Posts tagged ‘Other’

AWS Official Blog: AWS Week in Review – November 23, 2015

This post was syndicated from: AWS Official Blog and was written by: Jeff Barr. Original post: at AWS Official Blog

Let’s take a quick look at what happened in AWS-land last week:


November 23


November 24


November 25


November 26


November 27


November 28


November 29

New & Notable Open Source

New SlideShare Presentations

New Customer Success Stories

New YouTube Videos

Upcoming Events

Help Wanted

Stay tuned for next week! In the meantime, follow me on Twitter and subscribe to the RSS feed.


Schneier on Security: A History of Privacy

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

This New Yorker article traces the history of privacy from the mid 1800s to today:

As a matter of historical analysis, the relationship between secrecy and privacy can be stated in an axiom: the defense of privacy follows, and never precedes, the emergence of new technologies for the exposure of secrets. In other words, the case for privacy always comes too late. The horse is out of the barn. The post office has opened your mail. Your photograph is on Facebook. Google already knows that, notwithstanding your demographic, you hate kale.

TorrentFreak: MPAA ‘Softens’ Movie Theater Anti-Piracy Policy, Drops Bounty

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

recillegalThe MPAA sees illegally recorded movies as one of the biggest piracy threats and goes to extremes to stop it.

During pre-release screenings and premieres, for example, employees are often equipped with night-vision goggles and other spy tech to closely monitor movie goers.

In some cases members of the public have been instructed to hand over all recording-capable devices including phones and Google glasses.

Through these measures the MPAA hopes to prevent pirates from camcording movies or recording audio in theaters. The underlying policy is drafted in cooperation with the National Association of Theatre Owners (NATO), and a few days ago the most recent version was released.

At first sight not much has changed. The MPAA still recommends theater owners to keep an eye on suspect movie goers while prohibiting the use of any recording devices including phones.

“Preventative measures should include asking patrons to silence and put away their phones and requiring they turn off and stow all other devices capable of recording, including wearable technology capable of recording.

“If individuals fail or refuse to put any recording device away, managers—per your theater’s policy — can ask them to leave,” the recommendation reads.

There are several subtle changed throughout the document though, especially regarding the involvement of police. Previously, theater employees were encouraged to detain suspect visitors and hand them over to the authorities.

This is explicitly stated in the following snippet taken from the 2014 version of the best practices.

“Theater managers should immediately alert law enforcement authorities whenever they have clear indications that prohibited activity is taking place—the proper authorities will determine what laws may have been violated and what enforcement action should be taken.”

In the new document, however, it’s no longer a requirement to call the police. Instead, this is now optional.

“Theater managers have the option to immediately alert law enforcement authorities whenever they have clear indications that prohibited activity is taking place or managers can the stop the activity without law enforcement assistance.”

Similar changes were made throughout the document. Even reporting incidents to the MPAA no longer appears to be mandatory, which it still was according to last year’s text.

“After your theater manager has contacted the police, your theater manager should immediately call the MPAA 24/7 Anti-Camcording Hot Line to report the incident.”

The language above has now been changed to a less urgent option of simply reporting incidents, should a theater manager deem it appropriate.

“Your theater manager can also call the MPAA 24/7 Anti-Camcording Hot Line to report the incident.”

Aside from the softer tone there’s another significant change to the best practices. The $500 “reward” movie theater employees could get for catching pirates is no longer mentioned.

The old Take Action Award mention

In fact, the entire “take action award” program appears to have been discontinued. The NATO page where it was listed now returns a 404 error and the details on FightFilmTheft have been removed as well.

This stands in stark contrast to the UK where the rewards for a similar program were doubled just a few weeks ago, with officials describing it as a great success.

The question that remains unanswered is why the MPAA and NATO have implemented these changes. Could it be that there were too many false positives being reported to the police, or is there an image problem perhaps?

In recent years several questionable police referrals resulted in a media backlash. A 19-year-old girl was arrested for recording a 20 second clip from the movie “Transformers,” which she wanted to show to her brother, for example.

And just last year the FBI dragged a man from a movie theater in Columbus, Ohio, after theater staff presumed his wearing of Google Glass was a sign that he was engaged in camcorder piracy.

Meanwhile, reports of real pirates being apprehended in a similar fashion have been notable by their absence.

Best Practices to Prevent Film Theft

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Darknet - The Darkside: LSAT – Linux Security Auditing Tool

This post was syndicated from: Darknet - The Darkside and was written by: Darknet. Original post: at Darknet - The Darkside

Linux Security Auditing Tool (LSAT) is a post install security auditing tool. It is modular in design, so new features can be added quickly. It checks inetd entries and scans for unneeded RPM packages. It is being expanded to work with Linux distributions other than Red Hat, and checks for kernel versions. It (for now) […]

The post LSAT –…

Read the full post at

Krebs on Security: Gas Theft Gangs Fuel Pump Skimming Scams

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Few schemes for monetizing stolen credit cards are as bold as the fuel theft scam: Crooks embed skimming devices inside fuel station pumps to steal credit card data from customers. Thieves then clone the cards and use them to steal hundreds of gallons of gas at multiple filling stations. The gas is pumped into hollowed-out trucks and vans, which ferry the fuel to a giant tanker truck. The criminals then sell and deliver the gas at cut rate prices to shady and complicit fuel station owners.

Agent Steve Scarince of the U.S. Secret Service heads up a task force in Los Angeles that since 2009 has been combating fuel theft and fuel pump skimming rings. Scarince said the crooks who plant the skimmers and steal the cards from fuel stations usually are separate criminal groups from those who use the cards to steal and resell gas.

External pump skimmers retrieved from LA fuel stations.

An external pump skimmer is attached to the end of this compromised fuel dispenser in Los Angeles (right).

“Generally the way it works is the skimmer will sell the cards to a fuel theft cell or ring,” he said. “The head of the ring or the number two guy will go purchase the credit cards and bring them back to the drivers. More often than not, the drivers don’t know a whole lot about the business. They just show up for work, the boss hands them 25 cards and says, ‘Make the most of it, and bring me back the cards that don’t work.’ And the leader of the ring will go back to the card skimmer and say, ‘Okay out of 100 of those you sold me, 50 of them didn’t work.’”

Scarince said the skimmer gangs will gain access to the inside of the fuel pumps either secretly or by bribing station attendants. Once inside the pumps, the thieves hook up their skimmer to the gas pump’s card reader and PIN pad. The devices also are connected to the pump’s electric power — so they don’t need batteries and can operate indefinitely.

Internal pump skimming device seized from a Los Angeles fuel station.

Internal pump skimming device seized from a Los Angeles fuel station.

Most internal, modern pump skimmers are built to record the card data on a storage device that can transmit the data wirelessly via Bluetooth technology. This way, thieves can drive up with a laptop and fill their tank in the time it takes to suck down the card data that’s been freshly stolen since their last visit.

The Secret Service task force in Los Angels has even found pump skimming devices that send the stolen card data via SMS/text message to the thieves, meaning the crooks don’t ever have to return to the scene of the crime and can receive the stolen cards and PINs anywhere in the world that has mobile phone service.


Scarince said the fuel theft gangs use vans and trucks crudely modified and retrofitted with huge metal and/or plastic “bladders” capable of holding between 250 and 500 gallons of fuel.

“The fuel theft groups will drive a bladder truck from gas station to gas station, using counterfeit cards to fill up the bladder,” he said. “Then they’ll drive back to their compound and pump the fuel into a 4,000 or 5,000 container truck.”

A bladder made to look like it's hauling used tires.

A bladder truck made to look like it’s hauling used tires. The wooden panel that was hiding the metal tank exposed here has ben removed in this picture.

The fuel will be delivered to gas station owners with whom the fuel theft ring has previously brokered with on the price per gallon. And it’s always a cash transaction.

“The stations know they’re buying stolen gas,” Scarince said. “They’re fully aware the fuel is not coming from a legitimate source. There’s never any paperwork with the fuel driver, and these transactions are missing all the elements of a normal, legitimate transaction between what would be a refinery and a gas station.”

Fuel theft gangs converted this van into a bladder truck. Image: Secret Service.

Fuel theft gangs converted this van into a bladder truck. Image: Secret Service.

Needless to say, the bladder trucks aren’t exactly road-worthy when they’re filled to the brim with stolen and highly flammable fuel. From time to time, one of the dimmer bladder truck drivers will temporarily forget his cargo and light up a smoke.

“Two or three summers ago we had this one guy who I guess was just jonesing for a cigarette,” Scarince said. “He lit up and that was the last thing he did.”

This bladder truck went up in smoke (literally).

This bladder truck went up in (a) smoke.

Other bladder trucks have spontaneously burst into flames at filling stations while thieves pumped stolen gas.

“There have been other fires that took place during the transfer of fuel, where some static sparked and the whole place caught on fire,” Scarince said. “These vehicles are not road-worthy by any means. Some of the bladder tanks are poorly made, they leak. The trucks are often overweight and can’t handle the load. They fill it up with 300 pounds of liquid, and we see things like transmissions giving out, chassis going out. These things are real hazards just waiting to happen.”

How big are the fuel theft operations in and around Los Angeles? Scarince estimates that at any given time there are 20 to 30 of these deadly bladder trucks trundling down L.A. freeways and side streets.

“And that’s a very conservative guess, just based on what the credit card companies report,” he said.

Aaron Turner, vice president of identity service products at Verifone — a major manufacturer of credit card terminals — leads a team that has been studying many of the skimming devices that the Secret Service has retrieved from compromised filling stations. Turner says there is a huge potential for safety-related issues when it comes to skimmers in a gas-pump environment. 

“Every piece of equipment that is installed by gas station owners in the pump area is approved by reviewed and approved according to industry standards, but these skimmers…not so much,” Turner said. “One of the skimmers that we retrieved was sparking and arcing when we powered it up in our lab. I think it’s safe to say that skimmer manufacturers are not getting UL certifications for their gear.”


With some fuel theft gangs stealing more than $10 million per year, Scarince said financial institutions and credit card issuers have responded with a range of tactics to detect and stop suspicious fuel station transactions.

“A lot more card issuers and merchant processors are really pushing hard on velocity checks,” Scarince said, referring to a fraud detection technique that reviews transactions for repeating patterns within a brief period. “If you buy gas in Washington, D.C. and then 30 minutes gas later gas is being purchased on opposite side of the city in a short period of time. Those are things that are going to start triggering questions about the card. So, more checks like that are being tested and deployed, and banks are getting better at detecting this activity.”

Card issuers also can impose their own artificial spending limits on fuel purchases. Visa, for example, caps fuel purchases at $125.  But thieves often learn to work just under those limits.

“The more intelligent crooks will use only a few cards per station, which keeps them a lower profile,” Scarince said. “They’ll come in a swipe two to three cards and fill up 40-80 gallons and move on down the road to another station. They definitely also have what we determine to be routes. Monday they’ll drive one direction, and Tuesday they’ll go the other way, just to make sure they don’t hit the same stations one day after another.”

Newer credit and debit cards with embedded chip technology should make the cards more costly and difficult to counterfeit. However, the chip cards still have the card data encoded in plain text on the card’s magnetic strip, and most fuel stations won’t have chip-enabled readers for several years to come.

On Oct. 1, 2015, Visa and MasterCard put in force new rules that can penalize merchants who do not yet have chip-enabled terminals. Under the new rules, merchants that don’t have the technology to accept chip cards will assume full liability for the cost of fraud from purchases in which the customer presented a chip-enabled card.

But those rules don’t apply to fuel stations in the United States until October 2017, and a great many stations won’t meet that deadline, said Verifone’s Turner.

“The petroleum stations and the trade organizations that represent them have been fairly public in their statements that they don’t feel they’re going to hit the 2017 dates,” Turner said. “If you look at the cost of replacing these dispensers and the number of systems that have been touched by qualified, licensed technicians…most of the stations are saying that even if they start this process now they’re going to struggle to meet that October 2017 date.”

Turner said that as chip card readers take hold in more retail establishments, card thieves will begin targeting fuel stations more intensively and systematically.

“We’re moving into this really interesting point of time when I think the criminals are going to focus on the approaches that offer them the greatest return on their investment,” Turner said. “In the future, I think there will be a liability shift specifically for petroleum stations [because] the amount of mag-stripe-facilitated fraud that will happen in that market is going to increase significantly along with chip card deployment.”

Part of the reason Los Angeles is such a hotbed of skimming activity may be related to ethnic Armenian organized crime members that have invested heavily in fuel theft schemes. Last month, the Justice Department announced charges against eight such men accused of planting skimmers in pumps throughout Southern California and Nevada.

Scarince and Turner say there is a great deal of room for the geographic spread of fuel theft scams. Although the bulk of fuel theft activity in the United States is centered around Los Angeles, the organized nature of the crime is slowly spreading to other cities.

“We are seeing pump skimming now shoot across the country,” Scarince said. “Los Angeles is still definitely ground zero, but Florida is now getting hit hard, as are Houston and parts of the midwest. Technology we first saw a couple of years ago in LA we’re now seeing show up in other locations across the country. They’re starting to pick on markets that are probably less aware of what’s going on as far as skimming goes and don’t secure their pumps as well as most stations do here.”


Avoid sketchy-looking stations and those that haven’t started using tamper-evident seals on their pumps.

“The fuel theft gangs certainly scout out the stations beforehand, looking for stations that haven’t upgraded their pump locks and haven’t started using tamper seals,” Scarince said. “If some franchised station decided not to spend the money to upgrade their systems with these security precautions, they’re going to be targeted.”

Scarince says he also tends to use pumps that are closest to the attendants.

“Those are less likely to have skimmers in or on them than street-side pumps,” he said.

Consumers should remember that they’re not liable for fraudulent charges on their credit or debit cards, but they still have to report the phony transactions. There is no substitute for keeping a close eye on your card statements. Also, use credit cards instead of debit cards at the pump; having your checking account emptied of cash while your bank sorts out the situation can be a huge hassle and create secondary problems (bounced checks, for instance).

TorrentFreak: Swedish Pirate Bay Blocking Decision Will Go to Appeal

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

In a growing number of countries around Europe, courts have been overwhelmingly willing to order Internet service providers to block pirate sites. In Sweden, spiritual home of The Pirate Bay, copyright holders hoped to achieve the same.

However, a case brought in 2014 by Universal Music, Sony Music, Warner Music, Nordisk Film and the Swedish Film Industry against local ISP Bredbandsbolaget (Broadband Company) crashed and burned on Friday.

After a month of deliberations a unanimous Stockholm District Court found that Swedish legislation meets the requirements of the EU Infosoc directive. The actions of Bredbandsbolaget do not constitute its participation in infringements carried out by some of its ‘pirating’ subscribers, the Court found.

Considering the momentum around Europe towards blocking the decision in Sweden came as a surprise, not least to the copyright holders behind the case. Per Strömbäck of FTVS, the umbrella group behind the action, believes that illegal sites came out the winners on Friday.

“The ruling is a serious failing for the Swedish judicial system that is already falling behind. Swedish film and music creators deserve better,” Strömbäck says.

However, the movie, TV and record companies behind the action have no intention of giving up and as predicted will take their case to appeal.

“The Court has examined the legislation whose precise purpose is to give rights owners the opportunity to have Internet service providers stop illegal services from reaching Swedish internet users,” says Henrik Bengtsson, legal counsel for the plaintiffs in the case.

“Similar legislation already exists in the rest of Scandinavia as well as in much of Europe. We will appeal.”

The efforts to hold Bredbandsbolaget as accomplices to its subscribers’ ‘crimes’ means that the legal action against the ISP was the first of its kind in the country.

If it had succeeded, other ISPs in Sweden would have been subjected to similar conditions and demands to block other sites would’ve quickly followed. However, as the position stands today Bredbandsbolaget feels its stance as a mere conduit of information has been vindicated.

“We see it as positive that the district court did not consider that Internet operators are accomplices in crimes committed over the Internet. This is important for freedom of expression and the Swedish model of a free and open Internet,” says Anna Byström, Chief Legal Officer at Bredbandsbolaget parent company Telenor.

“We believe that the Court of Appeal will rule in our favor, and hope that this will put an end to this matter that could otherwise lead to ISPs needing to block more sites in the future.”

The plaintiffs will file their case with the Svea Court of Appeal before December 18, 2015.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

TorrentFreak: Copyright Industry Still Doesn’t Understand This Fight Isn’t About Money, But Liberty

This post was syndicated from: TorrentFreak and was written by: Rick Falkvinge. Original post: at TorrentFreak

copyright-brandedIn 2010, I got a prize from the Swedish IT Industry as “IT person of the year”, the year after I had led the Swedish and first Pirate Party into the European Parliament.

Their motivation for the prize was that I had finally, and through hard work, brought important IT issues to front row and center of the political establishment.

What we said then are the same things we say now. The Internet is the most important piece of infrastructure we have. More important than telco, than cable TV, than roads, than power, than… well, with the possible exception of tap water and sanitation infrastructure, I’ll allow the jury to confer a bit more on that one.

We were saying, and are saying, that it’s insane, asinine, repulsive and revolting to allow a cartoon industry (the copyright industry – mostly led by Disney in this regard) to regulate the infrastructure of infrastructures. To allow a cartoon industry to dismantle anonymity, the right to private correspondence and many more fundamental liberties just because they were worried about their profits.

There was some success in pushing back the worst. We didn’t get to go on the offense, but we did safeguard the most important of liberty.

Then, something very odd and unexpected happened. Spotify came on stage, praised The Pirate Bay for raising the bar for consumer expectations of what good service means, and swept the floor with consumption patterns of music. As did Pandora in the US. Pirates tend to be early adopters and Pandora was no exception: I am paying subscriber #110 there out of today’s tens of millions. As was always noted, the fight for liberty was never a fight about money.

More people shifted toward streaming video as well with Netflix and similar services, again showing it was never about the money, but always about freedom.

After that, something even more unexpected happened. Pirates started fighting with the copyright industry, against the internet service providers, in the halls of policymaking. More specifically, pirates were siding with Microsoft against lots of old telco dinosaurs. Even more specifically, people were fighting for Net Neutrality – something that Microsoft was also fighting for, as the owner of Skype – against the mobile divisions of telco dinosaurs, who wanted to lock out competitors from their imaginary walled garden.

Of course, this is only unexpected if you thought it was about money in the first place. If you knew that it was always about liberty, about defending the infrastructure of infrastructures, about protecting the right to innovate and the freedom of speech, this comes as a no-brainer.

We care for permissionless innovation, we care for private correspondence, we care for sharing and the legacy of knowledge and culture. We do not care in the slightest for obsolete and outdated pre-internet distribution monopolies, nor do we care for pipes that want to be privileged, and we become outright hostile when the industries that benefit from old monopolies (not stakeholders, but beneficiaries!) assert a right to dismantle the liberties that our ancestors fought, bled, and died to give to us today.

“How will the authors get paid?” is an utterly uninteresting question in a market economy. The answer is equally utterly simple: “by making a sale”. There is no other way, and there should not be any other way. A much more relevant question today is “how do we protect the infrastructure of liberty against corporate encroachment and imaginary privileges of pre-internet monopolies”.

Oh, and the Swedish IT Industry Association also gives a prize to the IT Company of the year, not just the IT person of the year. The company to get that prize in the same year as me? Spotify.

About The Author

Rick Falkvinge is a regular columnist on TorrentFreak, sharing his thoughts every other week. He is the founder of the Swedish and first Pirate Party, a whisky aficionado, and a low-altitude motorcycle pilot. His blog at focuses on information policy.

Book Falkvinge as speaker?

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Matthew Garrett: What is hacker culture?

This post was syndicated from: Matthew Garrett and was written by: Matthew Garrett. Original post: at Matthew Garrett

Eric Raymond, author of The Cathedral and the Bazaar (an important work describing the effectiveness of open collaboration and development), recently wrote a piece calling for “Social Justice Warriors” to be ejected from the hacker community. The primary thrust of his argument is that by calling for a removal of the “cult of meritocracy”, these SJWs are attacking the central aspect of hacker culture – that the quality of code is all that matters.

This argument is simply wrong.

Eric’s been involved in software development for a long time. In that time he’s seen a number of significant changes. We’ve gone from computers being the playthings of the privileged few to being nearly ubiquitous. We’ve moved from the internet being something you found in universities to something you carry around in your pocket. You can now own a computer whose CPU executes only free software from the moment you press the power button. And, as Eric wrote almost 20 years ago, we’ve identified that the “Bazaar” model of open collaborative development works better than the “Cathedral” model of closed centralised development.

These are huge shifts in how computers are used, how available they are, how important they are in people’s lives, and, as a consequence, how we develop software. It’s not a surprise that the rise of Linux and the victory of the bazaar model coincided with internet access becoming more widely available. As the potential pool of developers grew larger, development methods had to be altered. It was no longer possible to insist that somebody spend a significant period of time winning the trust of the core developers before being permitted to give feedback on code. Communities had to change in order to accept these offers of work, and the communities were better for that change.

The increasing ubiquity of computing has had another outcome. People are much more aware of the role of computing in their lives. They are more likely to understand how proprietary software can restrict them, how not having the freedom to share software can impair people’s lives, how not being able to involve themselves in software development means software doesn’t meet their needs. The largest triumph of free software has not been amongst people from a traditional software development background – it’s been the fact that we’ve grown our communities to include people from a huge number of different walks of life. Free software has helped bring computing to under-served populations all over the world. It’s aided circumvention of censorship. It’s inspired people who would never have considered software development as something they could be involved in to develop entire careers in the field. We will not win because we are better developers. We will win because our software meets the needs of many more people, needs the proprietary software industry either can not or will not satisfy. We will win because our software is shaped not only by people who have a university degree and a six figure salary in San Francisco, but because our contributors include people whose native language is spoken by so few people that proprietary operating system vendors won’t support it, people who live in a heavily censored regime and rely on free software for free communication, people who rely on free software because they can’t otherwise afford the tools they would need to participate in development.

In other words, we will win because free software is accessible to more of society than proprietary software. And for that to be true, it must be possible for our communities to be accessible to anybody who can contribute, regardless of their background.

Up until this point, I don’t think I’ve made any controversial claims. In fact, I suspect that Eric would agree. He would argue that because hacker culture defines itself through the quality of contributions, the background of the contributor is irrelevant. On the internet, nobody knows that you’re contributing from a basement in an active warzone, or from a refuge shelter after escaping an abusive relationship, or with the aid of assistive technology. If you can write the code, you can participate.

Of course, this kind of viewpoint is overly naive. Humans are wonderful at noticing indications of “otherness”. Eric even wrote about his struggle to stop having a viscerally negative reaction to people of a particular race. This happened within the past few years, so before then we can assume that he was less aware of the issue. If Eric received a patch from someone whose name indicated membership of this group, would there have been part of his subconscious that reacted negatively? Would he have rationalised this into a more critical analysis of the patch, increasing the probability of rejection? We don’t know, and it’s unlikely that Eric does either.

Hacker culture has long been concerned with good design, and a core concept of good design is that code should fail safe – ie, if something unexpected happens or an assumption turns out to be untrue, the desirable outcome is the one that does least harm. A command that fails to receive a filename as an argument shouldn’t assume that it should modify all files. A network transfer that fails a checksum shouldn’t be permitted to overwrite the existing data. An authentication server that receives an unexpected error shouldn’t default to granting access. And a development process that may be subject to unconscious bias should have processes in place that make it less likely that said bias will result in the rejection of useful contributions.

When people criticise meritocracy, they’re not criticising the concept of treating contributions based on their merit. They’re criticising the idea that humans are sufficiently self-aware that they will be able to identify and reject every subconscious prejudice that will affect their treatment of others. It’s not a criticism of a desirable goal, it’s a criticism of a flawed implementation. There’s evidence that organisations that claim to embody meritocratic principles are more likely to reward men than women even when everything else is equal. The “cult of meritocracy” isn’t the belief that meritocracy is a good thing, it’s the belief that a project founded on meritocracy will automatically be free of bias.

Projects like the Contributor Covenant that Eric finds so objectionable exist to help create processes that (at least partially) compensate for our flaws. Review of our processes to determine whether we’re making poor social decisions is just as important as review of our code to determine whether we’re making poor technical decisions. Just as the bazaar overtook the cathedral by making it easier for developers to be involved, inclusive communities will overtake “pure meritocracies” because, in the long run, these communities will produce better output – not just in terms of the quality of the code, but also in terms of the ability of the project to meet the needs of a wider range of people.

The fight between the cathedral and the bazaar came from people who were outside the cathedral. Those fighting against the assumption that meritocracies work may be outside what Eric considers to be hacker culture, but they’re already part of our communities, already making contributions to our projects, already bringing free software to more people than ever before. This time it’s Eric building a cathedral and decrying the decadent hordes in their bazaar, Eric who’s failed to notice the shift in the culture that surrounds him. And, like those who continued building their cathedrals in the 90s, it’s Eric who’s now irrelevant to hacker culture.

(Edited to add: for two quite different perspectives on why Eric’s wrong, see Tim’s and Coraline’s posts)

comment count unavailable comments

TorrentFreak: Cox Can’t Describe Rightscorp As “Extortionists” and “Trolls” During Trial

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

trollsignNext week marks the start of a crucial trial that may define how U.S. Internet providers deal with pirating subscribers in the future.

Internet provider Cox Communications is facing a lawsuit from BMG Rights Management and Round Hill Music, who accuse the company of failing to terminate the accounts of subscribers who frequently pirate content.

This week the court ruled on several requests and concerns about the upcoming trial. Several of these motions relate to Rightscorp, the company which sends out infringement notices with settlement demands for the rightsholders.

In previous filings Cox described Rightscorp as a copyright-trolling outfit that uses extortion and blackmail-like practices to pressure alleged pirates into settling. This language concerned the music companies, who asked the court to exclude it from trial.

This week Judge O’Grady agreed, ordering that Cox is prohibited from introducing irrelevant information about Rightscorp (pdf).

Among other things, the proposed order specifies that the Internet provider can’t reference Rightscorp’s business practices after 2011, including evidence from phone scripts or call recordings.

Rightscorp’s precarious financial position is also off-limits, as well as any allegations that the company violates debt collection or private investigation laws.

Finally, the aforementioned extortion and troll references are banned during trial as well.

“Defendants are prohibited from using derogatory terms such as ‘troll,’ ‘blackmailer,’ and ‘extortionist’ in reference to Rightscorp or Plaintiffs and are prohibited from using terms like ‘extortion’ or ‘blackmail’ to describe the companies’ communications or business practices,’ the order reads.

In addition to this order, Cox faced another setback.

The ISP previously asked the court to prevent the copyright holders from using any material claiming that BitTorrent equals piracy. According to Cox, BitTorrent has plenty of legitimate uses, but the motion was denied by Judge O’Grady.

On the upside, the court agreed with Cox that Rightscorp destroyed crucial evidence by deleting older versions of its piracy tracking code.

While this is not enough to dismiss the entire case, sanctions are appropriate and Cox is allowed to reference the destroyed evidence during its opening statement (pdf).

These new developments, as well as the earlier order declaring that Cox is not entitled to DMCA safe-harbor protections, show how much is at stake for both sides. The trial is expected to start in a few days and will be closely followed by other copyright holders and Internet providers.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

TorrentFreak: No Copyright Trolls, Your Evidence Isn’t Flawless

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

xmastrollEarlier this month TF broke the news that Sky Broadband in the UK were sending letters out to some of their customers, warning them they’re about to be accused of downloading and sharing movies without permission.

When they arrive the threats will come from Golden Eye International (GEIL), the company behind the ‘Ben Dover’ porn brand that has already targeted hundreds of people with allegations of Internet piracy.

“It’s likely that Golden Eye International will contact you directly and may ask you to pay them compensation,” the ISP warned.

In fact, GEIL will definitely ask for money, largely based on their insistence that the evidence they hold is absolutely irrefutable. It’s the same tune they’ve been singing for years now, without ever venturing to back up their claims in court. Sadly, other legal professionals are happy to sing along with them.

“Don’t do anything illegal and you won’t get a letter,” intellectual property specialist Iain Connor told The Guardian last week.

“Golden Eye will only have gotten details of people that they can prove downloaded content and so whether the ‘invoice’ demand is reasonable will depend on how much they downloaded that infringed copyright material.”

Quite aside from the fact that none of these cases are about downloading copyrighted material (they’re about uploading), one has to presume that Connor isn’t personally familiar with details of these cases otherwise he would’ve declared that interest. Secondly, he is absolutely wrong.

Companies like GEIL sometimes get it wrong, the anti-piracy trackers they use get things wrong, and ISPs get things wrong too. An IP address is NOT a person but innocent parties have to go to huge lengths to prove that. IT worker Harri Salminen did just that and this week finally managed to publicly clear his family’s name.

It started two years ago when his wife – the Internet account payer – was accused by an anti-piracy outfit (unconnected to GEIL) of pirating on a massive scale.

“They claimed that thousands of music tracks had been illegally distributed from our Internet connection,” Salminen told local media.

“The letter came addressed to my wife and she became very anxious, since she didn’t understand what this was all about. According to the letter, the matter was going to the court and we were advised to make contact to agree on compensation.”

Sound familiar? Read on.

The Salminen family has two children so took time to ensure they hadn’t uploaded anything illegally. Harri Salminen, who works in the IT industry, established that they had not, so began to conduct his own investigation. Faced with similar “irrefutable” IP address-based evidence to that presented in all of these ‘troll’ cases, what could’ve possibly gone wrong?

Attached to the letter of claim was a page from Salminen’s ISP which detailed the name of his wife, the IP address from where the piracy took place, and a date of infringement. This kind of attachment is common in such cases and allows trolls to imply that their evidence is somehow endorsed by their target’s ISP.

Then Salminen struck gold. On the day that the alleged infringement took place the IT worker was operating from home while logged into his company’s computer systems. Knowing that his company keeps logs of the IP addresses accessing the system, Salminen knew he could prove which IP address he’d been using on the day.

“I looked into my employer’s system logs for IP-addresses over several weeks and I was able to show that our home connection’s IP address at the time of the alleged act was quite different from the IP address mentioned in the letter,” he explained.

So what caused Salminen’s household to be wrongly identified? Well, showing how things can go wrong at any point, it appears that there was some kind of screw-up between the anti-piracy company and Salminen’s ISP.

Instead of identifying the people who had the IP address at the time of the actual offense, the ISP looked up the people using the address when the inquiry came in.

“The person under employment of the ISP inputs a date, time, and IP-address to the system based on a court order,” anti-piracy group TTVK now explains.

“And of course, when a human is doing something, there is always a possibility for an error. But even one error is too much.”

Saliminen says that it was only his expertise in IT that saved him from having to battle it out in court, even though his family was entirely innocent. Sadly, those about to be accused by Golden Eye probably won’t have access to similar resources.

“We have only written to those account holders for whom we have evidence of copyright infringement,” Golden Eye’s Julian Becker said confidently last week.

Trouble is, Golden Eye only has an IP address and the name of the account holder. They have no evidence that person is the actual infringer, even presuming there hasn’t been a screw-up like the one detailed above.

“We have written to account holders accusing them of copyright infringement, even though it’s entirely possible they personally did nothing wrong and shouldn’t have to pay us a penny,” is perhaps what he should’ve said.

But that’s not only way too frank but a sure-fire way of punching a huge hole in GEIL’s bottom line. And for a troll like GEIL, that would be a disaster.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

TorrentFreak: Pirates Can Now Rip 4K Content From Netflix and Amazon

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

amazonnetflixWhile the average consumer is generally not equipped to play 4K content on their TV or computer, many video geeks are looking forward to every new release.

Thus far the physical offerings have been limited to adult content mostly, with just a handful of mainstream productions. However, with the adoption of a Blu-Ray standard for Ultra High Definition video more releases will follow soon.

4K streaming releases have been available for a while already though, with Netflix and Amazon as the two key vendors in this market.

These online streams were always well protected against pirates. The High-Bandwidth Digital Copy Protection (HDCP) version 2.2 or higher is still believed to be secure today, but there are signs that pirates have found a way to bypass the protection.

Earlier this year the first 4K Netflix leak surfaced. After that it went quiet. However, a few days ago something changed, as many more releases started to appear online.

TorrentFreak spoke to a release group insider who confirmed that this is a significant change.

“Many groups started releasing 4K rips recently and they are working perfectly. I expect that 4K resolution releases will become more popular now,” TorrentFreak was told.

The new 4K leaks come from both Netflix and Amazon, suggesting that there’s a general loophole that allows pirates to circumvent the copy protection on both services.

Up until recently this was impossible to do. There were a handful of upscaled releases floating around with a lot of pixelation and low bitrates, but these don’t come close to real 4K.

The new releases are true 4K and include Amazon’s The Man in the High Castle as well as the recent pilots Edge, Good Girls Revolt, Highston, One Mississippi
and Patriot.

Amazon’s 4k leaks

Another series of high-profile 4K leaks that came out this week are of Netflix’s Jessica Jones. As with the other rips the file-sizes are much larger than traditional HD-releases, well over 10 gigabytes for a single episode.

Netflix’ Jessica Jones 4k leaks

The media info for one of the Jessica Jones leaks show that it’s 4K, at a 32.5 Mbps bitrate. Unfortunately, that doesn’t necessarily mean that the video quality is always exceptional.

“For example for Marvel’s Jessica Jones new TV series from Netflix the 4K captures look bad, because the master from Netflix is probably bad,” we were told by an insider.

Jessica Jones 4k (large)
jessica jones

Downloading a 4K release from Amazon or Netflix and getting a pirated copy out is not something that’s easily done. The original rips are often well over 100 gigabytes in size. Still, many groups are jumping on the 4K bandwagon.

The main question that remains is how the groups are able to circumvent the copy protection. Our source says that Amazon’s Fire TV and Roku 4K are likely sources, as they may not be as well protected as some believe.

Amazon’s Fire TV uses the weaker HDCP 1.4b protection and 23.976 frames/s, which only supports Amazon 4K releases and not Netflix.

Roku recently released their new streaming player with 4K support and native refresh rate switching, which can play Netflix’s 4K library. It arrived in stores early November, just before the 23.976 frames/s 4k rips started coming out.

Whatever the source is, the stream of new releases is unprecedented and marks the start of a new era of high quality video releases.

In recent years many people have been downloading higher quality rips already, but it will probably take a few years before 4K becomes the new standard. Overall, however, pirating video geeks will be happy with the news.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

TorrentFreak: Book Publishers Expand UK Pirate Site Blocking

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

e-booksFor several years Hollywood studios and international recording labels have engaged in legal action to have ‘pirate’ sites blocked in the UK.

The injunction applications were all filed at the High Court with the earliest example dating back to the 2012 blocking of The Pirate Bay at the hands of the BPI (British Recorded Music Industry).

Since then more than 20 injunctions have been handed down targeting a range of content but it took until May 2015 for the book publishing sector to land its first victory.

In an injunction application targeting major ISPs including BT, Sky, Virgin Media, O2, EE and TalkTalk, the Publishers Association successfully argued that their rights were being infringed by a number of e-book download sites.

Shortly after, Avaxhome, Ebookee, Freebookspot, Freshwap, Libgen, Bookfi and Bookre were all blocked at the ISP level, with Internet users in the UK confronted with a message similar to the one below.


Of course, blocking a handful of sites was never likely to achieve long-term results, especially with fresh domains, proxies, mirrors, and other workarounds being deployed on a regular basis. No surprise then that the Publishers Association has recently applied to have yet more URLs blocked by ISPs. (full list below)

All appear to relate in some way to sites that were blocked in the earlier court order, including Avaxhome, eBookee, FreeBookSpot and Library Genesis. This means that the Publishers Association won’t have needed to start a fresh process and will have simply added these URLs to the existing injunction.

This latest expansion is only the latest in a long line of applications made by a wide range of entertainment industry groups.

Earlier this month the UK’s blocklist silently expanded with the addition of around 170 sites, an effort that was preceded in October with the blocking of dozens of new domains, including those relating to Popcorn Time.

Updated Publishers Association blocklist

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

AWS Compute Blog: The Twelve Days of Lambda

This post was syndicated from: AWS Compute Blog and was written by: Tim Wagner. Original post: at AWS Compute Blog

Tim Wagner Tim Wagner, AWS Lambda General Manager

The Twelve Days Hours* of Lambda

*It’s serverless, so it’s faster 😉

Stuffed with turkey or too many cookies? Not quite ready to face the relatives again? Here are some ideas to use your end of year or holiday downtime to explore serverless cloud computing with AWS Lambda instead. Each one comes with a blueprint to help you get started quickly. Enjoy!

  1. First step. Use the “hello, world” blueprint to create and test your first AWS Lambda function in the console…no IDE required. Changing the text to “a partridge in a pear tree” is optional but festive.
  2. Hook up a couple of event sources. Use the S3 blueprint to configure an Amazon S3 bucket to send events to a Lambda function. If you’re jolly and like to make lists, test it out with your personal “Naughty” and “Nice” categories. Then hook up SNS to stay informed of weather conditions and reindeer uptime.
  3. Automated log analysis. Was it three French hens or four? Figure it out by automatically analyzing CloudWatch logs with a Lambda function.
  4. Build a canary. Scheduled Lambda functions make it easy to do a task on a recurring schedule, and built-in integration with Amazon CloudWatch gives you an instant site checker just by typing in its URL.
  5. NoSQL database triggers. Data is golden, so hook up a Lambda function to Amazon DynamoDB to audit, transform, copy, or otherwise react to changes as they occur.
  6. Serverless test harness. Not sure whether your code is laying an egg? Find out with an automated test harness.
  7. Streaming data processing. Hook up Amazon Kinesis to a Lambda function and build a streaming data processor that can deliver business insights from data in real time.
  8. Access algorithms. Lambda functions make it easy to integrate with other services, so you can get insights from your shopping data through Splunk, handle party communication needs with Twilio’s advanced messaging capabilities, or figure out whether images are family-friendly with an advanced image processing algorithm from Algorithmia’s code library.
  9. Build an image processing service. Love Degas but wish you had thumbnail images of his dancers? Take a few minutes and build a scalable image processing service to help you out.
  10. Run processes or use native code. Make Lambda leap to do your bidding by firing up background processes, running other languages, or loading 3rd party code (even native code) as part of your Lambda function.
  11. Build a voice-enabled app. Don’t carol so much that your pipes are worn out so you can’t test your first Alexa app and use your Amazon Echo to trigger a Lambda function. Name your test app “presents” so you can run it by saying, “Alexa, open presents!”
  12. Mobile and IoT-enabled apps. Secretly hoping for an Arduino or Raspberry Pi but worried you’re getting socks? Take matters into your own hands and order your toys early, so you can hook them up to a Lambda function while the kids are playing with their own toys. Create a backend for a mobile or IoT app that’s backed by Amazon DynamnoDB with a single click. Drum away on your keyboard and have fun!

However you spend the end of 2015, the AWS Lambda team and I wish you and yours peace and happiness. The future of cloud computing has never been more exciting, and we look forward to another year of innovation and collaborating with all of you in 2016. Until next time, happy Lambda coding!

Follow Tim’s Lambda adventures on Twitter

TorrentFreak: Anti-Piracy Group Stops Prolific KickassTorrent’s Uploader

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

KATNetherlands-based anti-piracy group BREIN is one of few such outfits to directly go after both the operators and users of pirate sites.

The Hollywood-backed group doesn’t target random file-sharers but focuses on prolific uploaders, who share hundreds or thousands of files.

This month these efforts led to another victory for the organization. A Breda court ruled in favor of BREIN in an ex-parte case against a 20-year-old student, who uploaded over 750 torrents to KickassTorrents.

Most torrents were targeted at the Dutch public, including a full season of The Walking Dead and the film Avengers: Age of Ultron, both with subtitles.

BREIN argued that the man’s infringing activities were causing irreparable damage for the various copyright holders involved. In addition, his efforts help frustrate the growth of legal services such as Spotify and Netflix.

The court agreed with BREIN’s assessment and ordered the uploader to stop sharing pirated content on KickassTorrents (pdf). Refusing to do so will result in a €2,000 fine per day, with a maximum of €50,000.

Responding to the verdict, the man, whose name is not made public, deleted his account as well as all uploads.

TorrentFreak tracked down what appears to be the user in question. This person frequently uploaded torrents with Dutch subtitles, some of which were mentioned in the case.

The deleted profile

BREIN notes that the student also agreed to pay compensation to the copyright holders as well as costs for the legal proceedings. While calculating the appropriate ‘damages’ figure BREIN took the man’s personal circumstances into account.

This means that the uploader has gotten off relatively unharmed, when compared to the million dollar claims we’ve seen elsewhere at least.

It’s not clear how BREIN tracked down the uploader. The anti-piracy group is known to scour the Internet for information that can identify infringers, some of whom are surprisingly easy to find.

In addition, BREIN also uses previously convicted file-sharers to gather intelligence, and rival uploaders also rat out their competitors voluntarily every now and then.

“We do get anonymous tips regarding offenders and from time to time it is clear that a tip comes from a ‘competitor. It’s just like with other crime on any turf,” BREIN’s Tim Kuik told us previously.

Looking ahead, BREIN is planning to intensify its efforts to hold prolific uploaders responsible. Not just those who upload to torrent sites, but also those who simply download and share.

Last week NOS reported that BREIN is preparing to monitor IP-addresses systematically to identify prolific sharers, which they then hope to identify through their Internet providers.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Raspberry Pi: Did you get a Raspberry Pi Zero?

This post was syndicated from: Raspberry Pi and was written by: Liz Upton. Original post: at Raspberry Pi

We gave away something free with our magazine, The MagPi, yesterday.

MagPi issue 40 in all its glory

Who’s a pretty boy, then?

The magazine industry has a concept called “technical sellout”, where more than 80% of copies are bought.

You swarmed over UK newsagents and achieved that with The MagPi in less than 12 hours. As far as we know, the last time that happened was with the female version of Playboy in the 1970s. So, as Carrie Anne says, we’ve served up a victory for gender equality, and a free computer.

You’ll find a map of all the places carrying the MagPi in the UK and Ireland on the MagPi website – there are still a few copies out there, so it might be worth your while ringing the outlets closest to you to see if they still have stock.

Clive's Goblin Tinkerer

Clive’s Goblin Tinkerer

If you’re in Ireland or Northern Ireland: it appears there was a bit of a SNAFU yesterday. MagPis were meant to be going into Tesco stores across both Ireland and Northern Ireland, but the tills hadn’t been programmed correctly (this was the first month they were carrying the MagPi, and we think a crucial button didn’t get pressed), so the magazine didn’t scan. Tesco’s response was to order shops to return all the magazines to the warehouse.

We’re talking to the distributors now, and we heard ten minutes ago that the magazines will be going back to the stores at the start of next week. Keep an eye on our Twitter feed and Facebook – we’ll let you know as soon as we hear they’ve hit the ground, so you can all go and do the swarm of locusts thing at your local Tesco.

If you’re in the United States: At the time of writing, Micro Center still has stock of the Zero itself, at $5. You can reserve online but you’ll have to visit a store in person: while we’re still in shortage they’re not selling online. We think all other online outlets are sold out now. The magazine with a free Zero on the cover will land in Barnes&Noble and Micro Center in about three weeks. (We print in the UK and ocean freight the magazine to the USA to keep costs down, which takes a little while.) Again, we’ll let you know on Twitter and Facebook, and we’ll make sure that there’s a note at the top of the blog here on the day as well.

Screen Shot 2015-11-27 at 13.49.11

Wherever you are in the world: you can still get your hands on Issue 40 with the free Raspberry Pi Zero if you subscribe (you’ll also get a free cable bundle). We’re waiting on a second print run at the moment for subscribers only; if you’d like to get your hands on one, you can find out how to subscribe at the MagPi website. Subs to the physical magazine start at just £12.99.

We’ve been enjoying seeing what the community’s been getting up to with their Pi Zeros.

This was unquestionably the best tweet of the day:

And watching you all on Twitter has been an absolute blast:




Some of you have started incorporating the Zero into builds already.

Meanwhile, even though Pi Zero has only been out for a day, add-on boards and cases are already appearing in the wild. Here’s Pimoroni’s gorgeous PiBow Zero case:


Considerably larger than actual size

They’re also making a range of what they’re calling pHATs – not true HATs (no EEPROM), but teeny add-ons for the Pi Zero, like this very pretty scrolling LED beast, which is £10:


You’ll find more pHATs (including a DAC) and other accessories at Pimoroni.

The folks from Bare Conductive, who do amazing things with capacitive touch, are already working on the Touch Board Pi Cap, which we’re really excited about – it’ll be available very soon, and will turn your Zero into a polyphonic music maker (just add bananas), empower you to turn all kinds of things around the house into buttons and switches, and much more. You can learn more over at Bare Conductive.


In answer to a frequently asked question: yes, we will continue to make Zeros for as long as you guys want them. It looks like demand will continue to outstrip supply for a while if yesterday’s rush is anything to go by, but we’re doing our very best to keep channels open, and we advise you not to buy from scalpers on eBay, because…karma. The Pi Hut and Pimoroni in the UK, and Adafruit in the US should be restocking soon, so keep an eye on them.

If you’re doing something fun with a Zero, please let us know – we’d love to feature you here or in the MagPi!


The post Did you get a Raspberry Pi Zero? appeared first on Raspberry Pi.

Bradley M. Kuhn's Blog ( bkuhn ): Do You Like What I Do For a Living?

This post was syndicated from: Bradley M. Kuhn's Blog ( bkuhn ) and was written by: Bradley M. Kuhn. Original post: at Bradley M. Kuhn's Blog ( bkuhn )

[ A version of this blog post
was crossposted
on Conservancy’s blog
. ]

I’m quite delighted with my career choice. As an undergraduate and even
in graduate school, I still expected my career extend my earlier careers in
the software industry: a mixture of software developer and sysadmin. I’d
probably be a DevOps person now, had I stuck with that career path.

Instead, I picked the charity route: which (not financially, but
work-satisfaction-wise) is like winning a lottery. There are very few
charities related to software freedom, and frankly, if (like me) you
believe in universal software freedom and reject proprietary software
entirely, there are two charities for you:
the Free Software Foundation, where I used to
work, and Software Freedom
, where I work now.

But software freedom is not merely an ideology for me. I believe the
ideology matters because I see the lives of developers and users are better
when they have software freedom. I first got a taste of this
IRL when I attended the earliest Perl
conferences in the late 1990s. My friend James and I stayed in dive motels
and even slept in a rental car one night to be able to attend. There was
excitement in the Perl community (my first Free Software community). I was
exhilarated to meet in person the people I’d seen only as god-like hackers
posting on perl5-porters. James was so excited he asked me to take a
picture of him jumping as high as he could with his fist in the air in
front of the main conference banner. At the time, I complained; I was
mortified and felt like a tourist taking that picture. But looking back, I
remember that James and I felt that same excitement and just were
expressing it differently.

I channeled that thrill into finding a way that my day job would focus on
software freedom. As an activist since my teenage years, I concentrated
specifically on how I could preserve, protect and promote this valuable
culture and ideology in a manner that would assure the rights of developers
and users to improve and share the software they write and use.

I’ve enjoyed the work; I attend more great conferences than I ever
imagined I would, where now people occasionally walk up to me with the same
kind of fanboy reverence that I reserved for Larry Wall,
RMS and the heroes of my
Free Software generation. I like my work. I’ve been careful, however, to
avoid a sense of entitlement. Since I read it in 1991, I have never
forgotten RMS’ point
in the GNU
: Most of us cannot manage to get any money for
standing on the street and making faces. But we are not, as a result,
condemned to spend our lives standing on the street making faces, and
starving. We do something else.
, a point he continues
in his regular speeches,
by adding: I [could] just … give up those principles and start
… writing proprietary software. I looked for another alternative,
and there was an obvious one. I could leave the software field and do
something else. Now I had no other special noteworthy skills, but I’m sure
I could have become a waiter. Not at a fancy restaurant; they wouldn’t
hire me; but I could be a waiter somewhere. And many programmers, they say
to me, “the people who hire programmers demand [that I write
proprietary software] and if I don’t do [it], I’ll starve”. It’s
literally the word they use. Well, as a waiter, you’re not going to

RMS’ point is not merely to expose the
false dilemma
inherent in I have to
, even it’s proprietary, because that’s what companies pay me to
, but also to expose the sense of entitlement in assuming a
fundamental right to do the work you want. This applies not just to
software authorship (the work I originally trained for) but also the
political activism and non-profit organizational work that I do now.

I’ve spent most of my career at charities because I believe deeply that I
should take actions that advance the public good, and because I have a
strategic vision for the best methods to advance software freedom. My
strategic goals to advance software freedom include two basic tenants: (a)
provide structure for Free Software projects in a charitable home (so that
developers can focus on writing software, not administration, and so that
the projects aren’t unduly influenced by for-profit corporations) and (b)
uphold and defend Free Software licensing, such
as copyleft, to ensure software

I don’t, however, arrogantly believe that these two priorities are
inherently right. Strategic plans work toward a larger goal, and pursing
success of a larger ideological mission requires open-mindedness regarding
strategies. Nevertheless, any strategy, once decided, requires zealous
pursuit. It’s with this mindset that I teamed up with my
colleague, Karen Sandler, to
form Software Freedom

Conservancy, like most tiny charities, survives on the determination of
its small management staff. Karen Sandler, Conservancy’s Executive
Director, and I have a unique professional collaboration. She and I share
a commitment to promoting and defending
principles in the context of software freedom
, along with an
unrelenting work ethic to match. I believe fundamentally that she and I
have the skills, ability, and commitment to meet these two key strategic
goals for software freedom.

Yet, I don’t think we’re entitled to do this work. And, herein there’s
another great feature of a charity. A charity not only serves the
public good; the USA IRS also requires that a charity
be funded primarily by donations from the public.

I like this feature for various reasons. Particularly, in the context of
the fundraiser that
Conservancy announced this week
, I think about it terms of seeking a
mandate from the public. As Conservancy poises to begin its tenth year,
Karen and I as its leaders stand at a crossroads. For financial reasons of
the organization’s budget, we’ve been thrust to test this question: Does
the public of Free Software users and developers actually want the
work that we do?

While I’m nervous that perhaps the answer is no, I’m nevertheless
not afraid to ask the question. So, we’ve asked. We asked all of you to
show us that you want our work to continue. We set two levels, matching
the two strategic goals I mentioned. (The second is harder and more
expensive to do than the first, so we’ve asked many more of you to support
us if you want it.)

It’s become difficult in recent years to launch a non-profit fundraiser
(which have existed for generations) and not think of the relatively recent
advent of gofundme, Kickstarter, and the like. These new systems provide a
(sadly, usually proprietary software) platform for people to ask the
public: Is my business idea and/or personal goal worth your money?.
While I’m dubious about those sites, I do believe in democracy
enough to build my career on a structure that requires an election (of
sorts). Karen and I don’t need you to go to the polls and cast your
ballot, but we do ask you consider if what we do for a living at
Conservancy is worth US$10 per month to you. If it is, I hope you’ll
“cast a vote” for Conservancy
and become a Conservancy
supporter now

TorrentFreak: Supreme Court Opens Door for Pirate Site Blockades in Germany

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

stop-blockedDomain name blocking has become one of the entertainment industries’ go-to methods for reducing online copyright infringement.

Blocking requests from both the music and movie sector are widespread around Europe, but until now Germany has been excluded.

However, this may soon change. In a landmark ruling the Supreme Court has today opened the door to German pirate site blockades.

The origin of the ruling dates back seven years when German music rights group GEMA, known for its aggressive anti-piracy stance, found music tracks on major file-hosting sites being distributed via the music linking site

After GEMA failed in its efforts to contact 3DL’s operators to deal with the infringement, the music group tried another tactic.

In a subsequent complaint, GEMA demanded that in order to reduce further copyright infringement, leading German ISP Deutsche Telekom should take technical steps to stop its customers from accessing

The ISP refused, stating that as a mere ‘dumb pipe’ it has nothing to do with the infringement on the site. Furthermore, blocking one site would simply lead to increasing numbers of similar demands, the ISP argued.

Together with a similar lawsuit against the site, the case eventually ended up at the Supreme Court which ruled on the issue today.

In its order the court argues that an ISP blockade is warranted if copyright holders have exhausted all their options to identify the operators or hosting providers of pirate sites.

The court also noted that it doesn’t matter if users can circumvent blockades. Simply rendering sites more difficult for the general public to access is sufficient.

GEMA is delighted with the decision and says it will be a great tool to combat online piracy.

“We welcome the judgment of the Supreme Court. This landmark decision was long overdue, since it leads the way in protecting our copyrights in the digital music market,” GEMA CEO Harald Heker says.

“At last we have legal clarity about the fact that ISP blockades of websites that offer illegal copyrighted music works en masse, are permitted. An important step to combat Internet piracy,” he adds.

It’s expected that the first blocking requests will be filed in the near future. While is no longer online, other high-profile pirate sites including The Pirate Bay and KickassTorrents are probably high on GEMA’s wish list.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

TorrentFreak: Judge Worries That Piracy Lawsuits Will Flood Courts

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

So-called ‘copyright-trolling’ is quite clearly big business as 2015 comes to a close. Often portrayed by content owners as a necessary evil designed to send a deterrent message to pirates, overall the practice is lucrative for the many companies involved.

The whole system relies on intimidating people into paying a ‘fine’ or settlement fee, often between a few hundred and a few thousand euros or dollars. The threat is to take cases to court if people don’t pay, alongside a clear suggestion that things will get more costly thereon in.

Over in Finland, Hedman Partners – a law firm acting on behalf of several movie, TV show and adult distributors – has been employing this exact tactic and after failing to get the desired number of pirates to pay, is now taking people to court.

Lawyer Joni Hatanmaa announced the first three cases against Finnish citizens last month and as previously promised, those people are now being told to expect big bills. However, according to the law firm things could get substantially worse.

Speaking with state-owned YLE, Hatanmaa now warns that his company is hoping to obtain the personal details of more than 10,000 alleged pirates in the coming year and if necessary will eventually take up to hundreds of cases to court.

The prospect of these kinds of copyright cases bogging down the legal system hasn’t been well received and already there a worries over where capacity to handle them will be found. Such cases are filed at the Market Court, a specialist venue hearing IP, competition and market law disputes, and its chief judge says a flood could prove problematic.

“If these cases become this plentiful, then how can we organize them with our existing resources? We already have an abundance of pending things here,” says Chief Judge Kimmo Mikkola.

While the Judge is right to express concern, history shows that in Europe there is less willingness to take cases to court than there is in the U.S., for example. Statutory damages in the United States mean that defendants could face bills of $150,000 for a single infringement if found guilty, an amount that serves to encourage early settlement.

In Europe the position is somewhat different, with alleged pirates more willing to take a chance on ignoring threatening letters while hoping the whole matter simply disappears. That does indeed happen in some cases, but precise and current numbers are impossible to come by. However, since ‘trolls’ keep coming back for more, the suggestion is that enough pay to keep the scheme going – and profitable.

In Finland it does appear that at least in limited numbers, Hedman Partners are prepared to take some cases to court to prove their point. However, some experts believe that it won’t be an easy ride.

Copyright specialist Herkko Hietanen of the Turre Legal law firm says that guilt will be difficult to prove since the court will require the copyright holder to show that the Internet account holder is the person liable for the infringement, since that’s who their claims are addressed to.

Judge Kimmo Mikkola agrees that identifying the precise infringer could be an issue.

“There is a problem of showing who has used the Internet connection. We can get clarity on these issues when we start to deal with them,” the Judge concludes.

That was certainly an issue for the Salminen family, who two years ago were accused of downloading and sharing thousands of songs. They’ve had an uphill struggle but have finally cleared their names after Mr Salminen, an IT expert, went all out to prove the case brought against them was false.

This week the family got the recognition they deserved when it was reported in local media that the anti-piracy group involved admitted that somewhere in the chain there had been an error and the wrong people had been accused.

“We had a lot of watertight, technical evidence backing us up that would be impossible for anyone other than someone in the IT field to gain access to,” Salminen said.

“If a letter like this would be delivered to a little old grandmother, how would she ever get this resolved?”

The truth is, people like this don’t have much of a chance. And trolls know it.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Application Management Blog: AWS CloudFormation Security Best Practices

This post was syndicated from: Application Management Blog and was written by: George Huang. Original post: at Application Management Blog

The following is a guest post by Hubert Cheung, Solutions Architect.

AWS CloudFormation makes it easy for developers and systems administrators to create and manage a collection of related AWS resources by provisioning and updating them in an orderly and predictable way. Many of our customers use CloudFormation to control all of the resources in their AWS environments so that they can succinctly capture changes, perform version control, and manage costs in their infrastructure, among other activities.

Customers often ask us how to control permissions for CloudFormation stacks. In this post, we share some of the best security practices for CloudFormation, which include using AWS Identity and Access Management (IAM) policies, CloudFormation-specific IAM conditions, and CloudFormation stack policies. Because most CloudFormation deployments are executed from the AWS command line interface (CLI) and SDK, we focus on using the AWS CLI and SDK to show you how to implement the best practices.

Limiting Access to CloudFormation Stacks with IAM

With IAM, you can securely control access to AWS services and resources by using policies and users or roles. CloudFormation leverages IAM to provide fine-grained access control.

As a best practice, we recommend that you limit service and resource access through IAM policies by applying the principle of least privilege. The simplest way to do this is to limit specific API calls to CloudFormation. For example, you may not want specific IAM users or roles to update or delete CloudFormation stacks. The following sample policy allows all CloudFormation APIs access, but denies UpdateStack and DeleteStack APIs access on your production stack:


We know that IAM policies often need to allow the creation of particular resources, but you may not want them to be created as part of CloudFormation. This is where CloudFormation’s support for IAM conditions comes in.

IAM Conditions for CloudFormation

There are three CloudFormation-specific IAM conditions that you can add to your IAM policies:

  • cloudformation:TemplateURL
  • cloudformation:ResourceTypes
  • cloudformation:StackPolicyURL

With these three conditions, you can ensure that API calls for stack actions, such as create or update, use a specific template or are limited to specific resources, and that your stacks use a stack policy, which prevents stack resources from unintentionally being updated or deleted during stack updates.

Condition: TemplateURL

The first condition, cloudformation:TemplateURL, lets you specify where the CloudFormation template for a stack action, such as create or update, resides and enforce that it be used. In an IAM policy, it would look like this:

        "Effect": "Deny",
        "Action": [
        "Resource": "*",
        "Condition": {
            "StringNotEquals": {
                "cloudformation:TemplateURL": [
        "Effect": "Deny",
        "Action": [
        "Resource": "*",
        "Condition": {
            "Null": {
                "cloudformation:TemplateURL": "true"

The first statement ensures that for all CreateStack or UpdateStack API calls, users must use the specified template. The second ensures that all CreateStack or UpdateStack API calls must include the TemplateURL parameter. From the CLI, your calls need to include the –template-url parameter:

aws cloudformation create-stack –stack-name cloudformation-demo –template-url

Condition: ResourceTypes

CloudFormation also allows you to control the types of resources that are created or updated in templates with an IAM policy. The CloudFormation API accepts a ResourceTypes parameter. In your API call, you specify which types of resources can be created or updated. However, to use the new ResourceTypes parameter, you need to modify your IAM policies to enforce the use of this particular parameter by adding in conditions like this:

        "Effect": "Deny",
        "Action": [
        "Resource": "*",
        "Condition": {
            "ForAllValues:StringLike": {
                "cloudformation:ResourceTypes": [
        "Effect": "Deny",
        "Action": [
        "Resource": "*",
        "Condition": {
            "Null": {
                "cloudformation:ResourceTypes": "true"

From the CLI, your calls need to include a –resource-types parameter. A call to update your stack will look like this:

aws cloudformation create-stack –stack-name cloudformation-demo –template-url –resource-types=”[AWS::IAM::Group, AWS::IAM::User]”

Depending on the shell, the command might need to be enclosed in quotation marks as follow; otherwise, you’ll get a “No JSON object could be decoded” error:

aws cloudformation create-stack –stack-name cloudformation-demo –template-url –resource-types=’[“AWS::IAM::Group”, “AWS::IAM::User”]’

The ResourceTypes conditions ensure that CloudFormation creates or updates the right resource types and templates with your CLI or API calls. In the first example, our IAM policy would have blocked the API calls because the example included AWS::IAM resources. If our template included only AWS::EC2::Instance resources, the CLI command would look like this and would succeed:

aws cloudformation create-stack –stack-name cloudformation-demo –template-url –resource-types=’[“AWS::EC2::Instance”]’

The third condition is the StackPolicyURL condition. Before we explain how that works, we need to provide some additional context about stack policies.

Stack Policies

Often, the worst disruptions are caused by unintentional changes to resources. To help in mitigating this risk, CloudFormation provides stack policies, which prevent stack resources from unintentionally being updated or deleted during stack updates. When used in conjunction with IAM, stack policies provide a second layer of defense against both unintentional and malicious changes to your stack resources.

The CloudFormation stack policy is a JSON document that defines what can be updated as part of a stack update operation. To set or update the policy, your IAM users or roles must first have the ability to call the cloudformation:SetStackPolicy action.

You apply the stack policy directly to the stack. Note that this is not an IAM policy. By default, setting a stack policy protects all stack resources with a Deny to deny any updates unless you specify an explicit Allow. This means that if you want to restrict only a few resources, you must explicitly allow all updates by including an Allow on the resource "*" and a Deny for specific resources. 

For example, stack policies are often used to protect a production database because it contains data that will go live. Depending on the field that’s changing, there are times when the entire database could be replaced during an update. In the following example, the stack policy explicitly denies attempts to update your production database:

  "Statement" : [
      "Effect" : "Deny",
      "Action" : "Update:*",
      "Principal": "*",
      "Resource" : "LogicalResourceId/ProductionDB_logical_ID"
      "Effect" : "Allow",
      "Action" : "Update:*",
      "Principal": "*",
      "Resource" : "*"

You can generalize your stack policy to include all RDS DB instances or any given ResourceType. To achieve this, you use conditions. However, note that because we used a wildcard in our example, the condition must use the "StringLike" condition and not "StringEquals":

  "Statement" : [
      "Effect" : "Deny",
      "Action" : "Update:*",
      "Principal": "*",
      "Resource" : "*",
      "Condition" : {
        "StringLike" : {
          "ResourceType" : ["AWS::RDS::DBInstance", "AWS::AutoScaling::*"]
      "Effect" : "Allow",
      "Action" : "Update:*",
      "Principal": "*",
      "Resource" : "*"

For more information about stack policies, see Prevent Updates to Stack Resources.

Finally, let’s ensure that all of your stacks have an appropriate pre-defined stack policy. To address this, we return to  IAM policies.


From within your IAM policy, you can ensure that every CloudFormation stack has a stack policy associated with it upon creation with the StackPolicyURL condition:

            "Effect": "Deny",
            "Action": [
            "Resource": "*",
            "Condition": {
                "ForAnyValue:StringNotEquals": {
                    "cloudformation:StackPolicyUrl": [
        "Effect": "Deny",
        "Action": [
        "Resource": "*",
        "Condition": {
            "ForAnyValue:StringNotEquals": {
                "cloudformation:StackPolicyUrl": [
        "Effect": "Deny",
        "Action": [
        "Resource": "*",
        "Condition": {
            "Null": {
                "cloudformation:StackPolicyUrl": "true"

This policy ensures that there must be a specific stack policy URL any time SetStackPolicy is called. In this case, the URL is Similarly, for any create and update stack operation, this policy ensures that the StackPolicyURL is set to the sampledenypolicy.json document in S3 and that a StackPolicyURL is always specified. From the CLI, a create-stack command would look like this:

aws cloudformation create-stack –stack-name cloudformation-demo –parameters ParameterKey=Password,ParameterValue=CloudFormationDemo –capabilities CAPABILITY_IAM –template-url –stack-policy-url

Note that if you specify a new stack policy on a stack update, CloudFormation uses the existing stack policy: it uses the new policy only for subsequent updates. For example, if your current policy is set to deny all updates, you must run a SetStackPolicy command to change the stack policy to the one that allows updates. Then you can run an update command against the stack. To update the stack we just created, you can run this:

aws cloudformation set-stack-policy –stack-name cloudformation-demo –stack-policy-url

Then you can run the update:

aws cloudformation update-stack –stack-name cloudformation-demo –parameters ParameterKey=Password,ParameterValue=NewPassword –capabilities CAPABILITY_IAM –template-url –stack-policy-url

The IAM policy that we used ensures that a specific stack policy is applied to the stack any time a stack is updated or created.


CloudFormation provides a repeatable way to create and manage related AWS resources. By using a combination of IAM policies, users, and roles, CloudFormation-specific IAM conditions, and stack policies, you can ensure that your CloudFormation stacks are used as intended and minimize accidental resource updates or deletions.

You can learn more about this topic and other CloudFormation best practices in the recording of our re:Invent 2015 session, (DVO304) AWS CloudFormation Best Practices, and in our documentation.

Raspberry Pi: Alex’s Nixie Clock

This post was syndicated from: Raspberry Pi and was written by: Liz Upton. Original post: at Raspberry Pi

Liz: Alex is ten years old. He lives in Texas. He shared his most recent school project with us. It’s a great project and a fantastically clear tutorial: we thought you ought to see it too.

My Mom wanted a Nixie Clock, and I needed to do a project for school. I had a Raspberry Pi I wasn’t using, so I built a Nixie Clock. It took me about 2 months.

My Dad ordered some Nixie tubes and chips from Russia, and bought a 170V power supply to power the Nixie tubes. The first thing to do was to test them:


To start with I installed a tube, chip and power supply onto a breadboard. The chip has 4 input lines (A, B, C, and D) that are used to tell it which number to light up. For example in binary 7 is 0111, so you need to set input A to high, B to high, C to high and D to low (A=1, B=2, C=4 and D=8) to light up the number 7. I tested the first one by using a jumper cable to connect the 4 inputs to either 0V (low) or 5V (high).

Once I knew the first tube and chip worked, I wrote a program on the Rasberry Pi to test them. I used 4 GPIO pins, wired to pins A,B, C and D on the chip. My program would loop through the numbers 0 to 9, and turn on/off the pins by converting to binary using logical AND’s.

For example – for the number 7:

  • 7 AND 1 = 1, so pin A would be set high.
  • 7 AND 2 = 2, so pin B would be set high.
  • 7 AND 4 = 4, so pin C would be set high.
  • 7 AND 8 = 0, so pin D would be set low.

Once I had the program working, it was easy to test all the chips and Nixie Tubes. Everything worked, except one tube – the 3 and the 9 would light up at the same time. So I used this for the first digit for the hours, since that only ever needs to show 1.

The Program:

When the Raspberry Pi starts up, it automatically starts my clock program.

I wrote the clock program in C using the geany editor.

When the program starts, first it sets all the digital pins to OUTPUT and LOW to make sure everything is off.

Then I turn on pin 0, which turns on the high voltage power supply using a transistor.

Then I test the clock, which makes the hours show 1 to 12, and minutes 0-59.

Then I start the loop. Once every second I do the following:

  • Ask the computer the time (if it is connected to the internet, it will always show the right time).
  • The hours come back as a number between 1 and 23, so if the hour is bigger than 12, I subtract 12 from it.
  • Then I break out the hour into 2 digits, and the minutes into 2 digits. The first digit is the quotient of the hour divided by 10. The second digit it the remainder of the hour divided by 10. Then I do the same for the minutes.
  • For each number, I have to convert it into binary (for example 7 is 0111 in binary). Each number has up to 4 wires, each wire is for a binary digit. If the digit is 0 the pin/wire is set to LOW, if it is a 1 it is set to HIGH. So for the number 7 the wires are LOW, HIGH, HIGH, HIGH.
  • These wires are soldered to the driver chip. The chip has 10 switches in it, one for each number in the Nixie Tubes. These switches are connected to the chips with yellow wires. The chips look at the 4 wires to see which binary number it is, and then switches on the correct light in the Nixie Tube.

The table below shows the wires and their values for each digit.

Digit Black Wire Blue Wire Grey Wire White Wire Binary

Here is the source code in C:

#include       /* These are libraries */

// turns a pin on or off
void nixiePin(int p, int v){

  if (p != -1) {
    digitalWrite(p, v);

// converts to binary and sends values to 4 pins
void nixiePins(int p1, int p2, int p4, int p8, int v){


// splits the time into digits
void nixieTime(int h,int m, int s) {

  nixiePins( 1, -1, -1, -1, h/10);  /* quotient of hour / 10  */
  nixiePins( 2,  3,  4,  5, h%10);  /* remainder of hour / 10 */
  nixiePins( 6,  7, 21, -1, m/10);  /* quotient of minute / 10*/
  nixiePins(22, 23, 24, 25, m%10);  /* remainder or min / 10  */

// makue sure all the digits work
void testClock(void){
  int i;
  for (i=1; i<=12; i++) {
  for (i=1; i<=59; i++) {

// set up the pins we will use
void initPin(int p) {
  pinMode(p, OUTPUT);
  digitalWrite(p, LOW);	

// this is the main part of the program
int main (void) {           
  time_t now;         /* its a variable that holds time info */
  struct tm *ntm;     /* it is a variable */
  int i;
  wiringPiSetup();    /* set up pins 0-7 and 21-29 to use  */
  for (i=0; i <=7;i++) {
  for (i=21; i <=29;i++) { 
  digitalWrite(0, HIGH);            /* turn on high voltage power */ 
  testClock();                      /* test all the digits */ 

  while (1) {                       /*starts and infinite loop */ 
    now=time(NULL);                 /* ask the computer for the time */ 
    ntm=localtime(&now);            /* it formats the time */ 
    if (ntm->tm_hour > 12) {        /* if hour is more than 12 - 12 */
      ntm->tm_hour = ntm->tm_hour-12;

    /* it tells it to write that number to the nixie tubes*/

    delay (1000);   /* wait for 1 second */


The Circuit Board:


My dad drilled a piece of plastic for me for the Nixie Tubes to sit on.

The circuit board has 4 Nixie tubes, and 4 chips (one for each).

The chips are wired to the Nixie Tubes with yellow wires.

Black wires are used for Ground, and red wires for 5 and 12 Volts. 5V and Ground was wired to each chip.

The Nixie Tubes require 170V DC to work, so in one corner I have soldered a high voltage power supply. This takes 12V and turns it into 170V. All 170V wires are green.

The Nixie Tubes need resistors attached to them, so they don’t take too much current and burn out. The resistors limit the current to 2mA.

There is also a Transistor with 2 more resistors to limit the current.  This transistor acts as a switch, and lets my program turn the High Voltage Power Supply on or off.

I also added a USB port, and wired it so it has 5V and Ground. This lets me use it as a power supply for the Raspberry Pi.

Then the inputs to the chips were wired to pins on the Raspberry Pi GPIO (see code for pin numbers).

Soldering took a very long time. Before we turned it on, my Dad checked over everything, making sure the 170V was safe. He found a couple of shorts that had to be fixed.

When I turned it on the first time, the tubes just half glowed and flickered. However if I took two chips out of the sockets, then the other two would work. This was because the 170V power supply wasn’t powerful enough. I double checked the datasheet, I should have been using about 1.5W, well under the 5W the power supply should be able to make from 5V. Instead of running the high voltage power supply on 5V, I tried 12V (it is rated up to 16V input), and that solved the power problem.

The Case:

I made a box out of wood and plastic. I got to use a big circular miter saw with my Dad supervising to cut the wood. The plastic is cut by using a sharp blade to cut into it, and then snapping it. Then everything was screwed together:


What’s Next:

I was very nervous about taking it into school – the last boy that took an electronic clock into school in Texas got arrested, so my Dad contacted the school first to let them know. I think my teacher was impressed, I had to explain everything in detail to her.

This is only the start of the project. I want to put it in a nicer case with my Dad’s help before I give it to my Mom. I want to add an alarm. I also want to add a hidden camera, microphone and speaker, so it can run voice/face recognition. Then I can turn it into J.A.R.V.I.S. from Ironman. That may take me a while, but I’ll add more posts on my blog as I do things to it.

Liz: Have you made a school project with the Pi that you’d like to share with us? Leave us a note in the comments!

The post Alex’s Nixie Clock appeared first on Raspberry Pi.

Linux How-Tos and Linux Tutorials: How to Control Hardware With the Raspberry Pi Using WiringPi

This post was syndicated from: Linux How-Tos and Linux Tutorials and was written by: Ben Martin. Original post: at Linux How-Tos and Linux Tutorials

Raspberry Pi motor

Our last tutorial in this series used the Raspberry Pi 2’s 40 pin header to connect a touch screen to the Pi. This time around we’ll take a look at how to directly interact with hardware — in this case an electric gearmotor — from the command line using the 40 pin header. The following design can also be extended to allow a Raspberry Pi to be mounted to a small robot and move it (and itself) around.

The Raspberry Pi is a small ARM single board computer which has great community support and has many Linux distributions available for it. The Raspberry Pi 2 is the latest model of the series and includes among other things a quad core ARM, 1GB of RAM, Ethernet, USB, HDMI, microSD, and a 40 pin header for connecting hardware.

First, we’ll need to connect the Pi to the breadboard. The connecting wires that are used on breadboards are Male to Male Dupont connectors, which won’t work with the Pi. You can get Male to Female connectors, and the latter end will let you directly connect to the pins on the Raspberry Pi 2. Another option is to get a “Wedge” which connects the Raspberry Pi using a ribbon cable with a custom PCB that can be inserted into a breadboard. A significant advantage to using a Wedge is that the pins are labeled on the Wedge PCB — much, much simpler than trying to keep count of which pin you are at in the 20 columns of unlabeled pins on the Pi itself.

Next we’ll install the WiringPi project’s “gpio” command line tool which allows interaction with the 40 pins on the Raspberry Pi header. I was using the Raspbian distribution on my Pi. The below commands should checkout the latest source, compile, and install it for you.

pi@pi ~/src $ git clone git://

Cloning into 'wiringPi'...

remote: Counting objects: 914, done.

remote: Compressing objects: 100% (748/748), done.

remote: Total 914 (delta 654), reused 217 (delta 142)

Receiving objects: 100% (914/914), 285.58 KiB | 123 KiB/s, done.

Resolving deltas: 100% (654/654), done.

pi@pi ~/src $ cd ./wiringPi

pi@pi ~/src/wiringPi $ ./build

The WiringPi library offers easy access to the GPIO pins on the Raspberry Pi and provides both the command line tool gpio and an API for hardware interaction for your programs. It also includes some support for interacting with chips which are connected to the Raspberry Pi. For example, mapping a GPIO pin multiplexer chip for easy access using calls that are familiar with Arduino programmers such as digitalWrite().

WiringPi has its own pin numbering scheme. As you can see from the table below, much of the time the name of the pin and the name that WiringPi uses will match. I used the SparkFun Wedge, which labels the GPIO pins using the BCM numbers. So the physical pin 12 on the Raspberry Pi header has a BCM pin name of 18, and so is labeled as G18 on the Wedge. The same pin has a WiringPi pin number of 1. It seems like there might be one too many levels of indirection in there. But, if you are using a Wedge then you should be able to read the BCM pin number and know what WiringPi (wPi) pin number you need to use in order to interact with that pin on the Wedge. The Wedge also makes it a little less likely to accidentally connect ground and voltage to the wrong places.

root@pi:~# gpio readall
+—–+—–+———+——+—+—Pi 2—+—+——+———+—–+—–+
| BCM | wPi |   Name  | Mode | V | Physical | V | Mode | Name    | wPi | BCM |
|     |     |    3.3v |      |   |  1 || 2  |   |      | 5v      |     |     |
|   2 |   8 |   SDA.1 |   IN | 1 |  3 || 4  |   |      | 5V      |     |     |
|   3 |   9 |   SCL.1 |   IN | 1 |  5 || 6  |   |      | 0v      |     |     |
|   4 |   7 | GPIO. 7 |   IN | 1 |  7 || 8  | 1 | ALT0 | TxD     | 15  | 14  |
|     |     |      0v |      |   |  9 || 10 | 1 | ALT0 | RxD     | 16  | 15  |
|  17 |   0 | GPIO. 0 |   IN | 0 | 11 || 12 | 1 | ALT5 | GPIO. 1 | 1   | 18  |
|  27 |   2 | GPIO. 2 |   IN | 0 | 13 || 14 |   |      | 0v      |     |     |
|  22 |   3 | GPIO. 3 |   IN | 0 | 15 || 16 | 0 | IN   | GPIO. 4 | 4   | 23  |
|     |     |    3.3v |      |   | 17 || 18 | 0 | IN   | GPIO. 5 | 5   | 24  |
|  10 |  12 |    MOSI | ALT0 | 0 | 19 || 20 |   |      | 0v      |     |     |
|   9 |  13 |    MISO | ALT0 | 0 | 21 || 22 | 0 | IN   | GPIO. 6 | 6   | 25  |
|  11 |  14 |    SCLK | ALT0 | 0 | 23 || 24 | 1 | ALT0 | CE0     | 10  | 8   |
|     |     |      0v |      |   | 25 || 26 | 1 | ALT0 | CE1     | 11  | 7   |
|   0 |  30 |   SDA.0 |   IN | 1 | 27 || 28 | 1 | IN   | SCL.0   | 31  | 1   |
|   5 |  21 | GPIO.21 |   IN | 1 | 29 || 30 |   |      | 0v      |     |     |
|   6 |  22 | GPIO.22 |   IN | 1 | 31 || 32 | 0 | IN   | GPIO.26 | 26  | 12  |
|  13 |  23 | GPIO.23 |   IN | 0 | 33 || 34 |   |      | 0v      |     |     |
|  19 |  24 | GPIO.24 |   IN | 0 | 35 || 36 | 0 | IN   | GPIO.27 | 27  | 16  |
|  26 |  25 | GPIO.25 |   IN | 0 | 37 || 38 | 0 | IN   | GPIO.28 | 28  | 20  |
|     |     |      0v |      |   | 39 || 40 | 0 | IN   | GPIO.29 | 29  | 21  |
| BCM | wPi |   Name  | Mode | V | Physical | V | Mode | Name    | wPi | BCM |
+—–+—–+———+——+—+—Pi 2—+—+——+———+—–+—–+

Test the Setup

Connecting an LED and resistor in series to a GPIO is a standard test to quickly see if setting a GPIO has an effect. Connecting one end of the LED-resistor combination to G18 (BCM18) on the Wedge and the other end to ground allows the below commands to turn the LED on and off.

root@pi:~# gpio mode 1 output
root@pi:~# gpio write 1 1
root@pi:~# gpio write 1 0

Pin G18/BCM18 is special on the Raspberry Pi because it can send a Pulse Width Modulated (PWM) signal. One way of thinking about a PWM signal is that it is on for a certain percentage of the time and off for the rest. For example, a value of 0 means the signal is always a low (ground) output. A value of 1023 would keep the pin high all of the time. A value of 512 would result in the pin being on half the time and off half the time.

The script shown below will give a glowing pulse effect on the LED instead of just turning it on and off directly. Notice the use of the trap command which runs a cleanup function when the script is exited or closed using control-c from the command line.

root@pi:~# cat ./


trap "{ echo 'bye...'; gpio mode 1 output; gpio write 1 0; exit 0; }" EXIT SIGINT SIGTERM
gpio mode 1 pwm

for i in $(seq 1 10); do

  for v in $(seq $minval 10 $maxval); do
     gpio pwm $pin $v
     sleep 0.001
  for v in $(seq $maxval -10 $minval); do
     gpio pwm $pin $v
     sleep 0.001
  sleep 0.5

exit 0

Get Your Motor Running!

The photo above shows a common method to control an electric gearmotor from a microcontroller or computer. A few complications are introduced when running gearmotors from computers. For a start, the motor is likely to want to run at a higher voltage than what the computer is using. Even if the motor can operate at the voltage that the GPIO pins on the computer operate at, the motor will likely want to draw more current than the computer is rated to supply. So operating a gearmotor directly from the GPIO pins is usually a very bad idea. Damage to the controlling computer has a fairly good chance of occurring if you try that. A common solution to this problem is to use a motor driver chip which drives the motors using a separate power supply and lets you command the chip from your computer.

The small red PCB on the left side of the photo has a TB6612FNG motor driver chip on it. The TB6612FNG is not a DIP chip, so it cannot insert directly into the breadboard. There are many PCBs available like that shown in the photo which contain the TB6612FNG chip and have a pinout that allows for insertion into a breadboard. The chip lets you run two motors at different speeds and directions using a dedicated power source for the motor and control the chip using a different voltage level from a computer. Each motor wants to use three pins on the Raspberry Pi for control; a PWM pin to set the motor rotation speed, and two pins to set the direction that the motor spins.

Shown on the lower side of the TB6612FNG chip, the motor is wired to B01 and B02. It doesn’t matter which way around you wire this, as inserting the motor the other way around will only cause it to spin in the other direction. I’m using a block of AA batteries to power the gearmotor; the battery has its positive lead connected to the VM (Voltage Motor) input and the ground is connected to the ground shared with the Raspberry Pi. Using red and green/black for power and ground is a reasonably common wire color scheme and helps to avoid accidentally connecting things that might create a short circuit. The ground of the Raspberry Pi and the battery pack are connected to establish a common ground. The battery pack supplies the Voltage Motor pin which is used to power the gearmotor. All signals sent to the TB6612FNG chip use the logic voltage level which is set by the Raspberry Pi.

The STBY (Standby) line is pulled to logic voltage high. There is an internal pull down resistor on the STBY pin, and if the STBY is low (ground) then the motors will not turn. The PWMB, BIN2, and BIN1 are connected to G18, G19, and G20 respectively. The G18 pin has a special double meaning because it can output a PWM signal using hardware on the Raspberry Pi.

The first commands shown below will set the motor rotation direction and setup the controlling PWM pin ready to start rotating the motor. The PWM setting defaults to a range 0-1023 with higher values causing the motor to spin faster. Once the motor is stopped, the settings on pins 24 and 28 are swapped, so the motor will spin in the opposite direction.

root@pi:~# gpio mode 24 out
root@pi:~# gpio mode 28 out
root@pi:~# gpio write 24 1
root@pi:~# gpio write 28 0
root@pi:~# gpio mode 1 pwm

root@pi:~# gpio pwm 1 200
root@pi:~# gpio pwm 1 800
root@pi:~# gpio pwm 1 0
root@pi:~# gpio write 24 0
root@pi:~# gpio write 28 1
root@pi:~# gpio pwm 1 800
root@pi:~# gpio pwm 1 0

The same PWM chip that controls wPi pin 1 also controls wPi pin 26. Moving the PWM pin of the gearmotor to wPi pin 26 I could still control the speed of the motor by setting the PWM signal on wPi pin 1. So these pins seem to share the same PWM signal, at least when I controlled them through the gpio tool. Moving the direction setting pins to free up wiring pin 24 (BCM pin 19) allows the use of a second PWM output signal. For example, moving to using BCM_20 and BCM_21 to set the motor direction.

Final Words

The Raspberry Pi 2 has two PWM outputs. It has been mentioned that using one of those PWMs might affect audio on the Raspberry Pi. A common method of controlling a robot is differential drive which uses two independently controlled motors and a drag wheel or ball as a third point of contact with the ground. Using two PWM outputs and four other GPIO pins the above design can be extended to allow a Raspberry Pi to be mounted to a small robot and move it around.

The Wiring Pi project can also control 595 shift registers, and GPIO extension chips like the MCP23008 and MCP23017. I hope to show interaction with some of these chips using Wiring Pi as well as TWI or SPI interaction in a future article.

Krebs on Security: Hilton Acknowledges Credit Card Breach

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Two months after KrebsOnSecurity first reported that multiple banks suspected a credit card breach at Hilton Hotel properties across the country, Hilton has acknowledged an intrusion involving malicious software found on some point-of-sale systems.

hiltonAccording to a statement released after markets closed on Tuesday, the breach persisted over a 17-week period from Nov. 18, 2014 to Dec. 5, 2014, or April 21 to July 27, 2015.

“Hilton Worldwide (NYSE: HLT) has identified and taken action to eradicate unauthorized malware that targeted payment card information in some point-of-sale systems,” the company said. “Hilton immediately launched an investigation and has further strengthened its systems.”

Hilton said the data stolen includes cardholder names, payment card numbers, security codes and expiration dates, but no addresses or personal identification numbers (PINs).

The company did not say how many Hilton locations or brands were impacted, or whether the breach was limited to compromised point-of-sale devices inside of franchised restaurants, coffee bars and gift shops within Hilton properties — as previously reported here.

The announcement from Hilton comes just five days after Starwood Hotel & Resorts Worldwide — including some 50 Sheraton and Westin locations — was hit by a similar breach that lasted nearly six months.

Starwood and Hilton join several other major hotel brands in announcing a malware-driven credit card data breach over the past year. In October 2015, The Trump Hotel Collection confirmed a report first published by KrebsOnSecurity in June about a possible card breach at the luxury hotel chain.

In March, upscale hotel chain Mandarin Oriental acknowledged a similar breach. The following month, hotel franchising firm White Lodging allowed that — for the second time in 12 months — card processing systems at several of its locations were breached by hackers.

Readers should remember that they are not liable for unauthorized debit or credit card charges, but with one big caveat: the onus is on the cardholder to spot and report any unauthorized charges. Keep a close eye on your monthly statements and report any bogus activity immediately. Many card issuers now let customers receive text alerts for each card purchase and/or for any account changes. Take a moment to review the notification options available to you from your bank or card issuer.

AWS Compute Blog: Amazon ECS improves console first run experience, ability to troubleshoot Docker errors

This post was syndicated from: AWS Compute Blog and was written by: Chris Barclay. Original post: at AWS Compute Blog

Today Amazon EC2 Container Service (ECS) added a new first run experience that streamlines getting your first containerized application running on ECS. Amazon ECS is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances. Amazon ECS eliminates the need for you to install, operate, and scale your own cluster management infrastructure. With simple API calls, you can launch and stop Docker-enabled applications, query the complete state of your cluster, and access many familiar features like security groups, Elastic Load Balancing, EBS volumes, and IAM roles. You can start with the sample application or provide a Docker image and ECS will create all the resources required to run your containerized application on a cluster of Amazon EC2 instances.

For clusters created in the new first run experience, you can now scale EC2 instances up and down directly in the cluster’s ECS instances tab in the console. This gives you an easier way to manage your cluster’s capacity.

ECS also added task stopped reasons and task start and stop times. You can now see if a task was stopped by a user or stopped due to other reasons such as a failing Elastic Load Balancing health check, as well as the time the task was started and stopped.

Service scheduler error messages have additional information that describe why tasks cannot be placed in the cluster. These changes make it easier to diagnose problems.

These improvements came directly from your feedback. To get started with ECS, go to the console’s new first run wizard. And thank you for the input!

Backblaze Blog | The Life of a Cloud Backup Company: Join the Alliance – Backblaze Needs a Senior Network Engineer & Datacenter Tech

This post was syndicated from: Backblaze Blog | The Life of a Cloud Backup Company and was written by: Yev. Original post: at Backblaze Blog | The Life of a Cloud Backup Company


With the announcement of Backblaze B2, we keep on growing, and we need some help! We’re looking for two Rebels to join the Alliance, a Senior Network Engineer for our San Mateo office and a Datacenter Tech for our Sacramento datacenter. Do you have what it takes to defeat the data loss Empire? Read the description and apply below! Please remember, many Bothans died to bring us this information.

Senior Network Engineer – San Mateo, CA


  • Lead efforts in planning, provisioning, and deploying network systems within the back-end operations, and across the various corporate and datacenter sites, (switches, VPNs, routers, etc)
  • Lead efforts to automate deploying & updating of network systems and equipment.
  • Lead efforts in monitoring and troubleshooting network operational issues
  • Collaborate on network security (including PCI compliance, firewalls, ACLs, HackerOne, Log Analysis, etc)
  • Participate in other Operations Automation efforts
  • Collaborate on capacity planning (manage network bandwidth and how it relates to storage burn rate)
  • Understand environment thoroughly enough to administer/debug any system in operations.
  • Collaborate on strategic planning (optimize performance, reduce cost, increase efficiency, mitigate risk)
  • Help manage infrastructure services installation/configuration (DNS, DHCP, NTP, Certificate Authority, Clonezilla, PXE, etc)
  • Help manage web services installation/configuration (Tomcat, Apache, WordPress, Java, etc)
  • Help administer database servers (MySQL, Cassandra)
  • Help debug/repair software problems (File system, RAID & boot drive repairs)
  • Participate in the 24×7 on-call pager rotation and respond to alerts as needed


  • Expert knowledge and practical experience in designing, provisioning, and deploying network systems
  • Expert knowledge of Linux system administration, Debian experience preferred
  • 4+ years of experience or equivalent
  • Bash scripting and Automation skills
  • Position based in San Mateo, CA

Required for all Backblaze Employees

  • Good attitude and willingness to do whatever it takes to get the job done
  • Strong desire to work for a small fast paced company
  • Desire to learn and adapt to rapidly changing technologies and work environment
  • Occasional visits to Backblaze datacenters necessary
  • Rigorous adherence to best practices
  • Relentless attention to detail
  • Excellent interpersonal skills and good oral/written communication
  • Excellent troubleshooting and problem solving skills

Datacenter Technician – Sacramento, CA


  • Work as Backblaze’s physical presence in Sacramento area datacenter(s)
  • Maintain physical infrastructure including racking equipment, replacing hard drives and other system components
  • Repair and troubleshoot defective equipment with minimal supervision
  • Receive deliveries, maintain accurate inventory counts/records and RMA defective components
  • Provision, test & deploy new equipment via the Linux command line and web GUIs
  • Help qualify new hardware & software configurations (load & component testing, qa, etc)
  • Help train new Datacenter Technicians
  • Follow and improve datacenter best practices and documentation
  • Maintain a clean and well organized work environment
  • On-call responsibilities include 24×7 trips to datacenter to resolve issues that can’t be handled remotely


  • Ability to learn quickly
  • Ability to lift/move 50-75 lbs and work down near the floor on a daily basis
  • Position based near Sacramento, California and may require periodic visits to the corporate office in San Mateo


  • Working knowledge of Linux
  • 1-2 years experience in technology related field
  • Experience working at a datacenter in a support role


Check out these videos on our Datacenter Operations team:

Want to join our team? Follow these three steps:

  1. Send an Email to with one of the positions listed above in the subject line
  2. Include your resume
  3. Include your answers to 2 of the following 3 questions
    a. What about working at Backblaze excites you the most?
    b. Provide 3 adjectives that best describe your personal work space.
    c. How would you manage multiple facilities to 1,000+ servers each?

The post Join the Alliance – Backblaze Needs a Senior Network Engineer & Datacenter Tech appeared first on Backblaze Blog | The Life of a Cloud Backup Company.

Schneier on Security: NSA Collected Americans’ E-mails Even After it Stopped Collecting Americans’ E-mails

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

In 2011, the Bush administration authorized — almost certainly illegally — the NSA to conduct bulk electronic surveillance on Americans: phone calls, e-mails, financial information, and so on. We learned a lot about the bulk phone metadata collection program from the documents provided by Edward Snowden, and it was the focus of debate surrounding the USA FREEDOM Act. E-mail metadata surveillance, however, wasn’t part of that law. We learned the name of the program — STELLAR WIND — when it was leaked in 2004. But supposedly the NSA stopped collecting that data in 2011, because it wasn’t cost-effective.

“The internet metadata collection program authorized by the FISA court was discontinued in 2011 for operational and resource reasons and has not been restarted,” Shawn Turner, the Obama administration’s director of communications for National Intelligence, said in a statement to the Guardian.”

When Turner said that in 2013, we knew from the Snowden documents that the NSA was still collecting some Americans’ Internet metadata from communications links between the US and abroad. Now we have more proof. It turns out that the NSA never stopped collecting e-mail metadata on Americans. They just cancelled one particular program and changed the legal authority under which they collected it.

The report explained that there were two other legal ways to get such data. One was the collection of bulk data that had been gathered in other countries, where the N.S.A.’s activities are largely not subject to regulation by the Foreign Intelligence Surveillance Act and oversight by the intelligence court.


The N.S.A. had long barred analysts from using Americans’ data that had been swept up abroad, but in November 2010 it changed that rule, documents leaked by Edward J. Snowden have shown. The inspector general report cited that change to the N.S.A.’s internal procedures.

The other replacement source for the data was collection under the FISA Amendments Act of 2008, which permits warrantless surveillance on domestic soil that targets specific noncitizens abroad, including their new or stored emails to or from Americans.

In Data and Goliath, I wrote:

Some members of Congress are trying to impose limits on the NSA, and some of their proposals have real teeth and might make a difference. Even so, I don’t have any hope of meaningful congressional reform right now, because all of the proposals focus on specific programs and authorities: the telephone metadata collection program under Section 215, bulk records collection under Section 702, and so on. It’s a piecemeal approach that can’t work. We are now beyond the stage where simple legal interventions can make a difference. There’s just too much secrecy, and too much shifting of programs amongst different legal justifications.

The NSA continually plays this shell game with Congressional overseers. Whenever an intelligence-community official testifies that something is not being done under this particular program, or this particular authority, you can be sure that it’s being done under some other program or some other authority. In particular, the NSA regularly uses rules that allow them to conduct bulk surveillance outside the US — rules that largely evade both Congressional and Judicial oversight — to conduct bulk surveillance on Americans. Effective oversight of the NSA is impossible in the face of this level of misdirection and deception.