Language Selection

English French German Italian Portuguese Spanish

DRM and Proprietary Software Leftovers

Filed under
Software
  • Some Photoshop users can try Adobe’s anti-misinformation system later this year

    Adobe pitched the CAI last year as a general anti-misinformation and pro-attribution tool, but many details remained in flux. A newly released white paper makes its scope clearer. The CAI is primarily a more persistent, verifiable type of image metadata. It’s similar to the standard EXIF tags that show the location or date of a photograph, but with cryptographic signatures that let you verify the tags haven’t been changed or falsely applied to a manipulated photo.

    People can still download and edit the image, take a screenshot of it, or interact the way they would any picture. Any CAI metadata tags will show that the image was manipulated, however. Adobe is basically encouraging adding valuable context and viewing any untagged photos with suspicion, rather than trying to literally stop plagiarism or fakery. “There will always be bad actors,” says Adobe community products VP Will Allen. “What we want to do is provide consumers a way to go a layer deeper — to actually see what happened to that asset, who it came from, where it came from, and what happened to it.”

    The white paper makes clear that Adobe will need lots of hardware and software support for the system to work effectively. CAI-enabled cameras (including both basic smartphones and high-end professional cameras) would need to securely add tags for dates, locations, and other details. Photo editing tools would record how an image has been altered — showing that a journalist adjusted the light balance but didn’t erase or add any details. And social networks or other sites would need to display the information and explain why users should care about it.

  •  

  • EFF and ACLU Tell Federal Court that Forensic Software Source Code Must Be Disclosed

           

             

    Can secret software be used to generate key evidence against a criminal defendant? In an amicus filed ten days ago with the United States District Court of the Western District of Pennsylvania, EFF and the ACLU of Pennsylvania explain that secret forensic technology is inconsistent with criminal defendants’ constitutional rights and the public’s right to oversee the criminal trial process. Our amicus in the case of United States v. Ellis also explains why source code, and other aspects of forensic software programs used in a criminal prosecution, must be disclosed in order to ensure that innocent people do not end up behind bars, or worse—on death row.

             

    The Constitution guarantees anyone accused of a crime due process and a fair trial. Embedded in those foundational ideals is the Sixth Amendment right to confront the evidence used against you. As the Supreme Court has recognized, the Confrontation Clause’s central purpose was to ensure that evidence of a crime was reliable by subjecting it to rigorous testing and challenges. This means that defendants must be given enough information to allow them to examine and challenge the accuracy of evidence relied on by the government.

  •                

  • Powershell Bot with Multiple C2 Protocols

                     

                       

    I spotted another interesting Powershell script. It's a bot and is delivered through a VBA macro that spawns an instance of msbuild.exe This Windows tool is often used to compile/execute malicious on the fly (I already wrote a diary about this technique[1]). I don’t have the original document but based on a technique used in the macro, it is part of a Word document. It calls Document_ContentControlOnEnter[2]: [...]

  •      

  • FBI Used Information From An Online Forum Hacking To Track Down One Of The Hackers Behind The Massive Twitter Attack

           

             

    As Mike reported last week, the DOJ rounded up three alleged participants in the massive Twitter hack that saw dozens of verified accounts start tweeting out promises to double the bitcoin holdings of anyone who sent bitcoin to a certain account.

  •                    

  • Twitter Expects to Pay 9-Figure Fine for Violating FTC Agreement

                         

                           

    That means that the complaint is not related to last month’s high-profile [cr]ack of prominent accounts on the service. That security incident saw accounts from the likes of Joe Biden and Elon Musk ask followers to send them bitcoin. A suspect was arrested in the incident last month.

  •                    

  • Twitter Expects to Pay Up to $250 Million in FTC Fine Over Alleged Privacy Violations

                         

                           

    Twitter disclosed that it anticipates being forced to pay an FTC fine of $150 million to $250 million related to alleged violations over the social network’s use of private data for advertising.

                           

    The company revealed the expected scope of the fine in a 10-Q filing with the SEC. Twitter said that on July 28 it received a draft complaint from the Federal Trade Commission alleging the company violated a 2011 consent order, which required Twitter to establish an information-security program designed to “protect non-public consumer information.”

                           

    “The allegations relate to the Company’s use of phone number and/or email address data provided for safety and security purposes for targeted advertising during periods between 2013 and 2019,” Twitter said in the filing.

  •                

  • Apple removes more than 26,000 games from China app store

                     

                       

    Apple pulled 29,800 apps from its China app store on Saturday, including more than 26,000 games, according to Qimai Research Institute.

                       

    The removals are in response to Beijing's crackdown on unlicensed games, which started in June and intensified in July, Bloomberg reported. This brings an end to the unofficial practice of letting games be published while awaiting approval from Chinese censors.

  •                

  • Intuit Agrees to Buy Singapore Inventory Software Maker

                     

                       

    Intuit will pay more than $80 million for TradeGecko, according to people familiar with the matter, marking one of the biggest exits in Singapore since the Covid-19 pandemic. TradeGecko has raised more than $20 million to date from investors including Wavemaker Partners, Openspace Ventures and Jungle Ventures.

  •                      

  • Justice Department Is Scrutinizing Takeover of Credit Karma by Intuit, Maker of TurboTax

           

             

    The probe comes after ProPublica first reported in February that antitrust experts viewed the deal as concerning because it could allow a dominant firm to eliminate a competitor with an innovative business model. Intuit already dominates online tax preparation, with a 67% market share last year. The article sparked letters from Sen. Ron Wyden, D-Ore., and Rep. David Cicilline, D-R.I., urging the DOJ to investigate further. Cicilline is chair of the House Judiciary Committee’s antitrust subcommittee.

More in Tux Machines

Compute module and dev kit aim Snapdragon 865 at AR/VR

Lantronix has launched 50 x 29mm “Open-Q 865XR SOM” and $995 dev kit that runs Android 10 on a 15-TOPS NPU equipped Snapdragon 865 with 6GB LPDDR5, 802.11ax, and triple MIPI-CSI interfaces. Intrinsyc, a subsidiary of Lantronix, has introduced an IoT-oriented compute module and development kit based on Qualcomm’s Snapdragon 865 (SXR2130P) SoC. The $445 Open-Q 865XR SOM and $995 Open-Q 865XR SOM Development Kit follow Intrinsyc’s more smartphone-oriented Snapdragon 865 Mobile HDK. The Open-Q 865XR targets imaging intensive embedded applications including Augmented Reality/Virtual Reality (AR/VR) applications in AI machine learning, medical, gaming, logistics and retail sectors. Read more

Programming: Git and Qt

  • Understand the new GitLab Kubernetes Agent

    GitLab's current Kubernetes integrations were introduced more than three years ago. Their primary goal was to allow a simple setup of clusters and provide a smooth deployment experience to our users. These integrations served us well in the past years but at the same time its weaknesses were limiting for some important and crucial use cases.

  • GitLab Introduces the GitLab Kubernetes Agent

    The GitLab Kubernetes Agent (GKA), released in GitLab 13.4, provides a permanent communication channel between GitLab and the cluster. According to the GitLab blog, it is designed to provide a secure solution that allows cluster operators to restrict GitLab's rights in the cluster and does not require opening up the cluster to the Internet.

  • Git Protocol v2 Available at Launchpad

    After a few weeks of development and testing, we are proud to finally announce that Git protocol v2 is available at Launchpad! But what are the improvements in the protocol itself, and how can you benefit from that? The git v2 protocol was released a while ago, in May 2018, with the intent of simplifying git over HTTP transfer protocol, allowing extensibility of git capabilities, and reducing the network usage in some operations. For the end user, the main clear benefit is the bandwidth reduction: in the previous version of the protocol, when one does a “git pull origin master”, for example, even if you have no new commits to fetch from the remote origin, git server would first “advertise” to the client all refs (branches and tags) available. In big repositories with hundreds or thousands of refs, this simple handshake operation could consume a lot of bandwidth and time to communicate a bunch of data that would potentially be discarded by the client after. In the v2 protocol, this waste is no longer present: the client now has the ability to filter which refs it wants to know about before the server starts advertising it.

  • Qt Desktop Days 7-11 September

    We are happy to let you know that the very first edition of Qt Desktop Days 2020 was a great success! Having pulled together the event at very short notice, we were delighted at the enthusiastic response from contributors and attendees alike.

  • Full Stack Tracing Part 1

    Full stack tracing is a tool that should be part of every software engineer’s toolkit. It’s the best way to investigate and solve certain classes of hard problems in optimization and debugging. Because of the power and capability it gives the developer, we’ll be writing a series of blogs about it: when to use it, how to get it set up, how to create traces, and how to interpret results. Our goal is to get you capable enough to use full stack tracing to solve your tough problems too. Firstly, what is it? Full stack tracing is tracing on the full software stack, from the operating system to the application. By collecting profiling information (timing, process, caller, API, and other info) from the kernel, drivers, software frameworks, application, and JavaScript environments, you’re able to see exactly how the individual components of a system are interacting. That opens up areas of investigation that are impossible to achieve with standard application profilers, kernel debug messages, or even strategically inserted printf() commands. One way to think of full stack tracing is like a developer’s MRI machine that allows you to look into a running system without disturbing it to determine what is happening inside. (And unlike other low-level traces that we’ve written about before, full stack tracing provides a simpler way to view activity up and down the entire software stack.)

Dell XPS 13 Developer Edition Gets 11th-Gen Intel Refresh, Ubuntu 20.04 LTS

The revised model doesn’t buck any conventions. It’s a refreshed version of the XPS 13 model released earlier this year, albeit offering the latest 11th generation Intel processors, Intel Iris Xe graphics, Thunderbolt 4 ports, and up to 32GB 4267MHz LPDDR4x RAM. These are also the first Dell portables to carry Intel “Evo” certification. What’s Intel Evo? Think of it as an assurance. Evo certified notebooks have 11th gen Intel chips, can wake from sleep in under 1s, offer at least 9 hours battery life (with a Full HD screen), and support fast charging (with up to 4 hours from a single 30 min charge) — if they can’t meet any of those criteria they don’t get certified. Read more

Vulkan 1.2.155 Released and AMDVLK 2020.Q3.6 Vulkan Driver Brings Several Fixes

  • Vulkan 1.2.155 Released With EXT_shader_image_atomic_int64

    Vulkan 1.2.155 is out this morning as a small weekly update over last week's spec revision that brought the Vulkan Portability Extension 1.0 for easing software-based Vulkan implementations running atop other graphics APIs. Vulkan 1.2.155 is quite a tiny release after that big release last week, but there aren't even any documentation corrections/clarifications and just a sole new extension.

  • AMDVLK 2020.Q3.6 Vulkan Driver Brings Several Fixes

    AMD driver developers today released AMDVLK 2020.Q3.6 as their latest open-source snapshot of their official Vulkan graphics driver. The primary new feature of this AMDVLK driver update is VK_EXT_robustness2, which mandates stricter requirements around dealing with out-of-bounds reads/writes. Robustness2 requires greater bounds checking, discarding out-of-bounds writes, and out-of-bounds reads must return zero. This extension debuted back in April as part of Vulkan 1.2.139.