October 2020 – Page 3 – news.buyenne.com

So is(s)t man heute!

Was haben Intuitiv Essen (IE) und Intervallfasten (IF) gemeinsam?

Macht es noch einmal, Schweden

Die Regierung verschärft die Empfehlungen, setzt aber weiter auf Vernunft und Solidarität anstatt auf Verbote

Sachbücher des Monats: November 2020

Die Top Ten unter den Sachbüchern nebst einer persönlichen Empfehlung

Judge: Trump Admin‘s TikTok ban would cause “irreparable harm” to creators

The administration’s TikTok and WeChat bans have not fared well in court so far.

Visitors visit the booth of Douyin (TikTok) at the 2019 smart expo in Hangzhou, China, Oct. 18, 2019.

A federal judge in Pennsylvania has blocked a Trump administration order that would have banned TikTok from operating inside the United States as of November 12, finding that content creators who use the short-form video platform to make a living would suffer "irreparable harm" if the ban were to go through.

The "significant and unrecoverable economic loss caused by the shutdown of the TikTok platform" was grounds for granting an injunction, Judge Wendy Beetlestone of the US District Court for Eastern Pennsylvania wrote in a ruling (PDF) today.

President Donald Trump in August issued an executive order declaring TikTok (as well as another China-based app, WeChat) to be a national emergency. That order gave the Department of Commerce 45 days to put a list of banned actions into place. Commerce did so, prohibiting new TikTok downloads after September 20 and banning nearly every other TikTok feature after November 12.

Read 5 remaining paragraphs | Comments

‘Deciphering’ YouTube’s Rolling Cypher in Your Browser is a Piece of Cake

The RIAA and other music groups recently accused youtube-dl and related stream-ripping tools of circumventing YouTube’s ‘rolling cipher’ protection. While that may sound complex, anyone can download full audio and video files from YouTube, using nothing more than a web browser. It’s surprisingly easy and we failed to spot any ciphers.

From: TF, for the latest news on copyright battles, piracy and more.

youtube cipher rolling Downloading audio and video from YouTube is generally not allowed, as the video service clearly states in its terms of service.

Despite this restriction, there are numerous ‘stream-ripping’ tools available on the web that do just that.

These tools have legal uses but they are also a thorn in the side of music industry outfits, who see them as a major piracy threat. That was illustrated once again last week when an RIAA takedown notice wiped youtube-dl off GitHub.

The Rolling cipher

According to the RIAA, youtube-dl violates the DMCA’s anti-circumvention provisions because it bypasses YouTube’s ‘rolling cipher’ technical protection measure. That sounds rather complicated, but publicly little is known about how it works.

To find out more we reached out to YouTube, which didn’t respond to our inquiry. However, we did find out more about the ‘rolling cipher’ in a judgment from a German court in Hamburg. This 2017 verdict was explicitly mentioned in the RIAA’s takedown request to GitHub.

At the Hamburg court, copyright holders argued that YouTube’s ‘rolling cipher’ is an effective technological protection measure under EU law. It’s so complex that average users can’t decipher it.

“In the case of the video at issue, the user would have to filter out the 22 encoded URLs from a total of 72,338 characters, then find the ‘S variable’ of each URL, decipher it – using the respectively valid, because changing key – and then the newly generated URL use to get the video,” their argument was.

In the 2017 verdict, the court went along with this assessment ruling that encryption by the so-called “S variable” or “rolling cipher” is a technical measure within the meaning of Germany’s Copyright Act.

DIY Downloading From YouTube

At TorrentFreak, we have relatively little knowledge about encryption, so it would be impossible for us to bypass this ‘rolling cipher,’ one would think. However, after a few Google searches, we learned that pretty much every browser can do this by default.

Once you know the trick it takes only 20 seconds or so to download the audio or video from any YouTube clip, using only a browser and no dedicated ripping tools.

Our ‘deciphering’ quest started in Chrome but works in Firefox and other browsers as well. Because we don’t want any trouble, we used Dubioza Kolektiv’s Pirate Bay song as the test video. When that was loaded up, we opened Chrome’s devtools inspector, and navigated to the ‘network’ tab.

The devtools inspector shows you what requests are made by a page. When we filter for the keyword ‘audio’, several URLs appear, all pointing to chopped up audio streams from the YouTube video.

Without any encryption knowledge, we opened one of these streams in a separate browser tab. As expected, this didn’t immediately bring up the full audio with the Pirate Bay song. That requires the extra step of removing the last part of the URL, which starts with “range=”.

When that’s done the audio clip shows up in full and it can be played just fine. In fact, Chrome even offers the option to download it.

While we didn’t dare to go that far, we heard that it indeed saves just fine. And when the ‘weba’ extension is renamed to MP3, it will play offline too.

Downloading From YouTube is Easy

So there we have it. In just a few clicks and keystrokes we managed to bypass YouTube’s copyright protection using a browser. We didn’t see any rolling cipher in the process and anyone can do it.

That brings us back to the RIAA’s takedown request and the cited court verdict, which said that “an average user is not able to access the video info file, let alone decipher it.” Either we are geniuses or the court’s statement is wrong, at least for the present situation.

The above is the simple conclusion, but there’s more to it, which gets a bit technical.

But Where’s the Encryption?

After talking to several experts we learned that YouTube uses different ‘signatures’ for video URLs. Most have a fixed “sig” parameter, but there are also others that use an “s” parameter. In the latter cases, the player’s JavaScript is called with this “s” parameter which varies (or ‘rolls’).

That parameter shuffling is likely what rightsholders refer to with a ‘rolling cipher.’ However, this doesn’t involve any real encryption and youtube-dl doesn’t use it, as it simply executes the JavaScript code with a JavaScript interpreter, much like a browser does.

Over the past weeks, dozens of experts have chimed in about the legality or illegality of tools such as youtube-dl. We are not going to add to this, as these questions are ultimately up to a court to decide.

Stream-Rippers are Not Needed

What our little quest shows, however, is that there doesn’t appear to be any encryption to stop average users from downloading files in a browser. Anyone can download audio and video from YouTube without a dedicated stream-ripping tool.

That leads us to the final question, which we will leave unanswered. Or perhaps it answers itself. If youtube-dl is violating the DMCA because it allows people to download audio from YouTube, should browsers such as Chrome be outlawed as well?

From: TF, for the latest news on copyright battles, piracy and more.

Lilbits: LG’s rollable phone, Apple One, and PinePhone updates

LG’s on a roll with weird phones. Last month the company introduced the LG Wing dual-screen smartphone with a swivel that lets you arrange the screens in a T-shape. And at the end of the presentation the company teased its next weird phone &#821…

The post Lilbits: LG’s rollable phone, Apple One, and PinePhone updates appeared first on Liliputing.

“Not just a virus that kills people”—WHO spotlights long-term COVID-19

“I never thought I would have seven months of my life wiped out by this virus.”

A patient receives oxygen inside the Doctors Without Borders (MSF) Covid-19 tent at the Ana Francisca Perez de Leon II hospital in Caracas, Venezuela, on Wednesday, Aug. 26, 2020.

A significant number of people infected with the pandemic coronavirus, SARS-CoV-2, are experiencing long-term symptoms and taking many weeks or months to fully recover, the World Health Organization emphasized in a press conference today.

“I have heard first hand from people who face mid- to long-term effects of COVID-19 infection,” WHO Director-General Dr. Tedros Adhanom Ghebreyesus said. “What’s really concerning is the vast spectrum of symptoms that fluctuate over time, often overlap, and can affect any system in the body.”

While there have long been reports of COVID-19 long-haulers, the WHO worked to raise awareness of the problem today. It’s still unclear what proportion of infected people go on to have mid- to long-term health problems, Tedros noted. But, it's clear that "this is not just a virus that kills people." And with more than 45 million cases globally—and counting—even a small percentage will mean a large number of people will have long-term disability.

Read 11 remaining paragraphs | Comments

Reports: Tablet shipments were up in Q3, smartphone shipments were down

As the global COVID-19 pandemic continues to reshape the way people around the world live and work, two new reports suggest there’s been an impact on the types of mobile devices people are buying. According to IDC, global tablet shipments were u…

The post Reports: Tablet shipments were up in Q3, smartphone shipments were down appeared first on Liliputing.

Is it too late for the US to execute a pandemic plan?

Polling suggests a lot of people aren’t comfortable with aspects of contact tracing.

A woman in a face mask holds up a phone.

There's a standard set of best practices for disease outbreaks that includes a process called contact tracing. Each time you identify someone infected, you figure out who they've been in proximity to during the time they were infectious. You then get the person infected to self-isolate, and also convince their contacts to do so, at least until they can be tested and found to be uninfected. Doing this successfully can bring the rate of infection down below the point where the outbreak is self-sustaining—even if not everybody's picked up through contact tracing, there won't be many who aren't, and anyone they infect eventually will be.

For the COVID-19 pandemic, infection rates in many countries were initially so high that contact tracing was impractical. But a suite of social interventions—social distance, mask wearing, limiting time out of the home, washing hands, etc.—were used to bring rates back down to where contact tracing could be effective again.

This didn't happen in the US. There was no national effort to contact trace, each state set its own policy regarding social restrictions, and many states lifted their social interventions too soon, all of which have allowed several surges in infections.

Read 12 remaining paragraphs | Comments

Google’s Project Zero discloses Windows 0day that’s been under active exploit

Security flaw lets attackers escape sandboxes designed to contain malicious code.

A stylized skull and crossbones made out of ones and zeroes.

Google’s project zero says that hackers have been actively exploiting a Windows zeroday that isn’t likely to be patched until almost two weeks from now.

In keeping with long-standing policy, Google’s vulnerability research group gave Microsoft a seven-day deadline to fix the security flaw because it’s under active exploit. Normally, Project Zero discloses vulnerabilities after 90 days or when a patch becomes available, whichever comes first.

CVE-2020-117087, as the vulnerability is tracked, allows attackers to escalate system privileges. Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome. The former allowed the latter to escape a security sandbox so the latter could execute code on vulnerable machines.

Read 9 remaining paragraphs | Comments