Just another news site
Google’s probably going to launch a Pixel 7a smartphone with a mid-range price tag in the spring of 2023. That’s almost a given at this point. And the company has been working on a foldable phone that’s also likely to launch in the f…
Google’s probably going to launch a Pixel 7a smartphone with a mid-range price tag in the spring of 2023. That’s almost a given at this point. And the company has been working on a foldable phone that’s also likely to launch in the first half of the year. But now the folks at Android Authority […]
The post Google’s Pixel smartphone roadmap through 2025 allegedly leaked appeared first on Liliputing.
Energie und Klima – kompakt: Akzeptanz von erneuerbaren Energieträgern auf hohem Niveau weiter gewachsen. Ausschreibungsverfahren behindert den Ausbau allerdings massiv.
Password manager says breach it disclosed in August was much worse than thought.
Enlarge (credit: Getty Images)
LastPass, one of the leading password managers, said that hackers obtained a wealth of personal information belonging to its customers as well as encrypted and cryptographically hashed passwords and other data stored in customer vaults.
The revelation, posted on Thursday, represents a dramatic update to a breach LastPass disclosed in August. At the time, the company said that a threat actor gained unauthorized access through a single compromised developer account to portions of the password manager's development environment and "took portions of source code and some proprietary LastPass technical information." The company said at the time that customers’ master passwords, encrypted passwords, personal information, and other data stored in customer accounts weren't affected.
In Thursday’s update, the company said hackers accessed personal information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses customers used to access LastPass services. The hackers also copied a backup of customer vault data that included unencrypted data such as website URLs and encrypted data fields such as website usernames and passwords, secure notes, and form-filled data.
With Big Tech reconsidering voice profitability, Home Assistant enters the fray.
Enlarge / Home Assistant running on a Google Nest Hub, via a wild Chromecast hack. Native hardware like this would be nice. (credit: Home Assistant)
Are cloud-based voice assistants doomed? That seems like an overly dramatic question to ask if you look at the current state of millions of users of Google Assistant, Amazon Alexa, and Apple's Siri, but we're not so sure about the future. Google and Amazon have backed away from their voice assistants recently, with Amazon firing a big chunk of the Alexa team due to it losing $10 billion a year. Google isn't quite at the "fire everyone" stage, but it is reportedly less interested in supporting the Assistant on third-party devices, which would be a crippling move given Google's extremely small hardware division. Everyone built these systems assuming a revenue stream would come later, but that revenue never came, and it's starting to seem like the bubble is bursting.
One project that has a heavy dependence on Big Tech voice assistants isn't sitting around and waiting for doomsday. The team at Home Assistant is declaring 2023 "Home Assistant's year of Voice." This is basically the leading smart home project saying, "If these cloud voice assistants don't provide Big Tech with a multi-billion dollar revenue stream, that's fine, we'll do it ourselves!" There are a few nascent, open source voice assistant projects out there already, but the Home Assistant team has proven it can manage a big project. It has a huge, thriving community and enough revenue to have full-time employees, making this the new frontrunner for a viable local voice service.
Plus Home Assistant isn't starting from scratch—it went and found what it called the "most promising" open source voice assistant out there, "Rhasspy," and hired the lead developer, Mike Hansen, to work full-time on voice in Home Assistant. Hasen will now work at Nabu Casa, the Home Assistant's commercialization company. According to Home Assistant's founder, Paulus Schoutsen, "Rhasspy stands out from other open source voice projects because Mike doesn’t focus on just English. Instead, his goal is to make it work for everyone. This is going great as Rhasspy supports already 16 different languages today." The plan is to support all 62 languages the Home Assistant currently supports, but with voice, all without needing an Internet connection.
With Big Tech reconsidering voice profitability, Home Assistant enters the fray.
Enlarge / Home Assistant running on a Google Nest Hub, via a wild Chromecast hack. Native hardware like this would be nice. (credit: Home Assistant)
Are cloud-based voice assistants doomed? That seems like an overly dramatic question to ask if you look at the current state of millions of users of Google Assistant, Amazon Alexa, and Apple's Siri, but we're not so sure about the future. Google and Amazon have backed away from their voice assistants recently, with Amazon firing a big chunk of the Alexa team due to it losing $10 billion a year. Google isn't quite at the "fire everyone" stage, but it is reportedly less interested in supporting the Assistant on third-party devices, which would be a crippling move given Google's extremely small hardware division. Everyone built these systems assuming a revenue stream would come later, but that revenue never came, and it's starting to seem like the bubble is bursting.
One project that has a heavy dependence on Big Tech voice assistants isn't sitting around and waiting for doomsday. The team at Home Assistant is declaring 2023 "Home Assistant's year of Voice." This is basically the leading smart home project saying, "If these cloud voice assistants don't provide Big Tech with a multi-billion dollar revenue stream, that's fine, we'll do it ourselves!" There are a few nascent, open source voice assistant projects out there already, but the Home Assistant team has proven it can manage a big project. It has a huge, thriving community and enough revenue to have full-time employees, making this the new frontrunner for a viable local voice service.
Plus Home Assistant isn't starting from scratch—it went and found what it called the "most promising" open source voice assistant out there, "Rhasspy," and hired the lead developer, Mike Hansen, to work full-time on voice in Home Assistant. Hasen will now work at Nabu Casa, the Home Assistant's commercialization company. According to Home Assistant's founder, Paulus Schoutsen, "Rhasspy stands out from other open source voice projects because Mike doesn’t focus on just English. Instead, his goal is to make it work for everyone. This is going great as Rhasspy supports already 16 different languages today." The plan is to support all 62 languages the Home Assistant currently supports, but with voice, all without needing an Internet connection.
Fired employees “misused their authority to obtain access to TikTok user data.”
Enlarge (credit: NurPhoto / Contributor | NurPhoto)
Following an internal investigation, TikTok owner ByteDance today confirmed reports from this fall that claimed some of its employees used the popular app to track multiple journalists, including two in the US. The ByteDance employees’ goal? To identify anonymous sources who were leaking information to the media on the company’s ties to the Chinese government, according to The New York Times.
Forbes reported that multiple reporters from its own publication were “part of this covert surveillance campaign.” A Buzzfeed reporter and UK-based Financial Times journalist Cristina Criddle were also surveilled, FT reported. ByteDance employees reportedly accessed reporters' TikTok accounts to obtain IP and user data, assessing whether there was any overlap with pings from known locations of ByteDance employees suspected of leaking. ByteDance confirmed that these tactics became so broad that the employees also monitored the data of some of the journalists’ associates.
According to Forbes, ByteDance fired Chris Lepitak, the chief internal auditor responsible for the company’s Internal Audit and Risk Control department. ByteDance confirmed Lepitak's team was behind the surveillance campaign. In October, Forbes reported that Lepitak was also seemingly seeking information on the “location and details of the Oracle server that is central to TikTok’s plans to limit foreign access to personal US user data.” That server is key to the Biden administration’s ongoing discussions with TikTok over national security concerns, with the US increasingly wary of China-based ByteDance employees gaining access to US-stored data.
Fired employees “misused their authority to obtain access to TikTok user data.”
Enlarge (credit: NurPhoto / Contributor | NurPhoto)
Following an internal investigation, TikTok owner ByteDance today confirmed reports from this fall that claimed some of its employees used the popular app to track multiple journalists, including two in the US. The ByteDance employees’ goal? To identify anonymous sources who were leaking information to the media on the company’s ties to the Chinese government, according to The New York Times.
Forbes reported that multiple reporters from its own publication were “part of this covert surveillance campaign.” A Buzzfeed reporter and UK-based Financial Times journalist Cristina Criddle were also surveilled, FT reported. ByteDance employees reportedly accessed reporters' TikTok accounts to obtain IP and user data, assessing whether there was any overlap with pings from known locations of ByteDance employees suspected of leaking. ByteDance confirmed that these tactics became so broad that the employees also monitored the data of some of the journalists’ associates.
According to Forbes, ByteDance fired Chris Lepitak, the chief internal auditor responsible for the company’s Internal Audit and Risk Control department. ByteDance confirmed Lepitak's team was behind the surveillance campaign. In October, Forbes reported that Lepitak was also seemingly seeking information on the “location and details of the Oracle server that is central to TikTok’s plans to limit foreign access to personal US user data.” That server is key to the Biden administration’s ongoing discussions with TikTok over national security concerns, with the US increasingly wary of China-based ByteDance employees gaining access to US-stored data.
A new lawsuit filed in the United States claims that Cloudflare and NameSilo are liable for copyright infringements carried out by their customers. Adult entertainment outfit TIR Consulting accuses both companies of providing anonymity to pirate sites and profiting from infringements carried out by so-called ‘repeat infringers’.
From: TF, for the latest news on copyright battles, piracy and more.
Competition is almost inevitable in business and as a key driver of innovation, that’s mostly a good thing. Unfair competition, on the other hand, is rarely considered a plus.
In a complaint filed in a California court this week, adult entertainment company TIR Consulting LLC says that it faces unfair and illegal competition from pirate sites. It’s a familiar story for rightsholders everywhere but this lawsuit is far from ordinary.
Since 2015, TIR has made its specialist content available via the website mistressharley.com (NSFW) and through authorized third parties under licensing agreements.
In parallel, websites that sell pirated copies of TIR’s copyrighted videos compete in the same market by targeting TIR’s customers. Some use confusingly similar domains that are designed to mislead potential customers, TIR says.
The complaint notes that at least two of these pirate sites use privacy services provided by the named defendants – Cloudflare and domain company NameSilo.
TIR claims that enforcing its rights is all but impossible due to these privacy services. As a result, Cloudflare and NameSilo must be held liable for the infringements of their customers, along with Does 1-100 who are also liable in some way or another.
The complaint lists 65 URLs (“infringing links”) on the alleged pirate site mistress-harley.com. These same 65 URLs are said to “backlink” to manyvips.com but specific URLs are not listed in the complaint. The listed URLs appear to reference video content, but TIR uses trademark terminology instead.
“Each of the 65 Infringing Links reflects the registered family of trademarks for
‘Mistress Harley’ all of which are owned exclusively by TIR,” the complaint reads.
TIR further blends copyright and trademark law by claiming that Cloudflare “admitted that the accepted 65 URL(s) for the DMCA report on mistress-harley.com” includes the 65 “infringing links” referenced earlier under trademark law.
The adult company later states that while its complaint covers 65 videos “made, paid for, produced and owned by TIR,” just four have been registered with the US Copyright Office.
TIR says that pirate sites pay Cloudflare for “housing services” and a “guarantee that CloudFlare will do nothing to interfere with their anonymity and their cyber-theft.”
According to the complaint, Cloudflare provides services to mistress-harley.com.
TIR says that pirates are able to sell copies of its videos on “domain sites” hosted by companies that sell and host domains, while “guaranteeing the anonymity of domain owners.” In this case, NameSilo is called out for offering a “free WHOIS privacy” service, which is used by mistress-harley.com and a second unlicensed platform, manyvips.com.
“There is no question that this is not just an attractive service, but a necessary
service for a pirate that wants to set up a site with illegal downloads,” the complaint notes.
After a rundown of services provided by Cloudflare, the complaint highlights the company’s privacy pledge: “[A]ny personal information you provide to us is just that: personal and private.”
Cloudflare’s claim that it has never modified the intended destination of DNS responses “at the request of law enforcement or another third party” is also mentioned.
The natural consequence of the above, TIR concludes, is that “CloudFlare is a safe holding space for website owners who are offering illegal content, and both sides know exactly what is being bought and sold.”
While bold, TIR’s allegations are nothing new. In 2018, Mon Cherie Bridals sued Cloudflare for failing to terminate customers identified as repeat infringers. The case was a pretty big deal and after three years of litigation, Cloudflare took the win and an important ruling on liability.
The Mon Cherie decision is referenced in TIR’s complaint, but not in recognition of Cloudflare’s win. Instead, a statement made by Judge Chhabria in the earlier case (italics, below) is framed as undermining Cloudflare’s position.
If Cloudflare’s provision of these services made it more difficult for a third party to report incidents of infringement to the web host as part of an effort to get the underlying content taken down, perhaps it could be liable for contributory infringement
While TIR notes that the above is “precisely the basis for the claims” in this complaint, in Mon Cherie the Judge said that Cloudflare’s actions did not incur liability.
Since Cloudflare forwards DMCA notices to site hosts and informs complainants of the identity of the host, Judge Chhabria concluded in Mon Cherie that Cloudflare doesn’t make it harder to go after pirate sites.
Indeed, the TIR complaint acknowledges that Cloudflare identified mistress-harley.com’s hosting provider (SECUNET, BG) and provided an abuse contact email address (abuse@cryptoservers.biz).
When TIR sent a trademark/copyright complaint to the host but received no response, the adult company did a WHOIS lookup for cryptoservers.biz. It revealed NameSilo as the domain registrar and PrivacyGuardian.org protecting the registrant’s details.
In response to a formal complaint, NameSilo’s abuse team reminded TIR that “..we are only the domain name registrar and cannot validate or control the content posted on the site.” PrivacyGuard’s policy advised TIR that in the event of a copyright or trademark dispute, “you should direct your complaint to the respective web site host for the domain.”
With Cloudflare reportedly offering similar advice to target the host itself, TIR appears to have lost patience and filed this complaint.
“As a result of the piracy and infringement, TIR has suffered consistent lost profits and decreased sales, and has calculated this lost amount to be in the tens of thousands of dollars and growing exponentially every day,” the company notes.
“This case raises the problem of service providers who continue to do commerce with pirate sites even after receipt of actual knowledge of repetitive acts of infringement on such sites. These Defendants profit by supporting and providing critical services to pirate sites despite being on notice that these customers are repeat infringers.”
TIR says that Cloudflare and NameSilo “systematically failed to implement or enforce a repeat infringer policy” in the knowledge that many “lawful copyright and trademark holders” can’t afford to fight legal battles.
“This undermines the entire purpose of DMCA,” the company adds.
Since Cloudflare and NameSilo will undoubtedly respond to these claims in some detail, we’ll cover their responses in due course. In the meantime, the brief list below is included for reference, including links to law exactly as cited in the complaint.
1- Contributory Trademark Infringement – 15 U.S.C. § 1114 Cloudflare/NameSilo
2- Direct Trademark Infringement – (U.S.C. Not listed) Cloudflare, NameSilo, Does 1-100
3- Not listed/absent from the complaint
4- Contributory Copyright Infringement – 15 U.S.C. § 1125(a) Cloudflare/NameSilo
5- Vicarious Copyright Infringement – 15 U.S.C. § 1125(a) Cloudflare/NameSilo
6- Direct Copyright Infringement – 15 U.S.C. § 1125(a) Cloudflare/NameSilo/Does 1-100
7- Unfair Competition – (link) Cloudflare/NameSilo
At the time of writing, Cloudflare does not ‘protect’ mistress-harley.com’s server in any way.
TIR’s complaint against Cloudflare, NameSilo & Does 1-100 (pdf)
From: TF, for the latest news on copyright battles, piracy and more.
In the wake of a Soyuz coolant loss, NASA and Roscosmos still exploring options.
Enlarge / A Soyuz spacecraft docked at the ISS. (credit: NASA)
Today, NASA held a press briefing to describe the situation on the International Space Station (ISS) in the wake of a major coolant leak from a Soyuz spacecraft that is docked at the station. At the moment, neither NASA nor Roscosmos has a clear picture of its options for using the damaged spacecraft. If it is unusable in its current state, then it will take until February to get a replacement to the ISS.
Soyuz spacecraft are one of two vehicles used to get humans to and from the ISS, and serve as a "lifeboat" in case personnel are required to evacuate the station rapidly. So, while the leak doesn't place the ISS or its crew in danger, it cuts the margin for error and can potentially interfere with future crew rotations.
As Roscosmos indicated earlier this week, the impressive-looking plume of material originated from a millimeter-sized hole in a coolant radiator. Although the coolant system has redundant pumps that could handle failures, the leak resulted in the loss of all the coolant, so there's nothing to pump at this point.
The Epic Games Store is giving away Fallout, Fallout 2, and Fallout Tactics today. You can pick up a compact desktop computer with 16GB of RAM, 512GB of storage and a 12th-gen Intel Core i3 processor for just $349 at the moment. Amazon is selling an A…
The Epic Games Store is giving away Fallout, Fallout 2, and Fallout Tactics today. You can pick up a compact desktop computer with 16GB of RAM, 512GB of storage and a 12th-gen Intel Core i3 processor for just $349 at the moment. Amazon is selling an Amazon Fire HD 10 tablet and Fire TV Stick 4K media streamer […]
The post Daily Deals (12-22-2022) appeared first on Liliputing.
You must be logged in to post a comment.