Tag • #github

chevron_right

Piracy Shield Source Code & Internal Documentation Leak Online

news.movim.eu / TorrentFreak · Tuesday, 26 March - 21:30 · 3 minutes

Ever since Italian authorities announced their intent to introduce an even more aggressive anti-piracy blocking system than the one already in place, controversy has rarely been far behind.

Recent reports of avoidable overblocking, a reluctance to admit that the Piracy Shield system is fallible, and new reports that telecoms regulator AGCOM is now rejecting complaints from wrongfully blocked Cloudflare customers, are just some of the ingredients in a volatile mix that has always threatened to boil over.

Piracy Shield: Source Code Leaked Online

In what could develop into the biggest crisis yet for the Piracy Shield system and those who operate it, nine repositories of source code, internal documentation, and other related data, claiming to be the various components of the Piracy Shield system, appear to have leaked online.

An announcement in Italian and English, posted on GitHub a few hours ago, criticizes AGCOM and SP Tech Legal, the law firm-linked developer behind Piracy Shield, for creating a “tool of censorship disguised as a solution to piracy.”

The main ‘fuckpiracyshield’ repository on GitHub was created by a user of the same name; they appear to have joined the site for the purposes of leaking the code online and, after signing up at 15:55 on Tuesday, by 16:50 they were gone. Aside from the leaked material, a message was left behind.

“This is not the way to stop piracy. This is a gateway to censorship,” the bio message reads.

Content Allegedly Leaked

The apparently leaked collection spans nine repositories; they are named and described as follows:

frontend (The frontend of Piracy Shield), data (Guides for the ISPs and reporters that use Piracy Shield), variations (Some code that was probably used for testing for Piracy Shield?), service (Services and main logic of the Piracy Shield API), data-storage (Storage and filesystem management for the Piracy Shield API), data-model (Data models of objects used by the Piracy Shield code), component (Components needed by other Piracy Shield packages), api (This is the API for Piracy Shield)

For those unfamiliar with Python or no interest in code, period, the ‘data’ repository probably offers the most interesting information. It contains what appears to be up-to-date operations manuals for Piracy Shield, with the ‘ISP TECHNICAL MANUAL – PIRACY SHIELD’ described as v2.4.1, current on February 2nd when Piracy Shield made its full debut.

All documents are named and presented in Italian and the titles suggest that there are two versions of two distinct manuals: ‘Piracy Shield Manual’ and ‘Piracy Shield Error Codes’. One version seems to be directed at those reporting domains and IP addresses for blocking and the other toward the ISPs expected to carry out the blocking.

Unusual Feature of the Leak

When browsing the source code and attempting to work out its purpose, on some repositories something immediately stands out. With no assumptions as to who the name refers, a contributor to the Piracy Shield project appears to be someone called Daniele Maglie. Their name appears time and again throughout the code, which in itself isn’t especially unusual.

However, when looking more closely at the leaker’s bio, which includes an image of AGCOM’s president apparently deep in thought, leaving the mouse pointer in place for a moment produces a piece of popup text, as highlighted in the image below.

What the text means, if indeed it means anything at all, will be just one of the questions being asked in the days to come. In the meantime, AGCOM has yet another blocking target to contend with, although a DMCA notice will be much more effective.

From: TF , for the latest news on copyright battles, piracy and more.

chevron_right

Microsoft offers legal protection for AI copyright infringement challenges

news.movim.eu / ArsTechnica · Friday, 8 September, 2023 - 22:40

A man in an armor helmet sitting at a desk with a protective glowing field around him.

Enlarge (credit: Getty Images / Benj Edwards )

On Thursday, Microsoft announced that it will provide legal protection for customers who are sued for copyright infringement over content generated by the company's AI systems. This new policy, called the Copilot Copyright Commitment, is an expansion of Microsoft's existing intellectual property indemnification coverage, Reuters reports .

Microsoft's announcement comes as generative AI tools like ChatGPT have raised concerns about reproducing copyrighted material without proper attribution. Microsoft has heavily invested in AI through products like GitHub Copilot and Bing Chat that can generate original code, text, and images on demand. Its AI models have gained these capabilities by scraping publicly available data off of the Internet without seeking express permission from copyright holders.

By offering legal protection, Microsoft aims to give customers confidence in deploying its AI systems without worrying about potential copyright issues. The policy covers damages and legal fees, providing customers with an added layer of protection as generative AI sees rapid adoption across the tech industry.

Read 5 remaining paragraphs | Comments

chevron_right

After 18 months, GitHub’s big code search overhaul is generally available

news.movim.eu / ArsTechnica · Monday, 8 May, 2023 - 20:48

GitHub's new code search. [credit: GitHub ]

GitHub has announced the general availability of a ground-up rework of code search that has been in development for years.

The changes include substantial new functionality that is significantly more aware of context. The company says its new code search is "about twice as fast" as the old code search and that it "understands code, putting the most relevant results first."

That's on top of redesigned search and code view interfaces. The new search interface offers suggestions and completions, and categorizes and formats the results more intelligently.

Read 6 remaining paragraphs | Comments

chevron_right

Twitter obtains subpoena forcing GitHub to unmask source-code leaker

news.movim.eu / ArsTechnica · Wednesday, 29 March, 2023 - 15:24

Enlarge / Twitter headquarters in San Francisco on February 8, 2023. (credit: Getty Images | Anadolu Agency )

Twitter has obtained a subpoena compelling GitHub to provide identifying information on a user who posted portions of Twitter's source code.

Twitter on Friday asked the US District Court for the Northern District of California to issue a subpoena to GitHub . A court clerk signed off on the subpoena yesterday.

GitHub user "FreeSpeechEnthusiast" posted Twitter source code in early January, shortly after Elon Musk bought Twitter and laid off thousands of workers. Twitter reportedly suspects the code leaker is one of its many ex-employees.

Read 9 remaining paragraphs | Comments

chevron_right

The time has come: GitHub expands 2FA requirement rollout March 13

news.movim.eu / ArsTechnica · Friday, 10 March, 2023 - 22:36

Enlarge / A GitHub-made image accompanying all the company's communications about 2FA. (credit: GitHub )

Software development tool GitHub will require more accounts to enable two-factor authentication (2FA) starting on March 13 . That mandate will extend to all user accounts by the end of 2023.

GitHub announced its plan to roll out a 2FA requirement in a blog post last May. At that time, the company's chief security officer said that it was making the move because GitHub (which is used by millions of software developers around the world across myriad industries) is a vital part of the software supply chain. Said supply chain has been subject to several attacks in recent years and months, and 2FA is a strong defense against social engineering and other particularly common methods of attack.

When that blog post was written, GitHub revealed that only around 16.5 percent of active GitHub users used 2FA—far lower than you'd expect from technologists who ought to know the value of it.

Read 7 remaining paragraphs | Comments

chevron_right

10 malicious Python packages exposed in latest repository attack

news.movim.eu / ArsTechnica · Tuesday, 9 August, 2022 - 18:01 · 1 minute

Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common.

Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common. (credit: Getty Images)

Researchers have discovered yet another set of malicious packages in PyPi , the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar packages could be subject to malware downloads or theft of user credentials and passwords.

Check Point Research, which reported its findings Monday , wrote that it didn't know how many people had downloaded the 10 packages, but it noted that PyPi has 613,000 active users, and its code is used in more than 390,000 projects. Installing from PyPi through the pip command is a foundational step for starting or setting up many Python projects. PePy , a site that estimates Python project downloads, suggests most of the malicious packages saw hundreds of downloads.

Such supply-chain attacks are becoming increasingly common, especially among open source software repositories that support a wide swath of the world's software. Python's repository is a frequent target, with researchers finding malicious packages in September 2017 ; June , July , and November 2021; and June of this year. But trick packages have also been found in RubyGems in 2020 , NPM in December 2021 , and many more open source repositories.

Read 5 remaining paragraphs | Comments

chevron_right

Github reverses takedown of reverse-engineered GTA source code

Kyle Orland · news.movim.eu / ArsTechnica · Tuesday, 11 May, 2021 - 19:55

Shots from the reverse-engineered version of Grand Theft Auto III showing off the graphical improvements over the 2002 original. [credit: RockStar Games ]

The reverse-engineered source code for the PC versions of Grand Theft Auto III and Vice City is back online today , months after it was originally posted and then quickly taken down via a DMCA request from publisher Take-Two.

TorrentFreak reports on the restored version of the project, which was posted as a seemingly identical fork of the original by a New Zealand-based developer named Theo. While the original GitHub poster (who goes by the handle aac) has not contested Take-Two's original takedown, Theo told TorrentFreak he filed a counterclaim to restore his copy of the project, saying it "contained no code owned by Take Two."

A question of law

We've previously looked in-depth at how video game fan coders use reverse-engineering techniques to deconstruct the packaged executable files distributed by a game's original developers. This painstaking, function-by-function process creates raw programming code that can generate exactly the same binary file when compiled (though the code as distributed on GitHub still requires external, copyrighted art and sound assets from a legitimate copy of the games).

Read 4 remaining paragraphs | Comments

index?i=jaM-YeuLQ9c:YusH9O-_sVk:V_sGLiPBpWU

index?i=jaM-YeuLQ9c:YusH9O-_sVk:F7zBnMyn0Lo

chevron_right

GitHub regrets firing Jewish employee who called Trump-incited mob “Nazis”

Jon Brodkin · news.movim.eu / ArsTechnica · Monday, 18 January, 2021 - 18:48

A mob of Trump supporters tries to break into the Capitol building on January 6, 2021.

Enlarge / Trump-incited mob tries to breach the US Capitol building in Washington, DC on Wednesday, Jan. 6, 2021. (credit: Getty Images | Bloomberg)

GitHub Inc. yesterday apologized for firing a Jewish employee who had urged colleagues to "stay safe" and avoid "Nazis" on the day a mob incited by President Trump stormed the US Capitol. GitHub said it "reversed the decision" and indicated it is trying to hire the employee back.

"Stay safe homies, Nazis are about," the employee, whose identity hasn't been revealed publicly, wrote in an internal Slack chat room on January 6. He was fired two days later, after one "coworker was quick to criticize the employee for using divisive rhetoric," Business Insider reported last week .

"I did not know that, as a Jew, it would be so polarizing to say this word," the former employee wrote in a Slack group for Jewish employees shortly "before his corporate accounts got deactivated," Business Insider wrote. The former employee "is Jewish and had family who died in the Holocaust," the article said.

Read 9 remaining paragraphs | Comments

index?i=XA11_8pdrPk:4ajPrArwEZY:V_sGLiPBpWU

index?i=XA11_8pdrPk:4ajPrArwEZY:F7zBnMyn0Lo

chevron_right

Growl, once a staple of the Mac desktop experience, has been retired

Samuel Axon · news.movim.eu / ArsTechnica · Monday, 30 November, 2020 - 19:35

A Growl notification. (credit: Aurich Lawson )

Growl , a key part of the Mac desktop experience for 17 years, is being retired. Christopher Forsythe, who acted as the lead developer for the project for years, announced the retirement in a blog post on Friday.

Launched in 2004, Growl provided notifications for applications on Macs (it was also offered for Windows) before Apple introduced its own Notification Center. Notification Center was added to macOS (then styled Mac OS X) in the Mountain Lion update in 2012, but it first debuted on iOS a year earlier.

Here's a snippet of Forsythe's announcement:

Read 3 remaining paragraphs | Comments

index?i=8XnLou1dGHI:g26MxBx4Tf8:V_sGLiPBpWU

index?i=8XnLou1dGHI:g26MxBx4Tf8:F7zBnMyn0Lo