Items tagged with: Images

CBP says traveler photos and license plate images stolen in data breach

HN Discussion: https://news.ycombinator.com/item?id=20150806
Posted by tlrobinson (karma: 27986)
Post stats: Points: 189 - Comments: 7 - 2019-06-10T21:00:51Z

\#HackerNews #and #breach #cbp #data #images #license #photos #plate #says #stolen #traveler
HackerNewsBot debug: Calculated post rank: 128 - Loop: 144 - Rank min: 100 - Author rank: 38
CBP says traveler and license plate images were stolen in data breach

CVE-2019-5021: Official Alpine Linux Docker images have NULL for root password

HN Discussion: https://news.ycombinator.com/item?id=19861725
Posted by alpb (karma: 4573)
Post stats: Points: 132 - Comments: 64 - 2019-05-08T18:45:29Z

\#HackerNews #alpine #cve-2019-5021 #docker #for #have #images #linux #null #official #password #root
HackerNewsBot debug: Calculated post rank: 109 - Loop: 74 - Rank min: 100 - Author rank: 45

Cost of serving billions of images per month

HN Discussion: https://news.ycombinator.com/item?id=19827521
Posted by ghoshbishakh (karma: 113)
Post stats: Points: 126 - Comments: 50 - 2019-05-04T16:39:39Z

\#HackerNews #billions #cost #images #month #per #serving
HackerNewsBot debug: Calculated post rank: 100 - Loop: 240 - Rank min: 100 - Author rank: 28

Full Disk Images of Earth from GOES-17

HN Discussion: https://news.ycombinator.com/item?id=19824534
Posted by Jerry2 (karma: 15513)
Post stats: Points: 114 - Comments: 28 - 2019-05-04T04:51:08Z

\#HackerNews #disk #earth #from #full #goes-17 #images
HackerNewsBot debug: Calculated post rank: 85 - Loop: 87 - Rank min: 80 - Author rank: 92

Show HN: CC Search – search engine for 300M CC-licensed images

HN Discussion: https://news.ycombinator.com/item?id=19791073
Posted by kgodey (karma: 159)
Post stats: Points: 219 - Comments: 48 - 2019-04-30T19:27:15Z

\#HackerNews #300m #cc-licensed #engine #for #images #search #show
HackerNewsBot debug: Calculated post rank: 162 - Loop: 400 - Rank min: 100 - Author rank: 53

OpenCV-Python Cheat Sheet: From Importing Images to Face Detection

HN Discussion: https://news.ycombinator.com/item?id=19705432
Posted by salma-ghoneim (karma: 76)
Post stats: Points: 145 - Comments: 12 - 2019-04-20T08:33:06Z

\#HackerNews #cheat #detection #face #from #images #importing #opencv-python #sheet
HackerNewsBot debug: Calculated post rank: 100 - Loop: 469 - Rank min: 100 - Author rank: 253

Getty Images Sued Again for Trying to License Public Domain Images

Back in 2016, we wrote about two separate lawsuits involving claims that Getty Images was selling "licenses" to images it had no rights to sell licenses to. The first one was brought by photographer…
Article word count: 1032

HN Discussion: https://news.ycombinator.com/item?id=19549529
Posted by ccnafr (karma: 2348)
Post stats: Points: 151 - Comments: 42 - 2019-04-01T23:42:04Z

\#HackerNews #again #domain #for #getty #images #license #public #sued #trying
Article content:


Back in 2016, we wrote about two separate lawsuits involving claims that Getty Images was selling "licenses" to images it had no rights to sell licenses to. The first one was brought by photographer Carol Highsmith, who [1]sued Getty after Getty had sent a demand letter to her over her own images, which she had donated to the Library of Congress to be put into the public domain. That lawsuit mostly flopped when Getty pointed out (correctly) that Highsmith had no standing, seeing as she had given up the copyright in the photos. The second lawsuit was [2]even more bizarre, involving questions about Gettyʼs rights to various collections it licensed, and whether it had changed the metadata on photos from photo agency Zuma Press. At the time, we noted that little in that lawsuit seemed to make sense, but it still went on for over two years before [3]Getty prevailed, and basically said the only mistakes were done by Zuma.

Well, now weʼve got another [4]lawsuit against Getty over allegedly licensing public domain images. This one was brought by CixxFive Concepts, and... also seems to be a stretch. How much of a stretch? Well, it starts out by alleging RICO violations, and as Ken "Popehat" White always likes to remind everyone: [5]ITʼS NOT RICO, DAMMIT. This lawsuit is also not RICO and itʼs not likely to get very far.
This is a lawsuit brought by CixxFive, on behalf of itself and others similarly situated, alleging RICO, Washington Consumer Protection Act, and other claims against Defendants for fraudulently claiming ownership of copyrights in public domain images (which no one owns) and selling fictitious copyright licenses for public domain images (which no one can legally sell), including operating an enterprise of third-party contributors to perpetrate this egregious scheme.

Hereʼs the thing, though: you can still sell public domain images. You can do whatever you want with them. Of course, you canʼt sue over infringement of them, but you can most certainly still sell them. Why do you think book publishers still make a ton of money selling the Bible, the works of Shakespeare, Dickens and others.

In the lawsuit, CixxFive correctly notes that Getty has NASA images in its database, and those are very clearly in the public domain.
Among the images that Getty and/or Getty US licenses are hundreds of thousands to millions of photographs that are in the public domain, including NASA images, White House press images, historical paintings and documents, and photographs that have been donated to the public domain by the authors. 

 For example, Getty and/or Getty US offers to let the user “Purchase a license” to a NASA photo of Saturn for $499.00 with “standard editorial rights” “or just $475.00 with an UltraPack,” which is a five (5) pack of assets for $2,250.00.

While this may be sleazy, it is hardly against the law.
These images are in the public domain. No one is required to pay Getty and/or Getty US a penny to copy and use them. And Getty has no right to sell copyright licenses for them, as it has done and is doing.

The first sentence is true, the second, not so much. Well, it canʼt sell "copyright licenses," as that is a misrepresentation over the rights that Getty Images has -- but if it wants to try to get people to pay for stuff that is otherwise available for free, thatʼs Gettyʼs prerogative.

The part of the lawsuit that I donʼt think will work, but is at least somewhat interesting, is the argument that this is somehow an unfair or deceptive practice. Thatʼs moderately more compelling than the RICO claim.
One aspect of the deceptive nature of Getty’s and/or Getty US’s licensing scheme is that Getty and/or Getty US claims copyright on all of the content on its website. For example, the bottom of each page of its website states: “All contents © copyright 1999-2019 Getty Images. All rights reserved.” 

 Also, specific public domain images are overlaid on Getty and/or Getty US’s website with the © symbol followed by an entity or contributor name, indicating that the image is protected by copyright. The same © symbol and information is also provided next to the public domain image. 

 Getty’s and/or Getty US’s website terms agreement also states as follows: “Unless otherwise indicated, all of the content featured or displayed on the Site, including, but not limited to, text, graphics, data, photographic images, moving images, sound, illustrations, software, and the selection and arrangement thereof (“Getty Images Content”), is owned by Getty Images, its licensors, or its third-party image partners.”4 

 Getty’s and/or Getty US’s website terms agreement further states as follows: “All elements of the Site, including the Getty Images Content, are protected by copyright, trade dress, moral rights, trademark and other laws relating to the protection of intellectual property.”5 

 Getty’s and/or Getty US’s Content License Agreement also states, under the heading “Intellectual Property Rights,” as follows: “Who owns the content? All of the licensed content is owned by either Getty Images or its content suppliers.”6 (emphasis in original)

That part is at least a bit more compelling, but Iʼm not sure why CixxFive has standing to sue over that. It seems more like something the FTC or state Attorneys General could go after instead. CixxFive argues that it has standing to sue because it licensed some of these public domain images. But.. that seems to be on CixxFive. If it didnʼt do the research to discover that those pictures were available totally free elsewhere, itʼs not clear how thatʼs Gettyʼs fault.

The lawsuit also points to Gettyʼs infamous copyright trolling practices via its subsidiary License Compliance Services (LCS), but never actually shows that LCS has threatened anyone over the use of public domain material... other than raising the issue of Carol Highsmith, whose lawsuit we mentioned above, and which got thrown out of court.

Iʼm certainly sensitive to the slimy practices of Getty Images, and claiming that public domain images are available for license (at very high fees) is very slimy. But itʼs not at all clear that itʼs against the law. And itʼs certainly not RICO (dammit).

Filed Under: [6]copyright, [7]licensing, [8]photography, [9]public domain
Companies: [10]getty images


Visible links
1. https://www.techdirt.com/articles/20160727/11243335088/photographer-sues-getty-images-1-billion-claiming-copyright-photos-she-donated-to-public.shtml
2. https://www.techdirt.com/articles/20160804/11403535157/getty-sued-again-over-abusing-copyright-law-licensing-images-it-has-no-rights-to.shtml
3. https://www.bna.com/getty-images-defeats-n73014483037/
4. https://www.documentcloud.org/documents/5784233-Gov-Uscourts-Wawd-270868-1-0.pdf
5. https://www.popehat.com/2016/06/14/lawsplainer-its-not-rico-dammit/
6. https://www.techdirt.com/blog/?tag=copyright
7. https://www.techdirt.com/blog/?tag=licensing
8. https://www.techdirt.com/blog/?tag=photography
9. https://www.techdirt.com/blog/?tag=public+domain
10. https://www.techdirt.com/blog/?company=getty+images

HackerNewsBot debug: Calculated post rank: 114 - Loop: 227 - Rank min: 100 - Author rank: 64

Kroki – Convert plain text diagrams to images

Kroki provides a unified API with support for BlockDiag (BlockDiag, SeqDiag, ActDiag, NwDiag), C4 (with PlantUML), Ditaa, Erd, GraphViz, Mermaid, Nomnoml, PlantUML, SvgBob and UMLet... and more to…
Article word count: 723

HN Discussion: https://news.ycombinator.com/item?id=19486801
Posted by type0 (karma: 6136)
Post stats: Points: 143 - Comments: 20 - 2019-03-25T21:14:26Z

\#HackerNews #convert #diagrams #images #kroki #plain #text
Article content:


Kroki provides a unified API with support for BlockDiag (BlockDiag, SeqDiag, ActDiag, NwDiag), C4 (with PlantUML), Ditaa, Erd, GraphViz, Mermaid, Nomnoml, PlantUML, SvgBob and UMLet... and more to come!

Ready to use
Diagrams libraries are written in a variety of languages: Haskell, Python, JavaScript, Go, PHP, Java... some also have C bindings. Trust us, you have better things to do than install all the requirements to use them. Get started in no time!

Kroki provides a unified API for all the diagram libraries. Learn once convert anywhere!

Free & Open source
All the code is available on GitHub and our goal is to provide Kroki as a free service.

Built using a modern architecture, Kroki offers great performance.

Cache with CDN coming soon
Near-instant response time if your diagram has already been generated.

Kroki provides an HTTP API to convert plain text diagrams to images. Kroki handles both GET and POST requests. When using GET requests, your diagram must be encoded in the URL using a deflate + base64 algorithm. But donʼt worry, if youʼre not familiar with deflate or base64 (or if you donʼt want to use them), you can also send your diagram as plain text using POST requests ([2]see below).

Letʼs take an example with a GraphViz "Hello World":


digraph G { Hello->World

Here, we are using a Python one-liner to encode our diagram using deflate + base64:

cat hello.dot | python -c "import sys; import base64; import zlib; print(base64.urlsafe_b64encode(zlib.compress(sys.stdin.read(), 9)))"

In the [3]documentation, we provide code examples that demonstrate how to encode a diagram in Node.js, JavaScript, Java, Python and Go.

The above command will return a value that you can copy in the URL:

GET /graphviz/svg/eNpLyUwvSizIUHBXqPZIzcnJ17ULzy_KSanlAgB1EAjQ

And hereʼs the result:

Hello World

You can also call Kroki with POST:


{ "diagram_source": "digraph G {Hello->World}", "diagram_type": "graphviz", "output_format": "svg"

In this case, you donʼt need to encode your diagram.

Itʼs also possible to send your diagram as plain text using the Content-Type header. The output format will be specified using the Accept header and the diagram source will be sent as the request body:

POST /graphviz

Accept: image/svg+xml
Content-Type: text/plain digraph G { Hello->World

You can also define the output format in the URL if you donʼt want to add an Accept header:

POST /graphviz/svg

Content-Type: text/plain digraph G { Hello->World

The same concept applies when sending the diagram as JSON:

POST /graphviz/svg

{ "diagram_source": "digraph G {Hello->World}"

Please note that you can interact with the API using any HTTP client.
If you want to learn more, head to [4]our documentation. In particular, check out the "Usage" section to find out how to send requests to the Kroki API using:
\* [5]cURL and HTTPie 
 \* [6]Kroki CLI



Main Base main.view singleton base.component component model main.ts

Looking for inspiration? Visit the [9]examples page.

The following diagram types and output formats are available:

The following diagram types will soon be available:

Diagram Type png svg jpeg pdf base64

You donʼt see your favorite diagram tool in this list, please let us know [14]👋 [email protected]

Kroki is available as a Self-Managed instance.
We are also actively looking for sponsors to provide Kroki as a free service.


Select this option if you want to download and install Kroki on your own infrastructure or in a cloud environment.

Please note that Kroki Self-Managed requires Linux experience to install.

Please refer to the documentation to [15]install Kroki.

Free service

We are actively looking for sponsors to provide Kroki as a free service.

If you are interested, please [16]👋 contact us.

We also provide a server for demonstration purpose at: [17]https://demo.kroki.io.

Please note that the demonstration server usage is restricted to reasonable, non-commercial use-cases.
We provide no guarantee regarding uptime or latency.

Kroki is [18]an open source project licensed under the [19]MIT license.

If you want to know more, please [20]👋 contact us.


Visible links
2. https://kroki.io/#post-request
3. https://docs.kroki.io/kroki/setup/encode-diagram/
4. https://docs.kroki.io/kroki/
5. https://docs.kroki.io/kroki/setup/http-client/
6. https://docs.kroki.io/kroki/setup/kroki-cli/
9. https://kroki.io/examples.html
10. https://github.com/kevinpt/syntrax
11. https://github.com/vega/vega
12. https://github.com/vega/vega-lite
13. https://github.com/wavedrom/wavedrom
14. mailto:[email protected]
15. https://docs.kroki.io/kroki/setup/install
16. mailto:[email protected]
17. https://demo.kroki.io/
18. https://github.com/yuzutech/kroki
19. https://opensource.org/licenses/mit-license.php
20. mailto:[email protected]

HackerNewsBot debug: Calculated post rank: 102 - Loop: 369 - Rank min: 100 - Author rank: 34

Ask HN: Is Someone Hijacking Google Images?

I was looking for ideas on how to build a simple network analyzer to test antennas, filters etc. so I typed "network analyzer schematic" (without quotes) on Google Images and it apparently returned some results I was expecting, but clicking on a lot of results from the first page opened some subscription only websites with suspicious names nagging me to create an account to see the actual images, some of which I'm 100% sure I already have seen on their original authors websites. Those websites are clearly made by the same entity, and to me it appears they're essentially hijacking Google Images results for their profit. Here are some of those results; many more on the 1st page. I had a hard time finding something that returned an actual loadable image or an article without asking for subscription. Note that they all return URLs containing "spectrum analyzer schematic" although I searched for "network analyzer schematic".










Edit: it appears those pages are being slowly buried by legit results, but some of them still surface although much deeper.






Note that I searched for the same exact phrase as above.

HN Discussion: https://news.ycombinator.com/item?id=19417561
Posted by squarefoot (karma: 2028)
Post stats: Points: 132 - Comments: 47 - 2019-03-17T23:46:08Z

\#HackerNews #ask #google #hijacking #images #someone
HackerNewsBot debug: Calculated post rank: 103 - Loop: 165 - Rank min: 100 - Author rank: 24

Top ten most popular docker images each contain at least 30 vulnerabilities

we found that 44% of docker image scans had known vulnerabilities, and for which there were newer and more secure base image available. Most vulnerabilities originate in the base image you selected.…
Article word count: 884

HN Discussion: https://news.ycombinator.com/item?id=19255603
Posted by vinnyglennon (karma: 10948)
Post stats: Points: 196 - Comments: 43 - 2019-02-26T16:24:41Z

\#HackerNews #contain #docker #each #images #least #most #popular #ten #top #vulnerabilities
Article content:

Welcome to Snyk’s annual State of Open Source Security report 2019.
This report is split into several posts:

Or download our lovely handcrafted pdf report which contains all of this information and more in one place.


[2]Known vulnerabilities in docker images

The adoption of application container technology is increasing at a remarkable rate and is expected to grow by a further 40% in 2020, according to 451 Research. It is common for system libraries to be available in many docker images, as these rely on a parent image that is commonly using a Linux distribution as a base.
Docker images almost always bring known vulnerabilities alongside their great value

We’ve scanned through ten of the most popular images with Snyk’s recently released [3]docker scanning capabilities.

The findings show that in every docker image we scanned, we found vulnerable versions of system libraries. The official Node.js image ships 580 vulnerable system libraries, followed by the others each of which ship at least 30 publicly known vulnerabilities.

[4]Number of OS vulnerabilities by docker image

Snyk recently released its container vulnerability management solution to empower developers to fully own the security of their dockerized applications. Using this new capability, developers can find known vulnerabilities in their docker base images and fix them using Snyk’s remediation advice. Snyk suggests either a minimal upgrade, or alternative base images that contain fewer or even no vulnerabilities.
Fix can be easy if you’re aware. 20% of images can fix vulnerabilities simply by rebuilding a docker image, 44% by swapping base image

Based on scans performed by Snyk users, we found that 44% of docker image scans had known vulnerabilities, and for which there were newer and more secure base image available. This remediation advise is unique to Snyk. Developers can take action to upgrade their docker images.

Snyk also reported that 20% of docker image scans had known vulnerabilities that simply required a rebuild of the image to reduce the number of vulnerabilities.

[5]Vulnerability differentiation based on image tag

The current Long Term Support (LTS) version of the Node.js runtime is version 10. The image tagged with 10 (i.e: node:10) is essentially an alias to node:10.14.2- jessie (at the time that we tested it) where jessie specifies an obsolete version of Debian that is no longer actively maintained.

If you had chosen that image as a base image in your Dockerfile, you’d be exposing yourself to 582 vulnerable system libraries bundled with the image. Another option is to use the node:10-slim image tag which provides slimmer images without unnecessary dependencies (for example: it omits the main pages and other assets). Choosing node:10-slim however would still pull in 71 vulnerable system libraries.
Most vulnerabilities originate in the base image you selected. For that reason, remediation should focus on base image fixes

The node:10-alpine image is a better option to choose if you want a very small base image with a minimal set of system libraries. However, while no vulnerabilities were detected in the version of the Alpine image we tested, that’s not to say that it is necessarily free of security issues.

Alpine Linux handles vulnerabilities differently than the other major distros, who prefer to backport sets of patches. At Alpine, they prefer rapid release cycles for their images, with each image release providing a system library upgrade.

[6]Number of vulnerabilities by node image tag

Moreover, Alpine Linux doesn’t maintain a security advisory program, which means that if a system library has vulnerabilities, Alpine Linux will not issue an official advisory about it; Alpine Linux will mitigate the vulnerability by creating a new base image version including a new version of that library that fixes the issue, if one is available (as opposed to backporting as mentioned).

There is no guarantee that the newer fixed version, of a vulnerable library will be immediately available on Alpine Linux, although that is the case many times. Despite this, if you can safely move to the Alpine Linux version without breaking your application, you can reduce the attack surface of your environment because you will be using fewer libraries.

The use of an image tag, like node:10, is in reality an alias to another image, which constantly rotates with new minor and patched versions of 10 as they are released.

[7]Docker terminal screenshot

A practice that some teams follow is to use a specific version tag instead of an alias so that their base image would be node:10.8.0-jessie for example. However, as newer releases of Node 10 are released, there is a good chance those newer images will include fewer system library vulnerabilities.

Using the Snyk Docker scanning features we found that when a project uses a specific version tag such as node:10.8.0-jessie, we could then recommend newer images that contain fewer vulnerabilities.

[8]Known vulnerabilities in system libraries

There is an increase in the number of vulnerabilities reported for system libraries, affecting some of the popular Linux distributions such as Debian, RedHat Enterprise Linux and Ubuntu. In 2018 alone we tracked 1,597 vulnerabilities in system libraries with known CVEs assigned for these distros, which is more than four times the number of vulnerabilities compared to 2017.

[9]Linux OS vulnerabilities steadily increasing

As we look at the breakdown of vulnerabilities (high and critical) it is clear that this severity level is continuing to increase through 2017 and 2018.

[10]High and critical vulnerabilities in system libraries

Continue reading:



Visible links
1. https://bit.ly/SoOSS2019
2. https://snyk.io/blog/top-ten-most-popular-docker-images-each-contain-at-least-30-vulnerabilities/#known-vulns-docker-images
3. https://snyk.io/blog/container-vulnerability-management-for-developers/
5. https://snyk.io/blog/top-ten-most-popular-docker-images-each-contain-at-least-30-vulnerabilities/#known-vulns-docker-image-tag
8. https://snyk.io/blog/top-ten-most-popular-docker-images-each-contain-at-least-30-vulnerabilities/#known-vulns-in-system-libraries
11. https://bit.ly/SoOSS2019

HackerNewsBot debug: Calculated post rank: 145 - Loop: 135 - Rank min: 100 - Author rank: 58
Later posts Earlier posts