the Pithos button (it doesn’t actually look like a button, just the word Pithos over the Play button — design flaw?)

    2. Click Stations

    3. Click Add Station 

    4. Enter an artist name

    5. Click Search

    6. Select the artist from the results

    7. Click OK

    8. Click Close.

    Once the station has been added, you can select it from the drop-down on the upper right corner. You can also select Quick Mix to get a shuffled playlist of songs from your stations.

    3. Clementine

    By far, my favorite tool for listening to music is Clementine (Figure 3). There are a lot of reasons to love this player (built-in equalizer, easy to handle playlists, etc.), but the inclusion of streaming services helps edge this to the top for me. Clementine can stream:

    • Digitally Imported

    • Icecast

    • Jamendo

    • Last.fm

    • Google Drive

    • Grooveshark

    • JAZZRADIO.com

    • Magnatune

    • Podcasts

    • Radio GFM

    • ROCKRADIO.com

    • SKY.fm

    • SomaFM

    • Soundcloud

    • Spotify

    • Subsonic

    • Dropbox

    • Skydrive

    • Box.

     clementine

    And with its ridiculously easy playlist setup, it makes for creating a streaming sampler very user-friendly.

    Because of licensing, some of the above requires a bit of work. Let me illustrate how to get Clementine streaming Spotify. Here are the steps you need to take (illustrating on 64-bit Ubuntu):

    1. Close Clementine (make sure the Clementine icon isn’t appearing in your panel)

    2. Open a terminal window

    3. Create a new directory with the command: mkdir -p -m 775 ~/.config/Clementine/spotifyblob/version14-64bit/

    4. Change to the newly created directory: cd ~/.config/Clementine/spotifyblob/version14-64bit/

    5. Download the Spotify plugin: wget http://spotify.clementine-player.org/version14-64bit/blob

    6. Download the second file for the plugin: wget http://spotify.clementine-player.org/version14-64bit/libspotify.so.12.1.45

    7. Change the permissions for the file: chmod 775 blob libspotify.so.12.1.45

    8. Rename the file: mv libspotify.so.12.1.45 libspotify.so.12

    Open Clementine and click on the Internet button in the left navigation. Right-click the Spotify entry and select Configure Spotify. You’ll need to enter your Spotify username and password. You cannot log into Spotify with Facebook credentials here. You must set up device username/password via your Spotify account (as mentioned earlier). Once authentication succeeds, you should be able to double-click the Spotify entry in Clementine’s left navigation and see all of your playlists, top tracks, Inbox, and more. The one thing you will not find is your saved artists. If you have favorite artists, you want to add their albums to playlists — otherwise you won’t see them. You also cannot search Spotify through Clementine (it’s best use is playing music from your current crop of Spotify playlists). But with Clementine’s outstanding EQ, you can match the quality of sound to your liking (something you cannot do on the Spotify client).

    Linux is not short on multimedia tools. If you’re looking for a reliable platform with which to stream music, you would be remiss to not give the Linux desktop a try. Although this piece just barely scratches the surface of streaming clients, you should now see that there are plenty of options available.

    TorrentFreak: U.S. Government Shuts Down Music Sharing Sites

    This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

    IPRC_SeizedDuring the spring of 2010 U.S. authorities started a campaign to take copyright-infringing websites offline.

    Since then Operation in Our Sites has resulted in thousands of domain name seizures and several arrests. While most of the sites are linked to counterfeit goods, dozens of “pirate” sites have also been targeted.

    After a period of relative calm the authorities appear to have restarted their efforts with the takedown of two large music sites. RockDizFile.com and RockDizMusic.com, which are connected, now display familiar banners in which ICE takes credit for their demise.

    “This domain has been seized by ICE- Homeland Security Investigations, pursuant to a seizure warrant issued by a United States District Court under the authority of 18 U.S.C. §§ 981 and 2323,” the banner reads.

    TorrentFreak contacted ICE yesterday for a comment on the recent activity but we have yet to receive a response.

    The domain names are now pointing to the same IP-address where many of the previously seized websites, such as torrent-finder.com and channelsurfing.net, are directed. Both domain names previously used Cloudflare and had their NS entries updated earlier this week.

    Despite the apparent trouble, RockDizFile.com and RockDizMusic.com’s Twitter and Facebook pages have remained silent for days.

    RockDizMusic presented itself as an index of popular new music. Artists were encouraged to use the site to promote their work, but the site also featured music being shared without permission, including pre-release tracks.

    RockDizMusic.com
    rockdizmusic

    RockDizFile used a more classic file-hosting look, but with a 50MB limit it was mostly used for music. The site offered premium accounts to add storage space and remove filesize and bandwidth limitations.

    RockDizFile.com
    rockdizfile

    Both websites appear to have a strong focus on rap and hip-hop music. This is in line with previous ICE seizures which targeted RapGodFathers.com, RMX4U.com, OnSmash.com and Dajaz1.com.

    The latter was seized by mistake. The record labels failed to deliver proof of alleged infringements to the authorities and after a long appeal the domain was eventually returned to its owners.

    This incident and the general lack of due process of ICE’s domain seizures has led to critique from lawmakers and legal scholars. The authorities are nevertheless determined to keep Operation in Our Sites going.

    “Operation In Our Sites’ enforcement actions involve federal law enforcement investigating and developing evidence to obtain seizure warrants from federal judges,” ICE states on its website.

    Once a credible lead comes in ICE says it “will work with the U.S. Department of Justice to prosecute, convict, and punish individuals as well as seize website domain names, profits, and other property from IP thieves.”

    At this point it’s unclear whether ICE has targeted any of the individuals connected to RockDizFile.com and RockDizMusic.com or whether the unit has taken down any other sites in a similar fashion.

    Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

    The Hacker Factor Blog: By Proxy

    This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

    As I tweak and tune the firewall and IDS system at FotoForensics, I keep coming across unexpected challenges and findings. One of the challenges is related to proxies. If a user uploads prohibited content from a proxy, then my current system bans the entire proxy. An ideal solution would only ban the user.

    Proxies serve a lot of different purposes. Most people think about proxies in regards to anonymity, like the TOR network. TOR is a series of proxies that ensure that the endpoint cannot identify the starting point.

    However, there are other uses for proxies. Corporations frequently have a set of proxies for handling network traffic. This allows them to scan all network traffic for potential malware. It’s a great solution for mitigating the risk from one user getting a virus and passing it to everyone in the network.

    Some governments run proxies as a means to filter content. China and Syria come to mind. China has a custom solution that has been dubbed the “Great Firewall of China“. They use it to restrict site access and filter content. Syria, on the other hand, appears to use a COTS (commercial off-the-shelf) solution. In my web logs, most traffic from Syria comes through Blue Coat ProxySG systems.

    And then there are the proxies that are used to bypass usage limits. For example, your hotel may charge for Internet access. If there’s a tech convention in the hotel, then it’s common to see one person pay for the access, and then run his own SOCKS proxy for everyone else to relay out over the network. This gives everyone access without needing everyone to pay for the access.

    Proxy Services

    Proxy networks that are designed for anonymity typically don’t leak anything. If I ban a TOR node, then that node stays banned since I cannot identify individual users. However, the proxies that are designed for access typically do reveal something about the user. In fact, many proxies explicitly identify who’s request is being relayed. This added information is stuffed in HTTP header fields that most web sites ignore.

    For example, I recently received an HTTP request from 66.249.81.4 that contained the HTTP header “X-Forwarded-For: 82.114.168.150″. If I were to ban the user, then I would ban “66.249.81.4”, since that system connected to my server. However, 66.249.81.4 is google-proxy-66-249-81-4.google.com and is part of a proxy network. This proxy network identified who was relaying with the X-Forwarded-For header. In this case, “82.114.168.150” is someone in Yemen. If I see this reference, then I can start banning the user in Yemen rather than the Google Proxy that is used by lots of people. (NOTE: I changed the Yemen IP address for privacy, and this user didn’t upload anything requiring a ban; this is just an example.)

    Unfortunately, there is no real standard here. Different proxies use different methods to denote the user being relayed. I’ve seen headers like “X-Forwarded”, “X-Forwarded-For”, “HTTP_X_FORWARDED_FOR” (yes, they actually sent this in their header; this is NOT from the Apache variable), “Forwarded”, “Forwarded-For-IP”, “Via”, and more. Unless I know to look for it, I’m liable to ban a proxy rather than a user.

    In some cases, I see the direct connection address also listed as the relayed address; it claims to be relaying itself. I suspect that this is cause by some kind of anti-virus system that is filtering network traffic through a local proxy. And sometimes I see private addresses (“private” as in “private use” and “should not be routed over the Internet”; not “don’t tell anyone”). These are likely home users or small companies that run a proxy for all of the computers on their local networks.

    Proxy Detection

    If I cannot identify the user being proxied, then just identifying that the system is a proxy can be useful. Rather than banning known proxies for three months, I might ban the proxy for only a day or a week. The reduced time should cut down on the number of people blocked because of the proxy that they used.

    There are unique headers that can identify that a proxy is present. Blue Coat ProxySG, for example, adds in a unique header: “X-BlueCoat-Via: abce6cd5a6733123″. This tracking ID is unique to the Blue Coat system; every user relaying through that specific proxy gets the same unique ID. It is intended to prevent looping between Blue Coat devices. If the ProxySG system sees its own unique ID, then it has identified a loop.

    Blue Coat is not the only vendor with their own proxy identifier. Fortinet’s software adds in a “X-FCCKV2″ header. And Verizon silently adds in an “X-UIDH” header that has a large binary string for tracking users.

    Language and Location

    Besides identifying proxies, I can also identify the user’s preferred language.

    The intent with specifying languages in the HTTP header is to help web sites present content in the native language. If my site supports English, German, and French, then seeing a hint that says “French” should help me automatically render the page using French. However, this can be used along with IP address geolocation to identify potential proxies. If the IP address traces to Australia but the user appears to speak Italian, then it increases the likelihood that I’m seeing an Australian proxy that is relaying for a user in Italy.

    The official way to identify the user’s language is to use an HTTP “Accept-Language” header. For example, “Accept-Language: en-US,en;q=0.5″ says to use the United States dialect of English, or just English if there is no dialect support at the web site. However, there are unofficial approaches to specifying the desired language. For example, many web browsers encode the user’s preferred language into the HTTP user-agent string.

    Similarly, Facebook can relay network requests. These appear in the header “X-Facebook-Locale”. This is an unofficial way to identify when Facebook being use as a proxy. However, it also tells me the user’s preferred language: “X-Facebook-Locale: fr_CA”. In this case, the user prefers the Canadian dialect of French (fr_CA). While the user may be located anywhere in the world, he is probably in Canada.

    There’s only one standard way to specify the recipient’s language. However, there are lots of common non-standard ways. Just knowing what to look for can be a problem. But the bigger problem happens when you see conflicting language definitions.

    Accept-Language: de-de,de;q=0.5

    User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; it-it; SAMSUNG SM-G900F/G900FXXU1ANH4 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.6 Chrome/28.0.1500.94 Mobile Safari/537.36

    X-Facebook-Locale: es_LA

    x-avantgo-clientlanguage: en_GB

    x-ucbrowser-ua: pf(Symbian);er(U);la(en-US);up(U2/1.0.0);re(U2/1.0.0);dv(NOKIAE90);pr
    (UCBrowser/9.2.0.336);ov(S60V3);pi(800*352);ss(800*352);bt(GJ);pm(0);bv(0);nm(0);im(0);sr(2);nt(1)

    X-OperaMini-Phone-UA: Mozilla/5.0 (Linux; U; Android 4.4.2; id-id; SM-G900T Build/id=KOT49H.G900SKSU1ANCE) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30

    If I see all of these in one request, then I’ll probably choose the official header first (German from German). However, without the official header, would I choose Spanish from Latin America (“es-LA” is unofficial but widely used), Italian from Italy (it-it) as specified by the web browser user-agent string, or the language from one of those other fields? (Fortunately, in the real world these would likely all be the same. And you’re unlikely to see most of these fields together. Still, I have seen some conflicting fields.)

    Time to Program!

    So far, I have identified nearly a dozen different HTTP headers that denote some kind of proxy. Some of them identify the user behind the proxy, but others leak clues or only indicate that a proxy was used. All of this can be useful for determining how to handle a ban after someone violates my site’s terms of service, even if I don’t know who is behind the proxy.

    In the near future, I should be able to identify at least some of these proxies. If I can identify the people using proxies, then I can restrict access to the user rather than the entire proxy. And if I can at least identify the proxy, then I can still try to lessen the impact for other users.

    Raspberry Pi: RACHEL-Pi – delivering education worldwide

    This post was syndicated from: Raspberry Pi and was written by: Liz Upton. Original post: at Raspberry Pi

    Liz: If you’re a regular reader, you’ll have noticed more and more frequent mentions over the last year of a piece of kit called RACHEL-Pi. RACHEL is an offline server, run on a Raspberry Pi, full of educational content from teaching curriculums, Khan Academy materials, Wikipedia, classic literature, reference material and textbooks; alongside vital community materials like medical and first aid textbooks.

    We’re very proud to be able to support World Possible’s RACHEL-Pi project through our education fund. It’s being used all over the world in remote places where the internet is unavailable – and this year it’s gone from strength to strength. Here’s Jeremy Schwartz, the Executive Director of World Possible, to show you what they’ve been doing with the project in the last year.

    What an incredible 12 months it has been. World Possible has seen RACHEL-Pi (our Raspberry Pi-based educational server) deployed in scores of countries – often in the most remote of locations – delivering a world of educational content to tens of thousands of students previously far removed from the great online learning tools those of us reading this blog take for granted almost every day.

    1
    2

    4

    How’d we get here?

    It’s worth taking a few seconds to get some history on World Possible’s RACHEL server. In 2009, World Possible (an all-volunteer team, mostly from Cisco) curated a package of creative commons resources (Wikipedia, Khan Academy, CK12 textbooks, and much more) for offline distribution. Coupling the content with open-source web server software, we could create “Remote Area Community Hotspots for Education and Learning,” (“R.A.C.H.E.L.”) – a locally cached web server accessed through any connected web browser (with no need for internet connectivity).

    RACHEL is accessed via a web browser

    RACHEL is accessed via a web browser

    Probably more naïve than anything, an attempted round of pilot projects of RACHEL (which at the time was a power-hungry NAS device) in 2009, in Sierra Leone, failed in pretty dramatic fashion.


    The failure took a real toll on World Possible and forced us to rethink RACHEL distribution, ultimately building a distribution network of partnerships with on-the-ground teams that could do the hard part for us, and many of which still lead the RACHEL distribution charge today:

    UConnect in Uganda and East Africa more broadly - read more

    UConnect in Uganda and East Africa more broadly – read more

    Despite the early successes of those groups, we still didn’t have the final piece of the puzzle that has exploded RACHEL deployment today (development of open-source educational resources + uniform standards of web browsers + proliferation of low cost computing hardware and storage). In comes the Raspberry Pi, giving us the ability to create a plug-and-play webserver and hotspot at a price point that we can distribute to masses of people without any required computer literacy background.

    Is it working? – “Content is king; distribution is King Kong”

    Almost exactly a year ago, a partnership with the Gates-Backed Riecken Libraries in Guatemala and Honduras, as well as a funding leap of faith by a few loved donors and the Rotary Club of Portola/Woodside Valley (CA), allowed us to launch a new phase of World Possible and RACHEL-Pi focused on creating, curating, and distributing relevant content from and within disconnected communities. A good old fashioned sneaker-net, delivering locally relevant (and often locally created) digital educational content to disconnected schools, libraries, orphanages and community centers.


    The World Possible team in Guatemala is now led by Israel Quic, a native Mayan, initially attracted to RACHEL-Pi as a means of preserving and teaching his Mayan heritage and language to local communities.

    Israel Quic presents RACHEL at Campus Tec, the technology department of University de la Valle

    Israel Quic presents RACHEL at Campus Tec, the technology department of University de la Valle

    Israel quickly saw an opportunity to collect more locally relevant agricultural and political resources than we currently distribute as part of our Spanish-language RACHEL-Pi. In April, the fruits of his labor truly began to sprout, when word came from one agricultural community, an early RACHEL-Pi recipient, which built a drip irrigation system out of old plastic bottles after discovering how to do it from a single teacher’s smartphone while researching our Guatemalan content on their RACHEL-Pi.

    A  drip irrigation systems made from old plastic bottles, using how-to content from RACHEL-Pi

    A drip irrigation system made from old plastic bottles, using how-to content from RACHEL-Pi

    The successes only caused us to redouble our efforts. Aided by our local Facebook page, World Possible Guatemala solicits offers of help and requests for RACHEL from across the country.

    Current RACHEL-Pi installations in Guatemala

    Installations of RACHEL-Pi in community centers and libraries are often made available 24/7, enabling anyone with a smart phone to come learn, research, and explore.

    San Lucas Toliman RACHEL-Pi wifi access point

    San Lucas Toliman RACHEL-Pi wifi access point

    Facebook post of Biblioteca Comunitaria Rija’tzuul Na’ooj

    Facebook post of Biblioteca Comunitaria Rija’tzuul Na’ooj

    San Juan del Obispo in Sacatapequéz is an agricultural community where middle school kids are using RACHEL to learn not only how to grow and irrigate, but also how to cultivate mushrooms and make fresh peach jam. Along the way they get business skills as well.


    The mission in Guatemala is still just beginning, but the lessons learned and successes are providing a key roadmap for World Possible. Make available valuable educational resources, supplement them with locally relevant vocational and cultural content, get buy-in from local community volunteers, and distribute… distribute… distribute. The results are truly inspirational.

    What’s next? – “Tell me and I forget, teach me and I may remember, involve me and I learn.”

    Globally, the RACHEL effort is still driven by the hundreds of groups that download RACHEL and distribute independently in their own communities. Everything we do is free to download through our website, FTP site, BitTorrent sync, or even shared Dropbox. The Raspberry Pi has also made it so anyone can do this on their own, a powerful democratization of access to a world-class education.


    World Possible will continue to support these groups through our own volunteer network, through independent advice, and by creating the best package of content available. Even more today, a biweekly newsletter is connecting thousands of RACHEL advocates in nearly 40 countries who have been through the process and can provide best practices to new users locally.


    What excites us most is our ability to replicate the successes that have been achieved in Guatemala. In Micronesia, Professor Hosman and her students curated a RACHEL for the state of Chuuk. She’s now working with Inveneo to deploy RACHEL to the entire region’s network of schools.

    Grace, a teacher at Akoyikoyi School in Chuuk, receives a RACHEL-Pi

    Grace, a teacher at Akoyikoyi School in Chuuk, receives a RACHEL-Pi

    In Kenya and East Africa, thanks to a generous grant from this very Raspberry Pi Foundation, we’ve just completed a hire (Bonface Masaviru) to follow the roadmap that Israel Quic laid out in Guatemala. Bonface is spreading RACHEL throughout Kenyan schools…




    … and working with local volunteers such as Zack Matere to help us curate RACHEL Shamba (an offline package of farming resources):

    RACHEL Shamba

    Where we can, we’ll look to our long-time distribution partners to help create full labs to access RACHEL-Pi. Here in Uganda, Romeo Rodriguez gives his “children” their first ever look at technology in a new library thanks to a full “digital library-in-a-box” from World Possible.


    We’ll continue to find ways to hire additional country managers, local to their communities, who have proven their dedication to RACHEL, to involve indigenous people in creating and distributing the content they currently lack.

    If you’d like to be part of the mission, we’d love to have you. A great group of development volunteers can be reached at rachelproject@googlegroups.com. If you have networking expertise, we can pair you with a group that might need your help deploying RACHEL – info@worldpossible.org.

    If you want to join the Raspberry Pi Foundation in supporting our efforts financially, we’d love it – donate here.

    If you want us to come talk to your group, or help deploy RACHEL, we’d love that also – please don’t hesitate to get involved! Thank you to all of the individuals and groups who already have; there is so much more we can do together.

    yovko in a nutshell: Опитайте Inoreader

    This post was syndicated from: yovko in a nutshell and was written by: Yovko Lambrev. Original post: at yovko in a nutshell

    Помните ли Google Reader? Това не беше само един от добрите проекти на Google, по която вярвам, че още много хора тъгуват. Той беше крайъгълен камък за един роматичен период на развитието на блогосферата (и българската), който свързваше общности от хора на базата на това какво пишат и какво четат. И преди социалните мрежи да опошлят това.

    Спирането на Google Reader доведе до появата на много алтернативи, някои от които доста сполучливи и иновативни. Аз лично минах през Feedly, който печели доста потребители с изчистения си и функционален интерфейс и мобилните си приложения, след това през Digg Reader, същите Digg, които betaworks възродиха от пепелта и приютиха заедно с чудесното Instapaper под крилата си. Digg Reader позакъсня с мобилните си версии, но пък и до днес предлага може би възможно най-изчистения интерфейс от тип само-за-четене, който винаги ме е изкушавал.

    Пробвал съм, разбира се и много други RSS-четци, включително и не само web, а и десктопски такива, но никой не предлагаше истински онзи социален елемент, който позволяваше да споделяш това, което четеш със своите приятели/последователи и да виждаш какво четата и споделят те. И не, не, не… в проклетия facebook или някъде другаде, а там – в самия четец.

    Докато един ден не открих Inoreader. Интерфейсът му по подразбиране ми е една идея по-цветен от нужното, но пък настройките са толкова много и гъвкави, че (за жалост както могат да изплашат някого) така можеш да настроиш всичко, че да ти бъде максимално удобно и полезно. Аз лично използвам напоследък светлата тема с шрифт Verdana и това ми дава нужната светла семплост и уют за четене. Всъщност настройките по подразбиране са изключително премерено направени. Всичко, което е нужно човек да добави социалните си мрежи за да може да споделя статии в тях, ако иска. Ако ползва Instapaper или Pocket също може да добави прехвърляне към тях. Да потърси и добави приятели за да вижда техните канали, и разбира се да добави RSS-емисиите на блоговете и сайтовете, които следи. За щастие всички, които споменах по-горе поддържат import и export на колекциите от RSS-емисии в OPML файл и така човек може спокойно да си пренася абонамените от един инструмент в друг и да ги сравнява.

    Аз се влюбих в Inoreader преди около половин година и ще се радвам, ако повече от бившите потребители на Google Reader оценят функцията да четат и broadcast-ват към приятелите си нещата, които намират за важни за споделяне, защото това е което ми липсваше във Feedly, Digg и другаде.

    Inoreader за мен е най-добрият четец не само в момента, а и сред всички, които съм пробвал досега. Разполага освен с мобилни приложения, така и с разширения за браузърите Chrome, Firefox, Opera и Safari. А споменах ли, че една от големите ми изненади бе, че това е български проект! И нови и интересни функции се добавят едва ли не непрекъснато. Ето от преди два дни:

    Та не тъгувайте напразно. Inoreader е чудесен и толкова богат на функции и настройки, че ако опитате, едва ли ще погледнете към нещо друго повече. И е български! :)