Feed aggregator

Buy a Chromebook, get 1TB of Google Drive storage free for two years

Ars Technica - Fri, 21/11/2014 - 19:10
Google is giving new Chromebook buyers a place to put their stuff, for a couple of years anyway. Andrew Cunningham

Chromebooks don't have much local storage, which is kind of the point—their vision of computing is one where basically everything is done in the cloud, and the computer on your lap is just your window to the Information Superhighway. To make that usage model more plausible, Google is giving new Chromebook buyers 1TB of Google Drive storage free for two years. To take advantage of the deal, you just have to buy any new Chromebook between now and January 1, 2015.

Google runs similar promotions with most Chromebooks, though with differing subscription lengths and amounts of storage space. The expensive Chromebook Pixel came with 1TB of storage for three years; the cheaper HP Chromebook 11 came with 100GB for two years. A year of Google Drive on the 1TB plan costs $9.99 a month and there are no yearly subscription options, so the subscription is worth a grand total of $239.76.

Chromebooks like Acer's C720 start at $199, though you'd do well to spend more money and get more than 2GB of RAM. If the cloud model doesn't work for you, a new class of cheap Windows laptops like HP's Stream have been creeping down into the $200 price category lately.

Read on Ars Technica | Comments

Telecoms Fulfilled 90+ Illegitimate Subpoenas from New Mexico

EFF Breaking News - Fri, 21/11/2014 - 18:48

New Mexico law is so devoid of any established authority for this practice, a reasonable prosecutor, upon the exercise of diligent research could determine that the practice was very probably unlawful.

- Judge John Paternoster, Eighth Judicial District of New Mexico

The National Security Agency isn’t the only agency that’s willing to flout the laws of the land in order to obtain your telephone records. As we’re learning from a case out of New Mexico, local prosecutors may be to willing to ignore rights enshrined in the Constitution for an unfair advantage in criminal cases.

The case at hand involves the office of the District Attorney for the Eight District of New Mexico, which covers three counties in Northern New Mexico, including Taos. D.A. Donald Gallegos and one of his subordinates are facing disciplinary charges after they were caught issuing at least 91 bogus subpoenas to eight telephone companies for customer call records. 

The subpoenas came to light during the prosecution of a 2013 armed robbery at an electric cooperative. Suspecting it was an inside job, the Taos police department worked with the prosecutor’s office to begin issuing subpoenas to telecoms for records related to dozens of phone records. Several batches of subpoenas were discovered related to other cases.

The problem is the District Attorney had no authority to issue “stand-alone subpoenas” under court rules, state law, or the New Mexico Constitution [PDF, PDF]. Prosecutors are only allowed to subpoena records when they represent a party in a case, (i.e. a grand jury has been convened or a criminal case has been filed) and they cannot use subpoenas during the police investigative process. Instead the prosecutor attached a generic case number—the kind usually reserved for miscellaneous court matters, such as bond forfeitures and oaths of office—not cellphone records requests.

The subpoenas weren’t signed by a judge or authorized by a grand jury. They weren’t even the right form [PDF] for issuing requests for records. As such, the subpoenas did not include the "essential" language alerting the recipient of remedies and protective measures. Rather, the documents threatened contempt of court sanctions for any telephone provider that failed to hand over the records.

Judge John Paternoster threw out the indictment of one of the robbery suspects in April due to “gross prosecutorial misconduct,” issuing the following damning conclusions [PDF]: 

A stand-alone subpoena, in improper form, issued and signed by a prosecutor in aid of police investigation, before a criminal cause is properly commenced, as in the instant facts is simply without precedent, analogy or lawful authority in New Mexico law.


The subpoenas in question were issued by the prosecutor without any judicial oversight, and allowed the police to obtain evidence during a criminal investigation without meeting the requirements of Article II 10 of the Constitution of New Mexico.


It is objectively unreasonable for the prosecutor to believe that his conduct was lawful.


The prosecutor had no reasonable basis in law for issuing the subpoenas and had no reasonable basis in law to present the evidence to the grand jury, and therefore acted in objective bad faith, and tainted the grand jury with evidence.

Judicial smackdowns don’t come much harder than that. The district attorney is appealing, but at the same time the oversight body authorized by the New Mexico Supreme Court to review allegations of attorney misconduct has completed its own investigation. The Disciplinary Board is now pursuing formal professional misconduct charges against the lawyers [PDF, PDF].

That process will play out over the next few months, but in the meantime there’s another piece of the puzzle worth addressing. If the subpoenas were so obviously illegal, why didn’t a single one of the telecommunications company question their legitimacy?

According to the filings, eight telecommunications providers complied with the questionable subpoenas and handed over customer call records. They are:

Verizon AT&T (Cingular)
CommnetCricket (since acquired by AT&T)Level 3 CommunicationsMetroPCSSprint/Nextel

As we told each of these providers in a letter [PDF], EFF strongly believes that part of a telecommunication company’s cost of doing business in any particular state is to ensure that local law enforcement requests for customer data comply with state law. That is particularly true when state laws, such as New Mexico’s, contain stronger legal protections than those that exist under the Fourth Amendment to the U.S. Constitution or the federal Stored Communications Act.

We are asking the involved companies to take a few concrete actions in response to the bad-subpoena scandal:

First, they should go back and review all subpoenas that the district attorney’s issued, determine if other subpoenas it received were similarly defective and release the actual numbers of subpoenas they processed that may have been illegal.

Second, they should review their own legal process to identify how the company’s legal compliance team assesses the validity of subpoenas under state law. Then they should institute new polices to make sure it doesn’t happen again. 

Finally, they should confirm whether the customers targeted by the subpoenas were informed of the existence of these subpoenas. If not, customers should be informed immediately.

So far, T-Mobile is the only provider to respond to our letter. While Senior Corporate Counsel Patricia Cauldwell indicated that they were unaware of the controversy until we brought it to their attention, she argued that T-Mobile acted in good faith and defended the company’s practice of rejecting requests when they appear to be defective.  

“[W]e would not expect to see a prosecutor in New Mexico use subpoenas like these again in a criminal investigation before convening a grand jury and we expect that the judicial system in New Mexico is well capable of correcting the problem,” Cauldwell wrote [PDF].

We’re not convinced that’s a safe bet. The telecommunications industry is very well aware that the public is becoming more and more skeptical of how these companies interact with intelligence and law enforcement agencies.  But for all the NSA and FBI’s questionable practices, local law enforcement agencies are just as prone to shenanigans.

Phone companies need to not only tell cops to come back with a warrant or subpoena, but come back with one that’s actually legal.

Files:  5-511_nmra.pdf 5-511_subpoena_form.pdf 2014.10.01_specification_of_charges_d_gallegos.pdf 2014.10.01_specification_of_charges_e_chavez.pdf 2014.04.08_decision_on_mtn_to_quash.pdf 2013nmconst.pdf letter_from_the_electronic_frontier_foundation_regarding_new_mexico_subpoenas.pdf letter-from-t-mobile-redacted.pdfRelated Issues: Know Your RightsCell Tracking
Share this:   ||  Join EFF

Six journalists sue over surveillance by UK “extremist” police unit

Ars Technica - Fri, 21/11/2014 - 18:35

Six members of the United Kingdom’s National Union of Journalists—including comedian and journalist Mark Thomas—have filed suit against London’s Metropolitan Police after discovering that their daily activities were being monitored and recorded in a police database. The database is gathered by the National Domestic Extremists and Disorder Intelligence Unit, a task force led by the Metropolitan Police Service that tracks political and religious groups in the UK and monitors protests.

In an interview on BBC Radio 4, Thomas said that the surveillance was discovered through information uncovered by a request under the UK’s Data Protection Act—a law similar to the US’ Freedom of Information Act. “The police are gathering information under the domestic extremist list about journalist and NUJ members, “ he said. “And we know this because six of us have applied to the police using the Data Protection Act to get some of the information the police are holding on us on these lists. And what they are doing is monitoring journalists’ activities and putting them under surveillance and creating databases about them."

Thomas has used the Data Protection Act in the name of both journalism and comedy. In 2001, he launched a contest in which he encouraged people to do creative performances in front of surveillance cameras and then submit the videos to him after obtaining them through Data Protection Act requests.

Read 2 remaining paragraphs | Comments

Seattle PD cuts a deal with mass-video requestor, institutes “hack-a-thon”

Ars Technica - Fri, 21/11/2014 - 18:10

A computer programmer whose massive public records request threatened Seattle's plan to put body cameras on its police officers has made peace with the police department.

Today's Seattle Times reports that Seattle Police Department COO Mike Wagers has invited the man into police headquarters to meet with him and tech staff to discuss how he could receive video regularly. As a condition of the meeting, he has dropped the public records request.

"I’m hoping he can help us with the larger systemic issue—how can we release as much video as possible and redact what we need to redact so we can be transparent?” Wagers told the newspaper. “What do we have to lose? We have nothing to hide. There are no secrets.”

Read 7 remaining paragraphs | Comments

Never Alone Is a Harrowing Journey Into the Folklore of Alaska Natives

Wired - Fri, 21/11/2014 - 18:00

Never Alone is a clever puzzle-platforming game based on the Alaskan Iñupiat culture.

The post Never Alone Is a Harrowing Journey Into the Folklore of Alaska Natives appeared first on WIRED.

This Wristband Tracks Your B-Ball Skills and Suggests Shooting Drills

Wired - Fri, 21/11/2014 - 17:30

Using a net-mounted sensor and a wrist-worn companion, the $150 ShotTracker is built to track your buckets and bricks on the basketball court.

The post This Wristband Tracks Your B-Ball Skills and Suggests Shooting Drills appeared first on WIRED.

Friday's security updates

LWN.net - Fri, 21/11/2014 - 17:07

CentOS has updated libxml2 (C5: denial of service).

Debian has updated drupal7 (multiple vulnerabilities).

Fedora has updated kernel (F20: multiple vulnerabilities).

Gentoo has updated adobe-flash (multiple vulnerabilities).

Mageia has updated boinc-client (denial of service), ffmpeg (M3; M4: multiple vulnerabilities), hawtjni (M3: code execution), kdebase4-runtime, kwebkitpart (code execution), kdebase4-workspace (M4: privilege escalation), kdenetwork4 (M3: multiple vulnerabilities), kernel (M3; M4: multiple vulnerabilities), kernel-vserver (M3: multiple vulnerabilities), krb5 (ticket forgery), libvirt (information disclosure), php-smarty (M3; M4: code execution), privoxy (denial of service), python-djblets (M4: multiple vulnerabilities), python-imaging, python-pillow (multiple vulnerabilities), qemu (M4: multiple vulnerabilities), ruby (multiple vulnerabilities), srtp (M3: denial of service), and wireshark (multiple vulnerabilities).

Mandriva has updated asterisk (BS1: multiple vulnerabilities).

openSUSE has updated gnutls (multiple vulnerabilities) and libvirt (password leak).

Oracle has updated bash (O5; O6; O7: multiple vulnerabilities), libvirt (O6: multiple vulnerabilities), libXfont (O6; O7: multiple vulnerabilities), libxml2 (O5: denial of service), mariadb (O7: multiple vulnerabilities), and mysql55-mysql (O5: multiple vulnerabilities).

Red Hat has updated java-1.5.0-ibm (RHEL5,6: multiple vulnerabilities), java-1.7.0-ibm (RHEL6: multiple vulnerabilities), java-1.7.1-ibm (RHEL6,7: multiple vulnerabilities), and libxml2 (RHEL5: denial of service).

Scientific Linux has updated libxml2 (SL5: denial of service).

Ubuntu has updated apparmor (14.04: privilege escalation) and ruby1.8, ruby1.9.1, ruby2.0, ruby2.1 (12.04, 14.04, 14.10: denial of service).

Aereo May Be Dead, But Internet TV Will Live On

Wired - Fri, 21/11/2014 - 17:03

It's a sad day for Aereo and all those who believed in it. The startup, which allowed people to stream live broadcast television to their computers and mobile devices, has filed for Chapter 11 bankruptcy, just months after shutting down operations.

The post Aereo May Be Dead, But Internet TV Will Live On appeared first on WIRED.

After a 3-year copyright battle, Aereo gives up the ghost

Ars Technica - Fri, 21/11/2014 - 16:37
Aereo on an iPad. Casey Johnston

TV-over-the-Internet startup Aereo has filed for bankruptcy, bringing to a close its long-running copyright battle with US television networks. The filing comes at a time when there actually had been a bright spot on the policy horizon for Aereo. The FCC is set to consider whether some types of online streaming should be considered cable systems.

Aereo was created to use a system of using tiny, dime-sized antennas to send broadcast TV signals over the Internet. By renting one antenna and separate storage space to each customer, the company hoped to remain within the bounds of copyright law, despite not having permission from the television networks for its transmissions.

The fight was waged in federal courts around the country. The US Court of Appeals for the 2nd Circuit ruled in Aereo's favor, but the decision was overturned this summer by the Supreme Court. Aereo ceased doing business shortly thereafter.

Read 3 remaining paragraphs | Comments

Harvard Researchers Build $10 Robot That Can Teach Kids to Code

Wired - Fri, 21/11/2014 - 16:30

Mike Rubenstein has created a low-cost robot called AERobot, specifically designed to teach middle school and high school kids the fundamentals of robotics.

The post Harvard Researchers Build $10 Robot That Can Teach Kids to Code appeared first on WIRED.

Week’s Best TV: Jon Stewart Proposes to Benedict Cumberbatch

Wired - Fri, 21/11/2014 - 15:30

It's been a long week, and everyone is jonesing for that Thanksgiving break to put on their fattest pants and slip into football/food/movie comas. So we'll keep it simple. Here's a GIF of Benedict Cumberbatch being flirty with you, and the week's most noteworthy television.

The post Week’s Best TV: Jon Stewart Proposes to Benedict Cumberbatch appeared first on WIRED.

9 Works of Art That Bend Your Senses

Wired - Fri, 21/11/2014 - 15:30

An exhibition that explores how we can use light, space and materials to change our view of the world around us.

The post 9 Works of Art That Bend Your Senses appeared first on WIRED.

5-Year-Old Becomes Youngest Person Ever Qualified to Install Microsoft Windows

Wired - Fri, 21/11/2014 - 15:25

A 5-year-old has passed the Microsoft Certified Professional Exam, making him perhaps the youngest IT pro in the world.

The post 5-Year-Old Becomes Youngest Person Ever Qualified to Install Microsoft Windows appeared first on WIRED.

Daniel Pocock: PostBooks 4.7 packages available, xTupleCon 2014 award

Planet Debian - Fri, 21/11/2014 - 15:12

I recently updated the PostBooks packages in Debian and Ubuntu to version 4.7. This is the version that was released in Ubuntu 14.10 (Utopic Unicorn) and is part of the upcoming Debian 8 (jessie) release.

Better prospects for Fedora and RHEL/CentOS/EPEL packages

As well as getting the packages ready, I've been in contact with xTuple helping them generalize their build system to make packaging easier. This has eliminated the need to patch the makefiles during the build. As well as making it easier to support the Debian/Ubuntu packages, this should make it far easier for somebody to create a spec file for RPM packaging too.

Debian wins a prize

While visiting xTupleCon 2014 in Norfolk, I was delighted to receive the Community Member of the Year award which I happily accepted not just for my own efforts but for the Debian Project as a whole.

Steve Hackbarth, Director of Product Development at xTuple, myself and the impressive Community Member of the Year trophy

This is a great example of the productive relationships that exist between Debian, upstream developers and the wider free software community and it is great to be part of a team that can synthesize the work from so many other developers into ready-to-run solutions on a 100% free software platform.

Receiving this award really made me think about all the effort that has gone into making it possible to apt-get install postbooks and all the people who have collectively done far more work than myself to make this possible:

Here is a screenshot of the xTuple web / JSCommunicator integration, it was one of the highlights of xTupleCon:

and gives a preview of the wide range of commercial opportunities that WebRTC is creating for software vendors to displace traditional telecommunications providers.

xTupleCon also gave me a great opportunity to see new features (like the xTuple / Drupal web shop integration) and hear about the success of consultants and their clients deploying xTuple/PostBooks in various scenarios. The product is extremely strong in meeting the needs of manufacturing and distribution and has gained a lot of traction in these industries in the US. Many of these features are equally applicable in other markets with a strong manufacturing industry such as Germany or the UK. However, it is also flexible enough to simply disable many of the specialized features and use it as a general purpose accounting solution for consulting and services businesses. This makes it a good option for many IT freelancers and support providers looking for a way to keep their business accounts in a genuinely open source solution with a strong SQL backend and a native Linux desktop interface.

Eyes-on with Streaming Photoshop: Adobe’s plan to bring PS to the cloud

Ars Technica - Fri, 21/11/2014 - 15:00

We have seen Photoshop work in a browser, and it looked pretty good. "Streaming Photoshop" is Adobe and Google's plan to bring the incomparable photo editor to Chrome OS and the Chrome Browser. We covered the original announcement, but we were recently given the chance to talk to Adobe about the project and see it actually working in a Chrome browser.

"Streaming Photoshop" is a Chrome App that you download from the Chrome store (provided you are whitelisted). The app opens in a window that looks just like a local version of Photoshop—there's no browser UI of any kind. Photoshop lives on a computer in the cloud, and a video feed of it is streamed to the Chrome app. The app captures clicks and sends them to the server. It sounds like using it would be a clunky mess, but the whole process looked indistinguishable from a local install of Photoshop.

The primary purpose of Photoshop-in-a-browser is to get the app running on Chrome OS, which pretty much can only run a browser. Chrome OS has taken off as a competitor to Windows—the NPD's last estimate put it at 35% of commercial notebook sales—but it lacks a few killer apps like Photoshop. The other benefit is that you can now run Photoshop on just about any computer without having to worry about RAM and CPU usage, since all the computer has to display is a video stream. Adobe says even the $200 Chromebooks on the market today should be fast enough to handle Streaming Photoshop.

Read 6 remaining paragraphs | Comments

Feds proposed the secret phone database used by local Virginia cops

Ars Technica - Fri, 21/11/2014 - 14:00

A Virginia-based law enforcement data sharing ring, which allows signatory police agencies to share and analyze seized "telephone intelligence information," was first proposed by federal prosecutors, according to new documents obtained by Ars. Federal involvement suggests that there could be more such databases in other parts of the country.

"It’s unsurprising to see the feds encouraging local law enforcement agencies to create these localized databases," Hanni Fakhoury, a staff attorney with the Electronic Frontier Foundation, told Ars. "In fact, there’s a whole division within the Department of Justice that focuses on educating and advancing local law enforcement interests, the National Institute of Justice. And so I would imagine there are others."

As Ars reported last month, according to a memorandum of understanding (MOU) first published by the Center for Investigative Reporting, the police departments from Hampton, Newport News, Norfolk, Chesapeake, and Suffolk all participate in something called the "Hampton Roads Telephone Analysis Sharing Network," or HRTASN.

Read 20 remaining paragraphs | Comments

How Designers Recreated Alan Turing’s Code-Breaking Computer for Imitation Game

Wired - Fri, 21/11/2014 - 14:00

Benedict Cumberbatch may be the star of The Imitation Game, but the film's truly central figure is the code-breaking computer Christopher.

The post How Designers Recreated Alan Turing’s Code-Breaking Computer for Imitation Game appeared first on WIRED.

Julien Danjou: Distributed group management and locking in Python with tooz

Planet Debian - Fri, 21/11/2014 - 13:10

With OpenStack embracing the Tooz library more and more over the past year, I think it's a good start to write a bit about it.

A bit of history

A little more than year ago, with my colleague Yassine Lamgarchal and others at eNovance, we investigated on how to solve a problem often encountered inside OpenStack: synchronization of multiple distributed workers. And while many people in our ecosystem continue to drive development by adding new bells and whistles, we made a point of solving new problems with a generic solution able to address the technical debt at the same time.

Yassine wrote the first ideas of what should be the group membership service that was needed for OpenStack, identifying several projects that could make use of this. I've presented this concept during the OpenStack Summit in Hong-Kong during an Oslo session. It turned out that the idea was well-received, and the week following the summit we started the tooz project on StackForge.


Tooz is a Python library that provides a coordination API. Its primary goal is to handle groups and membership of these groups in distributed systems.

Tooz also provides another useful feature which is distributed locking. This allows distributed nodes to acquire and release locks in order to synchronize themselves (for example to access a shared resource).

The architecture

If you are familiar with distributed systems, you might be thinking that there are a lot of solutions already available to solve these issues: ZooKeeper, the Raft consensus algorithm or even Redis for example.

You'll be thrilled to learn that Tooz is not the result of the NIH syndrome, but is an abstraction layer on top of all these solutions. It uses drivers to provide the real functionalities behind, and does not try to do anything fancy.

All the drivers do not have the same amount of functionality of robustness, but depending on your environment, any available driver might be suffice. Like most of OpenStack, we let the deployers/operators/developers chose whichever backend they want to use, informing them of the potential trade-offs they will make.

So far, Tooz provides drivers based on:

All drivers are distributed across processes. Some can be distributed across the network (ZooKeeper, memcached, redis…) and some are only available on the same host (IPC).

Also note that the Tooz API is completely asynchronous, allowing it to be more efficient, and potentially included in an event loop.

Features Group membership

Tooz provides an API to manage group membership. The basic operations provided are: the creation of a group, the ability to join it, leave it and list its members. It's also possible to be notified as soon as a member joins or leaves a group.

Leader election

Each group can have a leader elected. Each member can decide if it wants to run for the election. If the leader disappears, another one is elected from the list of current candidates. It's possible to be notified of the election result and to retrieve the leader of a group at any moment.

Distributed locking

When trying to synchronize several workers in a distributed environment, you may need a way to lock access to some resources. That's what a distributed lock can help you with.

Adoption in OpenStack

Ceilometer is the first project in OpenStack to use Tooz. It has replaced part of the old alarm distribution system, where RPC was used to detect active alarm evaluator workers. The group membership feature of Tooz was leveraged by Ceilometer to coordinate between alarm evaluator workers.

Another new feature part of the Juno release of Ceilometer is the distribution of polling tasks of the central agent among multiple workers. There's again a group membership issue to know which nodes are online and available to receive polling tasks, so Tooz is also being used here.

The Oslo team has accepted the adoption of Tooz during this release cycle. That means that it will be maintained by more developers, and will be part of the OpenStack release process.

This opens the door to push Tooz further in OpenStack. Our next candidate would be write a service group driver for Nova.

The complete documentation for Tooz is available online and has examples for the various features described here, go read it if you're curious and adventurous!

This Tiny Engine Could Make Leaf Blowers Sound Less Like Jets

Wired - Fri, 21/11/2014 - 12:45

Big engines like the 707-horsepower monster Dodge put in the Challenger Hellcat or Volvo’s little four-cylinder that makes 425 ponies get all the attention these days. But there are millions of tiny engines doing tiny things (think garden trimmers, leaf blowers, that sort of thing) that we never give much thought to. But just as there are engineers pondering how to make big engines more powerful, so too are there engineers pondering how to make tiny engines more powerful.

The post This Tiny Engine Could Make Leaf Blowers Sound Less Like Jets appeared first on WIRED.

The Cutest and Weirdest Wild Animal Incidents This Week

Wired - Fri, 21/11/2014 - 12:45

This Week in Wild Animals for November 21, 2014 Starfish were deflating. Polar bears were going bald. Fur seals were raping penguins. A 400-pound tortoise named Benjamin Franklin made an appearance outside a Walmart. This Week in Wild Animals is a public service for human beings compiled by Jon Mooallem, author of the book Wild […]

The post The Cutest and Weirdest Wild Animal Incidents This Week appeared first on WIRED.

Syndicate content