Warner Music Group is suing Spotify in India, but that’s not stopped the music streaming service from launching in the nation. From a report: Spotify said it sees a big opportunity in India, one of the fastest growing music markets. To court Indian users, the company is deviating from its global playbook. The company said for the first time, Spotify Free — its free tier — will enable users to listen to any song on demand — as opposed to accessing a limited set of playlists in other markets. Spotify Free is available on mobile, tablet, and web. Additionally, its monthly premium tier starts at Rs 119 ($1.67) in India, compared to $9.99 in the U.S., $11.30 in France, and $13.25 in the U.K. The company is also offering a pay-as-you-go option, allowing users to access Spotify Premium for Rs 13 (18 cents) per day and Rs 39 (55 cents) per week. The lower cost — the cheapest rate Spotify offers in any market — and an open free tier, underscore a unique challenge that India, the second largest internet market, presents to global companies. Very few people in the nation are willing — let alone can afford — to pay for premium services. Now the legal issue: According to Spotify, Warner Music, the world’s third largest music group, “revoked a previously agreed-upon publishing license for reasons wholly unrelated to Spotify’s launch in India.” The Verge adds: Yesterday, Warner sued to stop Spotify’s use of its catalog, which Spotify had tried to obtain rights to through a controversial amendment to the Indian copyright act that allows for broadcasters to obtain licenses without the copyright owner’s consent. At the heart of this is whether or not Spotify falls under the umbrella of “broadcaster” in India’s Copyright Act of 1957. In the act, a “broadcast” is only defined as “communication to the public.” Bombay’s high court said that Spotify would still be allowed to launch for now, according to Times of India, and it appears Spotify wasted no time in doing just that. It seems that if Spotify chooses to stream Warner’s music in the meantime, Spotify will be required to track usage of Warner’s music and set aside money to pay royalties while the case continues through the courts. For now, Spotify is live in India, but without the Warner/Chappell Music catalog, which hosts many of the world’s biggest artists.

Read more of this story at Slashdot.

Source: Slashdot – Spotify Launches in India Amidst Legal Battle With Warner

Prominent astronomer Dr Scott Sheppard, of the Carnegie Institution for Science in Washington D.C., has discovered a new object in the distant reaches of our solar system and given it the name FarFarOut. “At 140 times further away from the sun than our own planet is, the newly identified body — if its discovery is confirmed — will become the furthest known object in our solar system,” reports The Guardian. Sheppard’s discovery was made after his team was analyzing astronomical data to track down Planet Nine, a yet-to-be-discovered body thought to have 10 times the mass of Earth. From the report: Sheppard said he made the discovery of FarFarOut when a lecture he was due to give on his team’s work was postponed and he went back to analyzing his data. He said FarFarOut was somewhat mysterious. “It is very faint; it is on the edge of our ability to detect it,” Sheppard said. “We don’t know anything about the orbit of this object, we just know it is far, far out.” Sheppard said further observations were in the offing to shed more light on the find. The current record holder — a dwarf planet at 120 times the Earth-sun distance — was named merely FarOut when it was spotted by the same team in December last year.

Read more of this story at Slashdot.

Source: Slashdot – Astronomer Finds Potential Furthest Object In Solar System

An anonymous reader quotes a report from TechCrunch: When the government comes for your data, tech companies can’t always tell you. But thanks to a legal loophole, companies can say if they haven’t had a visit yet. These so-called “warrant canaries” — named for the poor canary down the mine that dies when there’s gas that humans can’t detect — are a key transparency tool that predominantly privacy-focused companies use to keep their customers aware of the goings-on behind the scenes. Where companies have abandoned their canaries or caved to legal pressure, Cloudflare is bucking the trend. The networking and content delivery network giant said in a blog post this week that it’s expanding the transparency reports to include more canaries.

To date, the company: has never turned over their SSL keys or customers’ SSL keys to anyone; has never installed any law enforcement software or equipment anywhere on their network; has never terminated a customer or taken down content due to political pressure; and has never provided any law enforcement organization a feed of customers’ content transiting their network. Now Cloudflare’s warrant canaries will include: Cloudflare has never modified customer content at the request of law enforcement or another third party; Cloudflare has never modified the intended destination of DNS responses at the request of law enforcement or another third party; and Cloudflare has never weakened, compromised, or subverted any of its encryption at the request of law enforcement or another third party. It has also expanded and replaced its first canary to confirm that the company “has never turned over our encryption or authentication keys or our customers’ encryption or authentication keys to anyone.” Cloudflare said that if it were ever asked to do any of the above, the company would “exhaust all legal remedies” to protect customer data, and remove the statements from its site. According to Cloudflare’s latest transparency report out this week, the company responded to just seven subpoenas of the 19 requests, affecting 12 accounts and 309 domains. Cloudflare also responded to 44 court orders of the 55 requests, affecting 134 accounts and 19,265 domains. They received between 0-249 national security requests for the duration, but didn’t process any wiretap or foreign government requests for the duration.

Read more of this story at Slashdot.

Source: Slashdot – Cloudflare Expands Its Government Warrant Canaries

Bismillah writes: Researchers have published the results of exploring how vulnerable Thunderbolt is to DMA attacks, and the answer is “very.” Be careful what you plug into that USB-C port. Yes, the set of vulnerabilities has a name: “Thunderclap.” “Thunderbolt, which is available through USB-C ports on modern laptops, provides low-level direct memory access (DMA) at much higher privilege levels than regular universal serial bus peripherals,” reports ITNews, citing a paper published from a team of researchers from the University of Cambridge, Rice University and SRI International. “This opens up laptops, desktops and servers with Thunderbolt input/output ports and PCI-Express connectors to attacks using malicious DMA-enabled peripherals. The main defense against the above attacks is the input-output memory management unit (IOMMU) that allows devices to access only the memory needed for the job to be done. Enabling the IOMMU to protect against DMA attacks comes at a high performance cost however. Most operating systems trade off security for performance gains, and disable the IOMMU by default.”

“Apple’s macOS uses the IOMMU, but even with the hardware defense enabled, the researchers were able to use a fake network card to read data traffic that is meant to be confined to the machine and never leave it,” the report adds. “The network card was also able to run arbitrary programs at system administrator level on macOS and could read display contents from other Macs and keystrokes from a USB keyboard. Apple patched the vulnerability in macOS 10.12.4 that was released in 2016, but the researchers say the more general scope of such attacks remains relevant.”

Read more of this story at Slashdot.

Source: Slashdot – Thunderbolt Vulnerabilities Leave Computers Wide-Open, Researchers Find