Plex Asks GitHub to Take Down ‘Reshare’ Repository Over Piracy Fears

Plex is a multi-functional streaming platform that allows users to watch, organize, and curate their favorite media entertainment. Sharing Plex libraries is also an option; one that comes with piracy concerns. In an effort to “avoid the growth of piracy,” Plex asked GitHub to remove a repository that allows people to reshare libraries that were not originally theirs. TorrentFreak reports: The Swiss company, which is headquartered in the U.S., asked GitHub to remove a “Plex Reshare” repository, alleging that it may contribute to its piracy problem. “Plex Reshare” doesn’t host any copyright-infringing material and, as far as we’ve seen, it doesn’t reference any either. Its main purpose is to allow Plex users to make shared Plex directories browsable on the web, which allows people to “reshare” them without being the original owner. “The reason behind this project is to make available your PLEX shares to other friends unrelated to the person who owns the original library,” Plex Reshare developer Peter explains.

While the repository doesn’t host or link to copyright-infringing material, Plex argues that it can be used to ‘grow’ piracy. “We have found infringing material in your website which indeed is OTHER ‘Plex Server’. The material that is claimed to be infringing is to be removed or access to which is to be disabled immediately and avoid the growth of piracy,” the takedown notice reads. The first part of the sentence is somewhat confusing. Plex-reshare is not a Plex server but the company may use “OTHER Plex Server” as an internal classification category. In any case, Plex alleges that the repository can contribute to the growth of piracy on its platform.

Citing the Online Copyright Infringement Liability Limitation Act, Plex urges GitHub to take immediate action, or else it may be held liable. It’s not clear what this liability claim rests on, as there are no actual copyright infringements mentioned in the takedown notice. Despite the broad nature of this claim, GitHub has indeed taken the repository offline, replacing it with a DMCA takedown reference. This likely wasn’t a straightforward decision as GitHub is known to put developers first with these types of issues. In this case, it took more than three weeks before GitHub took action, which is much longer than usual. This suggests that GitHub allowed the developer to respond and may have sought legal advice from in-house lawyers, to ensure that the rights of all parties are properly considered. The report notes that the Plex-reshare code is listed on Docker Hub as well, which means it may face a similar fate.

Read more of this story at Slashdot.

Feds Finally Decide To Do Something About Years-Old SS7 Spy Holes In Phone Networks

Jessica Lyons reports via The Register: The FCC appears to finally be stepping up efforts to secure decades-old flaws in American telephone networks that are allegedly being used by foreign governments and surveillance outfits to remotely spy on and monitor wireless devices. At issue are the Signaling System Number 7 (SS7) and Diameter protocols, which are used by fixed and mobile network operators to enable interconnection between networks. They are part of the glue that holds today’s telecommunications together. According to the US watchdog and some lawmakers, both protocols include security weaknesses that leave folks vulnerable to unwanted snooping. SS7’s problems have been known about for years and years, as far back as at least 2008, and we wrote about them in 2010 and 2014, for instance. Little has been done to address these exploitable shortcomings.

SS7, which was developed in the mid-1970s, can be potentially abused to track people’s phones’ locations; redirect calls and text messages so that info can be intercepted; and spy on users. The Diameter protocol was developed in the late-1990s and includes support for network access and IP mobility in local and roaming calls and messages. It does not, however, encrypt originating IP addresses during transport, which makes it easier for miscreants to carry out network spoofing attacks. “As coverage expands, and more networks and participants are introduced, the opportunity for a bad actor to exploit SS7 and Diameter has increased,” according to the FCC [PDF].

On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations. The FCC has also asked carriers to detail any exploits of the protocols since 2018. The regulator wants to know the date(s) of the incident(s), what happened, which vulnerabilities were exploited and with which techniques, where the location tracking occurred, and — if known — the attacker’s identity. This time frame is significant because in 2018, the Communications Security, Reliability, and Interoperability Council (CSRIC), a federal advisory committee to the FCC, issued several security best practices to prevent network intrusions and unauthorized location tracking. Interested parties have until April 26 to submit comments, and then the FCC has a month to respond.

Read more of this story at Slashdot.

Scientists Complete Construction of the Biggest Digital Camera Ever

Isaac Schultz reports via Gizmodo: Nine years and 3.2 billion pixels later, it is complete: the LSST Camera stands as the largest digital camera ever built for astronomy and will serve as the centerpiece of the Vera Rubin Observatory, poised to begin its exploration of the southern skies. The Rubin Observatory’s key goal is the 10-year Legacy Survey of Space and Time (LSST), a sweeping, near-constant observation of space. This endeavor will yield 60 petabytes of data on the composition of the universe, the nature and distribution of dark matter, dark energy and the expansion of the universe, the formation of our galaxy, our intimate little solar system, and more. The camera will use its 5.1-foot-wide optical lens to take a 15-second exposure of the sky every 20 seconds, automatically changing filters to view light in every wavelength from near-ultraviolet to the near-infrared. Its constant monitoring of the skies will eventually amount to a timelapse of the heavens; it will highlight fleeting events for other scientists to train their telescopes on, and monitor changes in the southern sky.

To do this, the team needed a Rolls Royce of a digital camera. Mind you, the camera actually cost many million times that of an actual Royce Royce, and at 6,200 pounds (2,812 kilograms), it weighs a lot more than a fancy car. Each of the 21 rafts that makes up the camera’s focal plane is the price of a Maserati, and are worth every penny if they collect the sort of data scientists expect them to. “I’m personally most excited to study the expansion of the Universe using gravitational lenses to better understand Dark Energy,” said Aaron Roodman, a physicist at SLAC and lead on the camera program, in an email to Gizmodo. “That means two things: 1) measuring the brightness in all six of our filters of literally billions of galaxies and very carefully measuring their shape, which has been subtly altered by the bending of light by matter, and 2) discovering and studying very special objects where a distant quasar is almost perfectly lined up with a more nearby galaxy.”

Speaking through a SLAC release, Rodman said the camera’s images could “resolve a golf ball from around 15 miles away, while covering a swath of the sky seven times wider than the full moon.” The first images from the Rubin Observatory are slated to be publicly released in March 2025, which feels like a long way away. But several important agenda items still need to happen. For one, the SLAC team has to ship the LSST camera safely to Chile from its current lodgings in northern California. (Don’t worry — they’ve made a test run of the journey.) Then, the observatory’s mirrors need to be readied for testing and the observatory’s dome has to be completed, among some other tasks. But whenever all that is complete, the legacy survey will launch into a decade’s worth of scientific discovery. Rubin Observatory estimates suggest that LSST could “increase the number of known objects by a factor of 10,” according to a SLAC release.

Read more of this story at Slashdot.

Intel Discloses $7 Billion Operating Loss For Chip-Making Unit

Intel on Tuesday disclosed $7 billion in operating losses for its foundry business in 2023, “a steeper loss than the $5.2 billion in operating losses the year before,” reports Reuters. “The unit had revenue of $18.9 billion for 2023, down 31% from $63.05 billion the year before.” From the report: Intel shares were down 4.3% after the documents were filed with the U.S. Securities and Exchange Commission (SEC). During a presentation for investors, Chief Executive Pat Gelsinger said that 2024 would be the year of worst operating losses for the company’s chipmaking business and that it expects to break even on an operating basis by about 2027. Gelsinger said the foundry business was weighed down by bad decisions, including one years ago against using extreme ultraviolet (EUV) machines from Dutch firm ASML. While those machines can cost more than $150 million, they are more cost-effective than earlier chip making tools.

Partially as a result of the missteps, Intel has outsourced about 30% of the total number of wafers to external contract manufacturers such as TSMC, Gelsinger said. It aims to bring that number down to roughly 20%. Intel has now switched over to using EUV tools, which will cover more and more production needs as older machines are phased out. “In the post EUV era, we see that we’re very competitive now on price, performance (and) back to leadership,” Gelsinger said. “And in the pre-EUV era we carried a lot of costs and (were) uncompetitive.”

Read more of this story at Slashdot.

Yahoo Is Buying Artifact, the AI News App From the Instagram Co-Founders

Yahoo is acquiring Artifact, the AI news app from Instagram’s co-founders that failed to make it big on its own. The Verge reports: The two sides declined to share the cost of the acquisition, but both made clear Yahoo is acquiring Artifact’s tech rather than its team. Mike Krieger and Kevin Systrom, Artifact’s co-founders, will be “special advisors” for Yahoo but won’t be joining the company. Artifact’s remaining five employees have either gotten other jobs or are planning to take some time off. The acquisition comes a bit more than a year after Artifact’s launch and about three months after Systrom and Krieger announced its death. […]

Artifact, the app, will go away once the acquisition is complete. But Artifact’s underlying tech for categorizing, curating, and personalizing content will soon start to show up on Yahoo News — and eventually on other Yahoo platforms, too. “You’ll see that stuff flowing into our products in the coming months,” says Downs Mulder. It sounds like there’s also a good chance that Yahoo’s apps might get a bit of Artifact’s speed and polish over time, too. Both Systrom and Downs Mulder say the integration will take time, that you can’t just drop an Artifact algorithm into Yahoo News and call it a day. But they see a possibility to get everybody into the future a little faster. Yahoo can develop a personalized content ecosystem, the “TikTok for text” that was so alluring to Artifact users. And Artifact can power a news service of the future.

Read more of this story at Slashdot.

VMware By Broadcom Plots Pair of Cloud Foundation Releases

An anonymous reader quotes a report from The Register: VMware by Broadcom will deliver a significant update to its flagship Cloud Foundation bundle in the middle of this year and follow it up with a major update early in 2025. Both releases will show off Broadcom’s plan to make the package easier to implement and operate, and hopefully assuage customer concerns about price rises. More on that later. First, the updates. One release is currently scheduled to debut in July, according to Paul Turner, vice-president of product management and the leader of the VMware Cloud Foundation (VCF) team. The release will allow use of a single license key for all the components of Cloud Foundation, improve OAuth support as a step towards single sign-on across the VMware range, and add an NSX overlay that will allow implementation of software-defined networks without requiring IP address changes.

Turner explained those features as exemplifying the sort of simplification VMware by Broadcom thinks is needed to make Cloud Foundation easier to implement. A bigger release Turner hopes will debut in early 2025 — though he would commit to only a H1 launch — will be a “unified” release in which more of VCF is better integrated. Today, Turner admitted, VMware customers may have implemented vSphere and the Aria management suite, but might still need or choose discrete storage for each. Future VCF releases will increasingly unify the products so that silos aren’t needed. Prashanth Shenoy, vice president for VMware by Broadcom’s cloud platform, infrastructure, and solutions marketing, told The Register the release will be called VCF 9 and will represent “the fullest expression of Broadcom’s vision for product integration.” “When customers deploy VCF there are seams — when they deploy networking and storage, they feel like they do not have a unified developer or operator experience,” Shenoy admitted. VCF 9 will tidy that sort of thing up and make the process “seamless.” Buyers can also expect improved log file analysis, the ability to acquire templates from a marketplace and adopt them as PaaS, and plenty more.

Turner and Shenoy told The Register that the two releases are hoped to make VCF adoption easier, and by doing so demonstrate the value of the bundle. Today, they argue, would-be hybrid cloud adopters using VCF are in reality integrating siloed products — which doesn’t prove the value of the vStack well. VCF 9’s planned integrations, they argue, should demonstrate the power of the stack and the wisdom of Broadcom’s decision to create a VMware unit dedicated to VCF. That team, they explained, means developers for each of the bundle’s components work together on a unified experience, rather than to create their own product. It may also demonstrate the value of VMware by Broadcom’s new licenses – which some users have complained are considerably more expensive now that subscriptions are required, and products are only sold in bundles. Sylvain Cazard, president of Broadcom Software for Asia-Pacific, told The Register that complaints about higher prices are unwarranted since customers using at least two components of VMware’s flagship Cloud Foundation will end up paying less. He also noted that the new pricing includes support, which VMware didn’t include previously.

Read more of this story at Slashdot.

New XZ Backdoor Scanner Detects Implants In Any Linux Binary

Bill Toulas reports via BleepingComputer: Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. CVE-2024-3094 is a supply chain compromise in XZ Utils, a set of data compression tools and libraries used in many major Linux distributions. Late last month, Microsoft engineer Andres Freud discovered the backdoor in the latest version of the XZ Utils package while investigating unusually slow SSH logins on Debian Sid, a rolling release of the Linux distribution.

The backdoor was introduced by a pseudonymous contributor to XZ version 5.6.0, which remained present in 5.6.1. However, only a few Linux distributions and versions following a “bleeding edge” upgrading approach were impacted, with most using an earlier, safe library version. Following the discovery of the backdoor, a detection and remediation effort was started, with CISA proposing downgrading the XZ Utils 5.4.6 Stable and hunting for and reporting any malicious activity.

Binarly says the approach taken so far in the threat mitigation efforts relies on simple checks such as byte string matching, file hash blocklisting, and YARA rules, which could lead to false positives. This approach can trigger significant alert fatigue and doesn’t help detect similar backdoors on other projects. To address this problem, Binarly developed a dedicated scanner that would work for the particular library and any file carrying the same backdoor. […] Binarly’s scanner increases detection as it scans for various supply chain points beyond just the XZ Utils project, and the results are of much higher confidence. Binarly has made a free API available to accomodate bulk scans, too.

Read more of this story at Slashdot.