How carbon emissions got caught up in a Supreme Court showdown

Conservatives want to limit the ability of agencies to set new regulations.

A man walks up the steps of the US Supreme Court.

Enlarge / A man walks up the steps of the US Supreme Court. (credit: Mark Wilson/Getty Images)

Thursday's Supreme Court decision regarding the use of the Clean Air Act to regulate carbon dioxide emissions from power plants comes down to two specific issues: Should the Supreme Court take the case at all; and did Congress delegate sufficient authority to the EPA for it to implement a specific regulatory scheme first proposed during the Obama administration? But the case was decided against a backdrop of conflict between the court's conservative and liberal justices, and some of that conflict spills into this decision.

We'll tackle each issue below and discuss what this means for US climate policy. But one thing that should be clear is that this is a fairly minimalist decision since it applies only to the EPA's ability to regulate carbon emissions from existing facilities and not to environmental regulations more broadly. While it doesn't leave the EPA with an obvious next step, it leaves avenues for regulating new power plant construction.

Why now?

As described in our immediate coverage, the decision is focused on the Clean Power Plan, a set of EPA rules formulated during the Obama years that immediately faced lawsuits that put it on hold, where it remained until the Trump administration rescinded it. With yet another new administration in place, the EPA is now formulating replacement rules. As such, the EPA saw no reason for the Supreme Court to intervene at this point.

Read 20 remaining paragraphs | Comments

Krieg in der Ukraine: Waffenstillstand jetzt!

Telepolis dokumentiert einen Appell, der zum Waffenstillstand in der Ukraine aufruft. Ukrainischer Botschafter Melnyk beschimpft Unterzeichner, während er Ermordung von Juden durch Bandera-Truppen leugnet.

Telepolis dokumentiert einen Appell, der zum Waffenstillstand in der Ukraine aufruft. Ukrainischer Botschafter Melnyk beschimpft Unterzeichner, während er Ermordung von Juden durch Bandera-Truppen leugnet.

Microsoft Exchange servers worldwide hit by stealthy new backdoor

SessionManager scours memory for passwords, does recon, and installs new tools.

Microsoft Exchange servers worldwide hit by stealthy new backdoor

Enlarge (credit: Getty Images)

Researchers have identified stealthy new malware that threat actors have been using for the past 15 months to backdoor Microsoft Exchange servers after they have been hacked.

Dubbed SessionManager, the malicious software poses as a legitimate module for Internet Information Services (IIS), the web server installed by default on Exchange servers. Organizations often deploy IIS modules to streamline specific processes on their web infrastructure. Researchers from security firm Kaspersky have identified 34 servers belonging to 24 organizations that have been infected with SessionManager since March 2021. As of earlier this month, Kaspersky said, 20 organizations remained infected.

Stealth, persistence, power

Malicious IIS modules offer an ideal means to deploy powerful, persistent, and stealthy backdoors. Once installed, they will respond to specifically crafted HTTP requests sent by the operator instructing the server to collect emails, add further malicious access, or use the compromised servers for clandestine purposes. To the untrained eye, the HTTP requests look unremarkable, even though they give the operator complete control over the machine.

Read 5 remaining paragraphs | Comments

USB installer tool removes Windows 11’s Microsoft account requirements (and more)

Tool can also patch out the CPU, TPM, and Secure Boot install requirements.

The Rufus tool will offer to modify your Windows 11 install media when you create it. The workaround for the Microsoft account requirement is new to the 3.19 beta.

Enlarge / The Rufus tool will offer to modify your Windows 11 install media when you create it. The workaround for the Microsoft account requirement is new to the 3.19 beta. (credit: Andrew Cunningham)

One of the new "features" coming to the Windows 11 22H2 update is a Microsoft account requirement for all new installs, regardless of whether you are using the Home or Pro version of the operating system. And that's too bad, because the 22H2 update corrects a few of Windows 11's original shortcomings while adding some nice quality-of-life improvements.

An easy workaround for this requirement is the Rufus USB formatting tool, which can create USB install media for Windows and all kinds of other operating systems. Rufus has already offered some flags to remove Windows 11's system requirement checks from the installer, removing the need for clunky Windows Registry edits and other workarounds. But the beta of version 3.19 will also remove the Microsoft account requirement for new installs, making it easy to set up a new Windows PC with a traditional local account.

When setting up Windows 11, make sure not to connect your PC to the Internet before creating your user account. This trick worked to circumvent the Microsoft account requirement in Windows 11 Pro and some of the later versions of Windows 10 but is being removed entirely from Windows 11 22H2. The Rufus tool merely reverts to the pre-22H2 status quo.

Read 2 remaining paragraphs | Comments

FCC says it closed a loophole that many robocallers used to evade blocking

Starting today, small carriers must use STIR/SHAKEN Caller ID authentication tech.

Person's hand holding a smartphone that is receiving a call from an unknown caller.

Enlarge (credit: Getty Images | grinvalds)

The Federal Communications Commission today said it closed a robocall loophole by requiring small phone companies to implement the caller ID authentication technology known as STIR and SHAKEN.

Large voice providers were required to implement STIR/SHAKEN a year ago. But there was an exemption for carriers with 100,000 or fewer customers that would have given those smaller companies until June 30, 2023, to comply.

The FCC voted in December to move that deadline up to June 30, 2022, because small phone companies were apparently carrying a disproportionately high number of illegal robocalls.

Read 7 remaining paragraphs | Comments

Lilbits: Samsung begins mass production of 3nm chips, Motorola roadmap leaked, and InfiniTime open source firmware for the PineWatch updated

Samsung is the first company to begin mass production of 3nm chips, which it says will bring big improvements in performance and efficiency. Motorola has a bunch of new phones scheduled to ship later this year, including budget, mid-range, and flagshi…

Samsung is the first company to begin mass production of 3nm chips, which it says will bring big improvements in performance and efficiency. Motorola has a bunch of new phones scheduled to ship later this year, including budget, mid-range, and flagship (or nearly flagship) class products. And the developers behind the InfiniTime firmware for Pine64’s […]

The post Lilbits: Samsung begins mass production of 3nm chips, Motorola roadmap leaked, and InfiniTime open source firmware for the PineWatch updated appeared first on Liliputing.

Cloudflare & Media Companies Agree to Modify “Power Grab” Piracy Injunction

After obtaining the broadest injunction ever seen in a US streaming piracy lawsuit, several media companies argued that Cloudflare should be held in contempt of court for non-compliance. Negotiations are now underway to end this dispute but it appears that can only be achieved if the court agrees to modify the injunction, which was previously described as a “power grab”.

From: TF, for the latest news on copyright battles, piracy and more.

cloudflareWhen United King Film Distribution, DBS Satellite Services, and Hot Communication won copyright lawsuits against three pirate streaming sites in April, the court gave them everything they asked for.

In addition to millions in damages against pirate streaming/IPTV platforms Israel-tv.com, Israel.tv and Sdarot.tv, the court handed down the broadest injunction ever seen in a US piracy case.

The injunction banned every online service provider from doing any business with the pirate platforms and ordered residential ISPs to block their current domains and any that appear in the future. In hindsight, it was a case of being careful what you wish for, because you may just get it.

With extraordinary power at hand, the media companies (all members of anti-piracy group Zira) began seizing domains but mysteriously asked the court not to enforce the requirement for residential ISPs to block the sites.

It appeared that someone may have started to push back and after issuing all kinds of orders to a range of online entities, the situation began to deteriorate. After the plaintiffs asked the court to hold Cloudflare in contempt for not following their instructions, Cloudflare fired back with amicus curiae support from Google, EFF and CCIA.

‘Power Grab’ Injunction is Invalid

The briefs submitted to the court are detailed but all agree that the injunction is impermissibly broad, lacking in detail, and contrary to Federal Rule of Civil Procedure 65 and the DMCA. Perhaps surprisingly, the plaintiffs continued to insist that they knew better.

Last week they submitted documents to further support their expedited motion for a contempt ruling against Cloudflare. The filing included exhibits claiming to show that Cloudflare’s DNS servers were servicing four new domains allegedly deployed by one of the pirate sites after its other domains were seized.

None of these domains were specifically listed in the injunction and as Cloudflare previously pointed out, any reading of the injunction that attempted to stretch it to cover new domains would violate fundamental limitations on the scope of available injunctive relief. Acting on the unsupported claims of the media companies with no judicial oversight is not an option, Cloudflare added.

Then this week, a sudden and unexpected light appeared on the horizon.

Broadest Piracy Injunction in the US Needs Adjustment

In a joint status letter filed Tuesday and addressed to Judge Katherine Polk Failla, whose signature authorized the original injunction, the media companies and Cloudflare say that progress is being made.

Following negotiations the parties say they have reached an agreement in principle to solve their differences. This will be achieved by addressing the core issues that led to the plaintiffs’ attempting to hold Cloudflare in contempt while addressing concerns raised by Cloudflare during a recent conference.

The specific details are not being made available at this stage but as soon as the agreement is formalized, the plaintiffs say they will file a motion to amend the default judgment and permanent injunction handed down by the court on April 26. An amended order will be presented for the court’s approval.

The plaintiffs say they will then withdraw with prejudice the pending motion for contempt against Cloudflare while reserving the right to file future motions to enforce the court’s original order or amended order, as appropriate. In turn, Cloudflare has agreed to withdraw its request for attorneys’ fees and costs incurred in responding to the plaintiffs’ motion for contempt.

It will be of great interest to see how the amended injunction balances the interests of the plaintiffs with those of Cloudflare and, by extension, every other service provider affected by the original injunction.

Update: The docket shows no indication that the agreement in principle is now a done deal but Judge Failla responded Wednesday as follows:

“In light of the above status update, the Court hereby deems both Plaintiffs’ contempt motion and Cloudflare’s request for attorneys’ fees and costs to be withdrawn.”

The plaintiffs’ declaration can be found here and the joint status report here (both pdf)

From: TF, for the latest news on copyright battles, piracy and more.

Daily Deals (6-30-2022)

EBay is running a sale that lets you save 20% off the price of 16,000+ products when you use the coupon code JULYSAVINGS at checkout. Just make sure to spend $25 or more, make your purchase by July 6th, 2022 and note that savings top out at $250 (but …

EBay is running a sale that lets you save 20% off the price of 16,000+ products when you use the coupon code JULYSAVINGS at checkout. Just make sure to spend $25 or more, make your purchase by July 6th, 2022 and note that savings top out at $250 (but you can use the coupon up […]

The post Daily Deals (6-30-2022) appeared first on Liliputing.

Apple outs its invite-only program that rewards VIP forum members 

Apple has an online community reward program similar to those of Microsoft, HP.

MacBook Pro back

Enlarge (credit: Samuel Axon)

Apple made its Community+ Program common knowledge this week. Similar to other tech companies like Dell, HP, and Microsoft, Apple has been rewarding the knowledgeable volunteers who frequently contribute to its online support community.

As spotted via iClarified on Wednesday, Apple launched the Apple Community+ Program webpage, which details a program that annually invites a small number of forum members to enjoy special rewards. An Apple rep told Ars Technica that while the webpage is new, the program "has been around for a few years." It's likely that since only a small number of people get to participate in the program, there hasn't been much chatter about it before the page's launch.

The Community+ members receive "special perks, white-glove experiences, and more," according to the program's page, but Apple didn't specify what that means, and the company declined to provide Ars Technica more details about the rewards.

Read 6 remaining paragraphs | Comments

Amazon blocks LGBT products in UAE, says it “must comply with local laws”

UAE, which bans same-sex relations, ordered Amazon to block products and searches.

The United Arab Emirates flag blowing in the wind on a flagpole.

Enlarge / The United Arab Emirates flag. (credit: Getty Images | Tim de Waele )

Amazon has started blocking LGBT-related products and search results in the United Arab Emirates to comply with a government demand in the country, which bans homosexuality.

The new restrictions are spelled out in internal Amazon documents, according to The New York Times. "The Emirati government gave Amazon until Friday to comply under threat of penalties, the documents show. It was not clear what those penalties would be," the NYT story said.

Amazon's "Restricted Products team" removed individual product listings, "and a team that manages the company's search abilities hid the results for more than 150 keywords," the NYT wrote. Searches for terms such as "lgbtq," "pride," "closeted gay," "transgender flag," "queer brooch," and "chest binder for lesbians" now turn up zero results in the UAE. Removed products include books such as My Lesbian Experience With Loneliness by Nagata Kabi, Gender Queer: A Memoir by Maia Kobabe, and Bad Feminist by Roxane Gay.

Read 4 remaining paragraphs | Comments