SoylentNews

lhsi writes:

The last hurdle for format shifting and parody in the UK has been cleared after passing through the House of Lords.

The Open Rights Group reports:

The proposed reforms are quite modest. Despite protestations from industry about the potential impacts of the new parody exception, the law has very strong constraints. It is framed as a fair dealing exception, meaning that by definition it will only be acceptable if it has no negative impact on the revenues generated by the original. In addition, the exception does not affect any moral rights the author may claim, for example around derogatory treatment.

The new private copying exception is also relatively modest, although again a very significant step forward for the UK.

The exception is limited to personal use of lawfully obtained originals, and does not allow any sharing of the works, including with close family members. It also does not allow for the removal of any anti-copy technical protection measures, including those found on most DVDs and Blu-Ray discs. Given most media consumption is moving to a pure digital environment constrained by such measures, it remains to be seen how effective the new right will be in practice. How many people will be ripping CDs in ten years time?

Copyright law has a mechanism which allows you to ask the government to force the removal of excessive anti-copy measures when they inhibit your rights, but it will take a considerable fight to see this applied to private copying. At this point we don't know the legal arguments that rights holders or the government might apply to resist requests.

Thankfully, the exception allows people to keep copies stored in personal cloud services. This has caused major consternation among rights holders, meaning industry bodies not creators, who were probably hoping to be able to impose a tax on cloud services.

Like many industry lobby groups, the copyright lobby groups confuse profits and control with their strategic interests. A public interest copyright policy serves everyone's interests, by balancing the rights of copyright holders to profit from their work with the rights of citizens to freedom of expression and access to information and culture. These exceptions are a step towards a system that reflects that, and we should be proud that we helped copyright move in the right direction.

gewg_ writes:

El Reg reports:

Organisations should get their antivirus products security tested before deployment because the technology across the board dangerously elevates attack surfaces, COSEINC researcher Joxean Koret says.

COSEINC is a Singapore security outfit that has run a critical eye about 17 major antivirus engines and products and found dangerous local and remotely-exploitable vulnerabilities in 14.

Koret's analysis also suggests that antivirus companies fail by requiring overly extensive privileges, not signing product updates and delivering those over insecure HTTP, running excessive old code and not conducting proper source code reviews and fuzzing.

The hall of shame included Avira, BitDefender, ESET, and Panda and included various multiple remote and local vulnerabilities both subsequently patched and remaining as zero-day.

While the core antivirus engines were mostly built with the defensive measure Address Space Layout Randomisation in place, many other functions were not including the user interfaces and libraries. Some major products had disabled data execution prevention.

AV engines were often built in C which led to vulnerabilities like buffer and integer overflows, installed operating system drivers that provided for local privilege escalation and supported a laundry list of file formats resulting in bugs within the respective parsers.

"AV engines make your computer more vulnerable with a varying degree of performance penalty [and] is as vulnerable to zero day attacks as the applications it tries to protect from. [It] can even lower the operating system exploiting mitigations."

"Some AV companies don't give a f**k about security in their products."

Some antivirus products were more responsive than others to Koret's disclosures, including Avast which ran a bug bounty and paid out an undisclosed sum for the bugs. The largest vendors weren't notified as they should be already dedicating their sizable resources to vulnerability research.

Also covered by Tom's Hardware and Security Week. You can access the slides from the presentation on-line or as a pdf.

gewg_ writes:

Alternet tells us

Technically, ice cream follows the laws of thermodynamics, but what would you think of an ice cream that didn't melt on one of the hottest days of the year? Cincinnati station WCPO recently reported on Christie Watson's discovery that her Walmart Great Value ice cream sandwich wouldn't melt even in 80-degree heat. What's that? Ice should melt.

"I thought it was quite weird so I looked at the box and it said no artificial ice cream," Watson said. "So I thought to myself what am I feeding my children?"

Watson couldn't fathom how that could happen so she left out an ice cream sandwich outside again and came out with same results. Then WCPO reporter John Matarese did a test with a Haagen-Daaz ice cream sandwich, a Klondike Bar and the Walmart Great Value sandwich. After 30 minutes in the sun, the Walmart sandwich still resembled a sandwich, the Klondie bar melted some and the Haagen-Daaz was more like a milk puddle. [...] Matarese contacted Walmart and was given the following statement: "Ice cream melts based on the ingredients including cream. Ice cream with more cream (sic) will generally melt at a slower rate, which is the case with our Great Value ice cream sandwiches. In the frozen aisles, Great Value ice cream sandwiches are one of the top sellers, and we are glad to be able to offer a great treat that families love."

Virgina Tech food chemist told the L.A. Times that the less fat the ice cream has, the slower it will melt. Although the Great Value ice cream doesn't quite melt, the ingredients meet all FDA requirements and and have less fat, too. The Great Value ice cream includes corn syrup, guar gum, and cellulose gum, which are common food stabilizers that help keep the sandwich's shape.

The Haagen-Daaz ice cream [ingredients] include cream, milk, sugar, and eggs, and vanilla, "but no corn syrup or gums of any type." This is why it passed the melt test with ease, but not the cost test. It's about $3 more to purchase Haagen-Daaz, Matarese says. But, in this case, melting is included.

kaszz writes:

Monsanto's RoundUp, a widely used pesticide, uses the active ingredient Glyphosate and it may be up for another serious beating. Medical specialists and scientists in Sri Lanka has found that when glyphosate comes in contact with heavy metals like cadmium, arsenic, manganese and cobalt which exist naturally in the soil or fertilizer, it becomes highly toxic and has a high likelihood of causing fatal kidney disease for anyone that comes into contact with it. And because the substance binds to metals it will not show up in current tests. The report (and another one) is published in International Journal of Environmental Research and Public Health and has resulted in that the Sri Lanka president to ban glyphosate immediately.

Exposure to glyphosate causes a drop in amino acid tryptophan levels, which interrupts the necessary active signalling of the neurotransmitter serotonin, which is associated with weight gain, depression, Parkinson's and Alzheimer's disease. The report show that industry and regulators knew as long ago as the 1980's and 1990's that glyphosate causes malformation, but that information was not made public. Glyphosate is also a teratogenic.

Monsanto has been in the news quite recently.

Gobo writes:

In 2013 the data of an Internet census was released anonymously, with an accompanying report describing the methodology. The trouble with this data was that it gathered using a bot-net abusing default passwords.

The purpose of this paper is to shed light on these and related questions and put the contributions of this anonymous Internet census study into perspective. Indeed, our findings suggest that the released data set is real and not faked, but that the measurements suffer from a number of methodological flaws and also lack adequate meta-data information. As a result, we have not been able to verify several claims that the anonymous author(s) made in the published report. In the process, we use this study as an educational example for illustrating how to deal with a large data set of unknown quality, hint at pitfalls in Internet-scale measurement studies, and discuss ethical considerations concerning third-party use of this released data set for publications.

The authors also discuss the ethical considerations for this study, and for doing Internet measurements in general. The conclusion however is that these guidelines do not yet exist, and these kinds of studies show that they are very necessary. (Also to figure out how to deal with this kind of anonymous data).

c0lo writes:

Wikileaks reports:

Today, 29th July 2014 WikiLeaks releases an unprecedented suppression order by the Australian Supreme Court in Melbourne, Victoria, made on June 19th 2014, with regards to a multi-country, multi-million dollar corruption case. The supression order forbids any discloures, by publication or otherwise, of any information relating to the court case by anyone, including the Australian media, ensuring complete secrecy around the largest corruption case in Australia.

lhsi writes:

The UK government is to permit driverless cars on the roads by next year.

The UK government is to outline measures to permit driverless cars to use public roads by next year.

Currently, autonomous vehicles are only allowed on private roads.

The Department for Transport had previously pledged to allow self-driving cars to be trialled on public roads by the end of 2013.

In December, the Treasury said it would create a £10m prize to fund a town or city to become a testing ground for the cars.

The government wants to signal that Britain can be a leader in such technology, and Business Secretary Vince Cable will announce measures to boost research later.

lhsi writes:

Scientists have created a "quantum Cheshire Cat" by separating a particle from one of its physical properties. Named after the cat in Alice in Wonderland that vanishes leaving only its grin, a beam of neutrons was used to separate them from their magnetic moment.

From Nature:

From its very beginning, quantum theory has been revealing extraordinary and counter-intuitive phenomena, such as wave-particle duality, Schroedinger cats and quantum non-locality. Another paradoxical phenomenon found within the framework of quantum mechanics is the 'quantum Cheshire Cat': if a quantum system is subject to a certain pre- and postselection, it can behave as if a particle and its property are spatially separated. It has been suggested to employ weak measurements in order to explore the Cheshire Cat's nature. Here we report an experiment in which we send neutrons through a perfect silicon crystal interferometer and perform weak measurements to probe the location of the particle and its magnetic moment. The experimental results suggest that the system behaves as if the neutrons go through one beam path, while their magnetic moment travels along the other.

ticho writes:

This advisory was posted on the tor-announce mailing list.

"On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved modifying Tor protocol headers to do traffic confirmation attacks.

The attacking relays joined the network on January 30 2014, and we removed them from the network on July 4. While we don't know when they started doing the attack, users who operated or accessed hidden services from early February through July 4 should assume they were affected.

Unfortunately, it's still unclear what "affected" includes. We know the attack looked for users who fetched hidden service descriptors, but the attackers likely were not able to see any application-level traffic (e.g. what pages were loaded or even whether users visited the hidden service they looked up). The attack probably also tried to learn who published hidden service descriptors, which would allow the attackers to learn the location of that hidden service. In theory the attack could also be used to link users to their destinations on normal Tor circuits too, but we found no evidence that the attackers operated any exit relays, making this attack less likely. And finally, we don't know how much data the attackers kept, and due to the way the attack was deployed (more details below), their protocol header modifications might have aided other attackers in deanonymizing users too.

Relays should upgrade to a recent Tor release (0.2.4.23 or 0.2.5.6-alpha), to close the particular protocol vulnerability the attackers used but remember that preventing traffic confirmation in general remains an open research problem. Clients that upgrade (once new Tor Browser releases are ready) will take another step towards limiting the number of entry guards that are in a position to see their traffic, thus reducing the damage from future attacks like this one. Hidden service operators should consider changing the location of their hidden service."

arslan writes:

A group of researches have successfully demonstrated an attack against a trio of Android devices, running either the vendor's stock Android or CyanogenMod. The attack requires the user to have installed their application first. Although the application has zero permissions, it was capable of exploiting Google Voice Search to perform commands on its behalf.

Rune of Doom writes:

NASA press release: Cassini Spacecraft Reveals 101 Geysers and more on Icy Saturn Moon

Saturn's moon Enceladus has been a surprising and fascinating target for the Cassini mission. Now, the spacecraft and its team of scientists have even more details on the sources of water plumes erupting into space from the small moon. Images available at the Cassini Mission imaging site.

gewg_ writes:

The Center for American Progress reports:

The Supreme Court's recent Hobby Lobby decision, which allowed some for-profit companies to claim a religious exemption to Obamacare's contraception mandate, has sparked a heated debate over the definition of religious liberty and its role in modern society. At this point, even a Satantic cult has decided to weigh in.

The Satanic Temple - a faith community that describes itself as facilitating "the communication and mobilization of politically aware Satanists, secularists, and advocates for individual liberty" - has launched a new campaign seeking a religious exemption to certain anti-abortion laws that attempt to dissuade women from ending a pregnancy. The group says they have deeply held beliefs about bodily autonomy and scientific accuracy, and those beliefs are violated by state-level "informed consent" laws that rely on misleading information about abortion risks.

gewg_ writes:

SegmentNext reports:

The online sale and distribution service of PC games, GOG Ltd. accidentally gave away a whole bunch of Linux games to its users.

The company recently introduced support for Linux platforms by adding well over 50 Linux-compatible games to its online store. However, things didn't go as planned and during their Linux Launch Promotion, more than 20 games appeared in a number of users' accounts.

These users realized that they weren't eligible for any freebies and took the matter to GOG.com community forums.

The site's support representative, JuriJ admitted that there was a glitch at their end which offered them these free games. However, he also added that those who got their hands on these free games do not have to return them. As for those users who would like to return the games, should contact him via email.

Here's the complete reply as found on GOG.com:

Thank you for your honesty. Yesterday, due to a small glitch on our end, you and a bunch of other lucky people ended up getting games from the Linux Launch promo for free. Don't worry, though, as it's totally cool with us and you may keep them. Yes, we will not be removing these titles from your account and we do hope you will enjoy them!

Of course, if you prefer, like some of our community members, we can always remove them your shelf - just let us know replying to this email. Again, there's no problem if you want to keep them.

"Elf" writes:

The BBC, Billboard and Techdirt all report the AARC (little known organisation representing artists in America by collecting royalties) has filed a law suit against General Motors, Ford and the makers of a device that can auto rip a CD in a car and store the resulting music on a hard drive for easy future play back.

They previously tried to sue Rio in the late 1990's over their MP3 player and lost (which then gave rise to many other MP3 players), they are trying really hard to claim that this is different and that the sole purpose of this device is to copy music and other digital recordings. They claim they should be receiving $2,500 per car that this device is in.

Anonymous Coward writes:

Promising "an appstore for the physical world," Amazon's just unveiled their new online market for products created using a 3-D Printer.

"Customization gives customers the power to remix their world," explains the co-founder of Mixee Labs (an Amazon partner), "and we want to change the way people shop online."

Amazon's ability to sell you things before they've even been built is currently limited mostly to novelties like iPhone cases, jewelry, and bobbleheads that look like you. But as one web page explains, you're also buying a chance to experience the beginning of mainstream 3D printing.