Connect with us

Technology

Tech spec experts seek allies to tear down ISO standards paywall • The Register

Voice Of EU

Published

on

Many of the almost 24,000 technical standards maintained by the International Standards Organization (ISO) are subject to copyright restrictions and are not freely available.

Two weeks ago, Jon Sneyers, senior image researcher at Cloudinary and co-chair of the JPEG XL (ISO/IEC 18181) adhoc group, invited fellow technical experts to collaborate on an open letter urging the ISO to set its standards free.

In an email to The Register, Sneyers explained that paywalled, copyrighted standards inhibit education and innovation.

“Specifically for JPEG XL (or codecs in general), a free spec makes it a lot easier for external enthusiasts to make an alternative implementation,” he said “Often this would be done as a free-and-open-source software hobby project, not necessarily with the goal to make a better implementation, but just as a personal learning project. With a free spec, there might be a few of such attempts, some failing, some succeeding.”

The value of alternative implementations, he contends, is that they help verify the correctness of the spec. He notes that libjxl, the reference implementation of the JPEG XL spec, is the only such library at the moment, which makes it less likely discrepancies between the spec and the implementation will be found and more likely that libjxl, compliant or not, will become the de facto standard, thereby diluting the authority of the ISO spec.

“With a paywalled spec, there will likely be no such attempts, because a hobbyist is unlikely to pay a big fee up front just to read the spec (which is something you’d do before you even decide to have a go at it and try to implement it),” he said.

Via Twitter, Ian Graham, senior lecturer in operations management at the University of Edinburgh, explained the problem with paywalled specifications succinctly. “It is very difficult to teach about ISO standards when the students can’t access them,” he said.

The collaborative open letter notes that in 2019 the Switzerland-based ISO, which through its national affiliates brought in 6.6m CHF ($7.28m) from publications sales and 12.9m CHF ($14.23m) in royalties from publication sales by national affiliates, earned almost as much in spec fees as the organization collected in membership fees that year (21.2m CHF or $23.39m USD).

And it claims that the ISO Central Secretariat has “begun strictly and narrowly enforcing the criteria for Publicly Available Standards (PAS)” by paywalling new editions of standards that were formerly free, redefining Technical Reports so they can no longer be free under any circumstances, and “pressuring other standard organizations with which it collaborates and that have a policy of publicly available standards (e.g. ITU-T), to change their policy towards making joint documents non-publicly available.”

Sneyers believes the ISO should be moving in the opposite direction by tearing down its paywall.

“I think international standards are great for worldwide interoperability and as a way to do knowledge transfer: collecting best practices and international expertise and condensing it into a standard,” he said. “I see a paywall as a significant obstacle to that.”

A handful of other technical experts have already signaled their agreement as co-signatories, including:

  • Luca Versari, ISO/IEC JTC 1 / SC 29 / WG 1, editor of ISO/IEC 18181 (JPEG XL)
  • Leonard Rosenthol, Chair of ISO TC 171/SC 2, member of various TC’s including ISO/IEC JTC 1 / SC 29 / WG 1 and project leader for over a dozen different standards.
  • Bryce Adelstein Lelbach, ISO/IEC JTC 1 / SC 22 / WG21 (C++) / LEWG chair, INCITS (US) PL22 chair
  • Jeff Hammond, ISO/IEC JTC 1 / SC22 / WG5 (Fortran) and WG21 (C++) contributor
  • JF Bastien, SC22 / WG21 (C++) EWG Chair
  • Eric Portis, W3C WICG & WHATWG participant
  • Patrick H. Lauke, W3C PEWG chair, W3C AGWG member

The letter cites numerous arguments for a policy change. Among them: resentment from technical experts who write standards without compensation only to see the ISO charge for their free labor; the risk of irrelevancy if experts choose to pursue standardization through other organizations that don’t charge; and the possibility that the ISO’s reputation for neutrality will be tarnished if it’s perceived as a for-profit entity.

The ISO did not immediately respond to a request for comment.

Sneyers’s campaign echoes similar paywall demolition initiatives, such as the ongoing effort to make US court document service Pacer available at no charge, as well the late Aaron Schwartz‘s attempt to open up JSTOR, and, of course, Sci-Hub.

Carl Malamud, a public domain advocate and president of public.resource.org, lauded Sneyer’s effort to change the ISO.

“Standards that are not freely available lose their very reason for being,” said Malamud, who has spent years working to make US government documents freely available. “Standards required by law that are not freely available are a violation of a key principle of the rule of law: that the law must be promulgated to be valid. This is particularly true for public safety standards. ISO will lose relevance in our modern world if they do not change their approach to this important issue. They are on the wrong side of justice with their current stance.”

“This effort by so many senior ISO participants to make sure their important work remains relevant is very commendable,” he added. “I hope they will have some impact on the organization.”

Sneyers said he has no immediate plans to present this letter, which he hopes will spur discussion of reform within the national standardization bodies. He said he has been reaching out to other ISO members who share his view about the need to make standards freely available, but he is considering opening the movement up to the public and policymakers.

“The national bodies (ANSI, DIN, etc) are where this discussion will have to be had first, because they are the only ones that can really influence ISO,” he said. “I am mostly just trying to give ammunition to those who want to start that discussion.” ®



Source link

Technology

Nvidia’s Arm deal faces another blow, this time from the US FTC

Voice Of EU

Published

on

The US Federal Trade Commission wants to block Nvidia’s Arm takeover as it believes the combined company will stifle competition.

Nvidia’s contentious acquisition of UK chip designer Arm continues to face roadblocks as the US Federal Trade Commission’s (FTC) is suing Nvidia to block the deal.

The acquisition, which is now valued at $54bn, has been fighting an uphill battle since it was first announced more than a year ago, first from the UK’s competition watchdog in January 2021 and then from the EU.

Now, the FTC wants to block the acquisition. In a statement, the FTC said Arm’s technology is a critical input that enables competition between Nvidia and its competitors in several markets.

Therefore, it believes the proposed merger would give Nvidia the ability and incentive to use its control of this technology to undermine its competitors, reducing competition and ultimately resulting in reduced product quality, reduced innovation, higher prices and less choice.

The FTC’s bureau of competition director, Holly Vedova, said the proposed deal would allow the combined company to stifle the innovation pipeline for next-generation technologies.

“Tomorrow’s technologies depend on preserving today’s competitive, cutting-edge chip markets. This proposed deal would distort Arm’s incentives in chip markets and allow the combined firm to unfairly undermine Nvidia’s rivals,” she said.

“The FTC’s lawsuit should send a strong signal that we will act aggressively to protect our critical infrastructure markets from illegal vertical mergers that have far-reaching and damaging effects on future innovations.”

Opposition from all sides

The Competition and Markets Authority (CMA) in the UK raised similar concerns in August when it said the deal would require an in-depth investigation.

“We’re concerned that Nvidia controlling Arm could create real problems for Nvidia’s rivals by limiting their access to key technologies, and ultimately stifling innovation across a number of important and growing markets,” said Andrea Coscelli, chief executive of the CMA.

In October, Nvidia’s planned purchase hit another roadblock from the European Commission launching an in-depth antitrust investigation into the deal at the end of October, with a decision expected by 15 March 2022.

“While Arm and Nvidia do not directly compete, Arm’s IP is an important input in products competing with those of Nvidia, for example in data centres, automotive and internet of things,” said executive vice-president Margrethe Vestager, who is responsible for competition policy.

“Our analysis shows that the acquisition of Arm by Nvidia could lead to restricted or degraded access to Arm’s IP, with distortive effects in many markets where semiconductors are used.”

Despite opposition from several watchdogs, Nvidia has been confident the deal will go through.

“Although some Arm licensees have expressed concerns or objected to the transaction, and discussions with regulators are taking longer than initially thought, we are confident in the deal and that regulators should recognise the benefits of the acquisition to Arm, its licensees and the industry,” Nvidia CFO Colette Kress said earlier this year.

And in a letter to the Financial Times a month after the deal was first announced, Nvidia founder and CEO Jensen Huang said the company will maintain Arm’s open licensing model. “We have no intention to ‘throttle’ or ‘deny’ Arm’s supply to any customer.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Technology

UK government’s risk planning is weak and secretive, says Lords report | Politics

Voice Of EU

Published

on

Assessment and planning by the government relating to risks facing the UK are deficient and “veiled in secrecy”, a report has found.

The 129-page report, entitled Preparing for Extreme Risks: Building a Resilient Society, was produced by the House of Lords select committee on risk assessment and risk planning – a group appointed in October 2020.

James Arbuthnot, chair of the committee, said that while the UK’s risk assessment processes had been praised across the world before the pandemic, the impact of Covid suggested there may be problems.

“It had been advised that if there were to be a coronavirus pandemic, as a country we would suffer up to 100 deaths,” he said. “Over 140,000 deaths later, we realised that we could perhaps have been doing rather better in our assessment and our planning.”

The report – which draws on sources including oral evidence from 85 witnesses, including from the chief scientific adviser, Sir Patrick Vallance, during 29 sessions – looked at the country’s approach to assessing and preparing for a wide range of risks, from chemical warfare to the climate crisis and severe space weather.

“If you ask, what keeps me awake at nights, it is the growing possibility of major disruption due to more and more frequent cyber-attacks,” said Lord Rees, a committee member. “And even more, I worry on a timescale of tens of years about bioterrorism, bioengineered viruses and all that, which are going to be feasible.”

The report’s conclusions point to a number of shortcomings. Among them the committee highlighted a tendency for the government to focus on immediate problems rather than preparing for the long term.

“The likelihood of major risks actually occurring during the term of the government is low,” said committee member Lord Mair, noting as a result there is no incentive to prepare for them.

The committee also flagged concerns over the National Risk Register and the National Security Risk Assessment (NSRA), and called for better processes to categorise risks, including looking at how vulnerable the country would be to certain threats, and better modelling of how risks can cascade – with Arbuthnot noting as an example the impact of Covid on school exams.

Among other issues the report criticised a lack of transparency by the government. “The current risk management system is veiled in an unacceptable and unnecessary level of secrecy,” the report noted, adding that in turn has hampered the country’s preparedness, with frontline responders including local government and volunteer groups struggling to access the information they need.

It is not the first time the government has been accused of secrecy over risk assessment and planning: a report on Exercise Cygnus, the 2016 government simulation of how the country would handle a fictitious “swan flu”pandemic was only made public after a copy was leaked to the Guardian.

Among other actions, the latest report recommends:

  • The establishment of an Office for Preparedness and Resilience by the government, headed by a newly created post of government chief risk officer.

  • A presumption of publication by the government, and the publication of the content of the Official-Sensitive National Security Risk Assessment except where there is a direct national security risk.

  • The publication, every two years, by the government of a brochure on risk preparedness to inform the public on topics including what to do in an emergency.

“[It’s] much better to face some of these issues, having prepared for, and practised for, and exercised for them in advance rather than doing them first in the heat of battle,” said Arbuthnot

Arbuthnot added the Covid pandemic had offered the chance to “address a public that is ready to be addressed. And people have proved that they’re up to it.”

Prof David Spiegelhalter, chair of the Winton Centre for Risk and Evidence Communication at Cambridge University, and who contributed evidence to the report, welcomed its publication.

“It’s extraordinary that the National Risk Register does not get any public promotion or media coverage, and I welcome the committee’s recommendation to radically improve the communication with the public about the risks they face,” he said. “These vital issues deserve to be widely known and discussed.”

Source link

Continue Reading

Technology

Ubiquiti dev charged with data-breaching own employer • The Register

Voice Of EU

Published

on

A Ubiquiti developer has been charged with stealing data from the company and extortion attempts totalling $2m in what prosecutors claim was a vicious campaign to harm the firm’s share price – including allegedly planting fake press stories about the breaches.

US federal prosecutors claimed that 36-year-old Nickolas Sharp had used his “access as a trusted insider” to steal data from his employer’s AWS and GitHub instances before “posing as an anonymous hacker” to send a ransom demand of 50 Bitcoins.

The DoJ statement does not mention Sharp’s employer by name, but a Linkedin account in Sharp’s name says he worked for Ubiquiti as a cloud lead between August 2018 and March 2021, having previously worked for Amazon as a software development engineer.

In an eyebrow-raising indictment [PDF, 19 pages, non-searchable] prosecutors claim Sharp not only pwned his employer’s business from the inside but joined internal damage control efforts, and allegedly posed as a concerned whistleblower to make false claims about the company wrongly downplaying the attack’s severity, wiping $4bn off its market capitalisation.

Criminal charges were filed overnight in an American federal court against Sharp, of Portland, Oregon. The indictment valued the 50 Bitcoins at $1.9m “based on the prevailing exchange rate at the time.”

US attorney Damian Williams said in a US Justice Department statement: “As further alleged, after the FBI searched his home in connection with the theft, Sharp, now posing as an anonymous company whistle-blower, planted damaging news stories falsely claiming the theft had been by a hacker enabled by a vulnerability in the company’s computer systems.”

Sharp is alleged to have downloaded an admin key which gave him “access to other credentials within Company-1’s infrastructure” from Ubiquiti’s AWS servers at 03:16 local time on 10 December 2020, using his home internet connection. Two minutes later, that same key was used to make the AWS API call GetCallerIdentity from an IP address linked to VPN provider Surfshark – to which Sharp was a subscriber, prosecutors claimed.

Later that month, according to the prosecution, he is alleged to have set AWS logs to a one-day retention policy, effectively masking his presence.

Eleven days after the AWS naughtiness, the indictment claims, he used his own connection to log into Ubiquiti’s GitHub infrastructure. “Approximately one minute later,” alleged the indictment, Sharp used Surfshark to ssh into GitHub and clone around 155 Ubiquiti repos to his home computer.

“In one fleeting instance during the exfiltration of data,” said the indictment, “the Sharp IP address was logged making an SSH connection to use GitHub Account-1 to clone a repository.”

For the rest of that night, prosecutors said, logs showed Sharp’s personal IP alternating with a Surfshark exit node while making clone calls. Although it was not spelled out in the court filing, prosecutors appeared to be suggesting that Surfshark VPN was dropping out and revealing “the attacker’s” true IP.

Ubiquiti discovered what was happening on 28 December. Prosecutors claimed Sharp then joined the company’s internal response to the breaches.

In January 2021 Ubiquiti received a ransom note sent from a Surfshark VPN IP address demanding 25 Bitcoins. If it paid an extra 25 Bitcoins on top of that, said the note, its anonymous author would reveal a backdoor in the company’s infrastructure. This appears to be what prompted Ubiquiti to write to its customers that month alerting them to a data breach. Ubiquiti did not pay the ransom, said the indictment.

Shortly after Federal Bureau of Investigation workers raided Sharp’s home, prosecutors claim he “caused false or misleading news stories to be published about the Incident and Company-1’s disclosures and response to the Incident. Sharp identified himself as an anonymous source within Company-1 who had worked on remediating the Incident. In particular, Sharp pretended that Company-1 had been hacked by an unidentified perpetrator who maliciously acquired root administrator access [to] Company-1’s AWS accounts.”

This appears to be referencing an article by infosec blogger Brian Krebs that was published that day, on 30 March 2021. He spoke “on condition of anonymity for fear of retribution by Ubiquiti”, and El Reg (among many other outlets) followed up Krebs’ reporting in good faith. In that article, the “whistleblower” said he had reported Ubiquiti in to the EU Data Protection Supervisor, the political bloc’s in-house data protection body.

We have asked Krebs for comment.

Sharp is innocent unless proven guilty. He is formally charged with breaches of the Computer Fraud and Abuse Act, transmitting interstate threats, wire fraud and making false statements to the FBI. If found guilty on all counts and handed maximum, consecutive sentences on each, he faces 37 years in prison. ®

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!