Instagram Moderators Say Iran Offered Them Bribes to Remove Accounts

The BBC reports:

A Persian-language content moderator for Instagram and a former content moderator have said Iranian intelligence officials offered them money to remove Instagram accounts of journalists and activists….

Both content moderators also accused some Iranian colleagues of exhibiting “pro-regime bias” when reviewing posts on the photo-sharing service. They spoke to the BBC after many Iranian Instagram users complained that posts about recent anti-government protests in their country had been deleted. Instagram’s owner, Meta Platforms, and the third-party company it uses to moderate content said there was no validity to the claims….

The protests received very little coverage on Iranian state media, meaning that Iranians had to rely on Instagram and other social media sites to learn what was happening on the ground. As the unrest continued, users noticed that some videos posted on Instagram were being removed….

The former content moderator told the BBC that he “personally knew some reviewers who supported the Iranian regime and received instructions from Iran”….

All three interviewees said it was likely that some videos of the protests were removed because they included people shouting: “Death to Khamenei”.

Meta has previously said that its guidelines around incitement of violence prohibit calls for the death of a head of state. However, in Iran the phrase “Death to…” is commonly chanted at protests to express discontent with something or someone, rather than to express an actual threat.

Read more of this story at Slashdot.

Should IT Professionals Be Liable for Ransomware Attacks?

Denmark-based Poul-Henning Kamp describes himself as the “author of a lot of FreeBSD, most of Varnish and tons of other Open Source Software.” And he shares this message in June’s Communications of the ACM.

“The software industry is still the problem.”
If any science fiction author, famous or obscure, had submitted a story where the plot was “modern IT is a bunch of crap that organized crime exploits for extortion,” it would have gotten nowhere, because (A) that is just not credible, and (B) yawn!

And yet, here we are…. As I write this, 200-plus corporations, including many retail chains, have inoperative IT because extortionists found a hole in some niche, third-party software product most of us have never heard of.

But he’s also proposing a solution.
In Denmark, 129 jobs are regulated by law. There are good and obvious reasons why it is illegal for any random Ken, Brian, or Dennis to install toilets or natural-gas furnaces, perform brain surgery, or certify a building is strong enough to be left outside during winter. It may be less obvious why the state cares who runs pet shops, inseminates cattle, or performs zoological taxidermy, but if you read the applicable laws, you will learn that animal welfare and protection of endangered species have many and obscure corner cases.

Notably absent, as in totally absent, on that list are any and all jobs related to IT; IT architecture, computers, computer networks, computer security, or protection of privacy in computer systems. People who have been legally barred and delicensed from every other possible trade — be it for incompetence, fraud, or both — are entirely free to enter the IT profession and become responsible for the IT architecture or cybersecurity of the IT system that controls nearly half the hydrocarbons to the Eastern Seaboard of the U.S….

With respect to gas, water, electricity, sewers, or building stability, the regulations do not care if a company is hundreds of years old or just started this morning, the rules are always the same: Stuff should just work, and only people who are licensed — because they know how to — are allowed to make it work, and they can be sued if they fail to do so.

The time is way overdue for IT engineers to be subject to professional liability, like almost every other engineering profession. Before you tell me that is impossible, please study how the very same thing happened with electricity, planes, cranes, trains, ships, automobiles, lifts, food processing, buildings, and, for that matter, driving a car.

As with software product liability, the astute reader is apt to exclaim, “This will be the end of IT as we know it!” Again, my considered response is, “Yes, please, that is precisely my point!”

Read more of this story at Slashdot.

25 Gigabit Per Second Fiber Retail Broadband Service Demoed in New Zealand

25 gigabits per second — both downloading and uploading. CRN reports broadband infrastructure wholesaler Chorus demonstrated those speeds over their existing passive optical fiber network [PON].

The demonstration in Auckland achieved 21.4 Gbps throughput, tested simultaneously on the same strand of fibre that ran an 8 Gbps symmetric HyperFibre connection, and a 900/550 Mbps UFB link…. Chorus uses Nokia’s Lightspan FX and MX access nodes for multiple types of fibre service, including standard GPON, the XGS-PON behind HyperFibre, point-to-point Ethernet, and envisages the 25 GPON service to run on it as well. It is based on the Quillion chip set line cards, which Nokia says are 50 per cent more energy efficient than earlier models.

Currently, Chorus has no wholesale 25 GPON product, with its fastest offering topping out at 8/8 Gbps HyperFibre. The wholesaler expects to develop a 25 GPON based services within the next two to three years, with a Nokia optical network termination unit that supports either 25/25 Gbps or 25/10 Gbps options. Kurt Rodgers, network strategy manager at Chorus, said the faster broadband service would come into its own for industrial metaverse applications, the Internet of Things, and low-latency cloud connectivity….

Chorus chief technology officer Ewen Powell said the 25 GPON service demonstrated “a future-proofed technology.” Although two-wavelength 50 Gbps service is appearing as a choice for providers, with 100 GPON on the horizon, Chorus is betting that the 25 Gbps variant will offer the best cost benefit overall for providers, as it can use existing optics equipment.

Thanks to long-time Slashdot reader Bismillah for submitting the article.

Read more of this story at Slashdot.

How CentOS Stream and RHEL 9 Led to AlmaLinux 9

ZDNet writes that in late 2020 Red Hat decided “they’d no longer release CentOS Linux as a standalone distribution. Instead, CentOS Stream would work as a beta for RHEL.”
So where are we now?
The competition immediately sprang up to replace CentOS. The two most important of these are the AlmaLinux OS Foundation’s AlmaLinux and Rocky Enterprise Software Foundation’s Rocky Linux. [May 16th saw the release of Rocky Linux 8.6.] Now, mere weeks after the release of RHEL 9, AlmaLinux 9 has arrived.

Like RHEL itself, AlmaLinux 9 starts from CentOS Stream via RHEL. Indeed, AlmaLinux developers are CentOS Stream contributors. The bottom line is that CentOS 9 is an identical twin to RHEL 9 — except for the names and trademarks. It has all the same features, all the same advances, and, for better or worse, all the same bugs.

Besides the big server architectures, AlmaLinux is also ready to run on everything from cloud and Docker images to Microsoft’s Windows Subsystem for Linux and Raspberry Pi, the article points out.

And Jack Aboutboul, AlmaLinux’s Community Manager, tells ZDNet “We are building AlmaLinux with the specific goal of creating an independent CentOS successor that is truly community-centric and designed for everyone… We offer everyone a uniform platform that is safe, secure, easy to use, and dependable to build your tomorrow on.”

Read more of this story at Slashdot.

Omnipotent BMCs From Quanta Remain Vulnerable To Critical Pantsdown Threat

“Quanta not patching vulnerable baseboard management controllers leaves data centers vulnerable,” writes long-time Slashdot reader couchslug. “Pantsdown was disclosed in 2019…” Ars Technica reports: In January 2019, a researcher disclosed a devastating vulnerability in one of the most powerful and sensitive devices embedded into modern servers and workstations. With a severity rating of 9.8 out of 10, the vulnerability affected a wide range of baseboard management controllers (BMC) made by multiple manufacturers. These tiny computers soldered into the motherboard of servers allow cloud centers, and sometimes their customers, to streamline the remote management of vast fleets of computers. They enable administrators to remotely reinstall OSes, install and uninstall apps, and control just about every other aspect of the system — even when it’s turned off. Pantsdown, as the researcher dubbed the threat, allowed anyone who already had some access to the server an extraordinary opportunity. Exploiting the arbitrary read/write flaw, the hacker could become a super admin who persistently had the highest level of control for an entire data center.

Over the next few months, multiple BMC vendors issued patches and advisories that told customers why patching the vulnerability was critical. Now, researchers from security firm Eclypsium reported a disturbing finding: for reasons that remain unanswered, a widely used BMC from data center solutions provider Quanta Cloud Technology, better known as QCT, remained unpatched against the vulnerability as recently as last month. As if QCT’s inaction wasn’t enough, the company’s current posture also remains baffling. After Eclypsium privately reported its findings to QCT, the solutions company responded that it had finally fixed the vulnerability. But rather than publish an advisory and make a patch public — as just about every company does when fixing a critical vulnerability — it told Eclypsium it was providing updates privately on a customer-by-customer basis. As this post was about to go live, “CVE-2019-6260,” the industry’s designation to track the vulnerability, didn’t appear on QCT’s website. […] “[T]hese types of attacks have remained possible on BMCs that were using firmware QCT provided as recently as last month,” writes Ars’ Dan Goodin in closing. “QCT’s decision not to publish a patched version of its firmware or even an advisory, coupled with the radio silence with reporters asking legitimate questions, should be a red flag. Data centers or data center customers working with this company’s BMCs should verify their firmware’s integrity or contact QCT’s support team for more information.”

Read more of this story at Slashdot.

RED Sues Nikon For Infringing On Its Video Compression Patents

RED filed a lawsuit yesterday suing (PDF) Nikon for infringing on its video compression patents. PetaPixel reports: The lawsuit was filed in a southern California federal court today and asserts that the Japanese camera manufacturer and its United States subsidiaries have illegally infringed on seven patents that deal specifically with “a video camera that can be configured to highly compress video data in a visually lossless manner.”

In the filing, RED notes a type of compression that it says it has patented and is in use by Nikon in the Z9: “The camera can be configured to transform blue and red image data in a manner that enhances the compressibility of the data. The data can then be compressed and stored in this form. This allows a user to reconstruct the red and blue data to obtain the original raw data for a modified version of the original raw data that is visually lossless when demosaiced. Additionally, the data can be processed so the green image elements are demosaiced first, and then the red and blue elements are reconstructed based on values of the demosaiced green image elements.”

This compression comes thanks to a partnership with intoPIX’s TicoRAW which was announced last December. […] The TicoRAW feature has been in the news for months, but RED was likely waiting for it to be implemented into a competitor’s camera before filing a lawsuit. RED’s lawsuit says Nikon’s infringement on its patent was “willful” and claims Nikon would have known about RED’s patents. […] RED then cites multiple lawsuits it has filed against Kinefinity, Sony, and Nokia over the years. RED is seeking damages or royalties for the infringement as well as an injunction to ban Nikon from further infringing.

Read more of this story at Slashdot.

Tangle-Free Magnetic USB Cables Are Here

The Verge’s Sean Hollister has been testing a number of “nifty” USB cables that magnetically stick to themselves and don’t get all tangled up in your drawers and bags. The only problem is “they all suck big time at data transfer, charging, or both,” he writes. From the report: This one, which also has its own built-in blue LED light and magnetic swappable tips for USB-C, micro-USB, and Lightning, won’t charge most of my USB-C gadgets at all, but I was able to sling some files from an external drive at lackluster USB 2.0 speeds and charge my iPhone over Lightning. It’s also got super weak coiling magnets and felt even cheaper than the rest.

This USB-C to USB-C one was pretty decent at charging, giving me 65W of USB-C PD power and had the best magnets of the bunch — but it wouldn’t connect to a Pixel 4A phone or my USB-C external drive at all. They just didn’t show up on my desktop!

This USB-A to USB-C cable was the worst of the lot. Just wiggling it would disconnect anything I had plugged in, and it topped out at 10W of charging — not the 15-18W I’d usually see with my Pixel.

Lastly, this USB-A to Lightning one seems to be a SuperCalla cable, showing up in an “Original SuperCalla” box, even though it’s sold by a brand named “Tech.” Slow charging, slow data, but at least it seems to stay reliably connected to my iPhone so far.

But those aren’t the only style of magnetic no-tangle cable I found. I also bought this neat accordion-style one, which is perhaps the best of the bunch: I got 15W charging, and it feels better built than the rest. But it’s less fun to play with, the magnets aren’t as strong, and it’s got a bit of an awkward shape when fully extended because the joints will always stick out. Plus, it tops out at USB 2.0 speeds of 480Mbps (or around 42MB/s in practice.) I couldn’t find a C-to-C or Lightning version. […] Right now, all I’ve found are these cheap-o, $10 novelty cables, and that’s a real shame. The magnet design deserves better, and so do we.

Read more of this story at Slashdot.