Justice-as-a-Service

There’s a new wave of customer empowerment coming. It’s
called Justice-as-a-Service (JaaS), and you need to know about it because it
benefits you – you just don’t know it yet.

We’ve all experienced bad products and services. We’ve just come
to accept it. We’ve learned to pick our battles and only invest our precious
time in “making things right” when potential justice and retribution is within
reach. But in most cases, we don’t do anything. We figure it’s not worth it. What are these injustices? Well, they range from all areas
of B2C interaction. Maybe your flight got cancelled. Or your cable subscription
got more expensive. Or maybe you bought something online and the day after the
price dropped. Or the package arrived two days late. Sound familiar?

How come companies can get away with this? One would think
they would try to deliver the best product or service every time. But even
though the intentions are right, it isn’t always possible. Some companies will
downright speculate in delivering bad customer experiences to optimize for
revenue. Luckily, there are consumer laws in place to make sure you don’t get
taken advantage of. But laws are typically not worth much, unless you know they
exist, and most people don’t.

Justice-as-a-Service is an on-demand service, powered by tech, that challenges private
and public companies by representing the consumer in their fight for justice/compensation
based on laws, consumers’ rights, and contract of carriage.

Why is there a need
for JaaS?

  • You don’t
    know your consumer rights. 
    No one has 2-3 hours to study international, regional and state consumer laws
    to find out if you are entitled and what you are entitled to.
  • You don’t
    know how to claim and neither does the service provider. 
    The companies who stand to loose
    money will not make it easy for you to claim. Try calling any customer
    representative and ask about your consumer rights. Most likely they won’t know them
    or know how to make a claim.
  • You don’t
    have the time
    to fight for your
    rights. 
    After you’ve read the law, found
    out how to claim and filled out the paperwork, you likely have to follow up in
    order to get an answer. Most people don’t claim because it’s simply not worth
    their time and frustration.
  • Success is
    very unlikely. 
    If you finally succeed on getting
    an answer, the chances of your claim being rejected is very high. This is
    partly because the company delivering the service doesn’t know the consumer
    laws, but also because there’s a tendency to speculate that if they don’t
    answer or reject your claim, you won’t take any further action.

Litigation on consumer rights has existed for decades. Every
time you see a “No Win, No Fee” sign you’re most likely reading an offer on
legal representation to claim some form of compensation on your behalf. This
can be anything from car accidents to failed hip surgery – hence the name “ambulance
chasers.” So how is JaaS different?

Traditional litigation law mostly focuses on high value claims.
Otherwise, it wouldn’t make sense for the lawyer to spend time on processing
the claim and take legal action if needed. That rules out all small consumer
right claims with low claim value. JaaS companies are different. The rise of big data and the
access to this data has made it possible to build software that automatically
validates a claim instead of someone manually assessing it.

As a result, a larger part of the claim procedure can be
automated making the unit economics work for a much wider range of consumer
right claims. Another way JaaS is different from classic litigation law is the
use of online platforms such as web and mobile apps. This enables on-demand
assistance and protection at the time of need – it’s the same reason Uber
boosted the entire ground transportation industry by making it easy and
convenient to order a taxi at the time of need. The combination of automation,
online user interaction and legal tech pushes the development and allows
scalability. All this wasn’t possible a decade ago.

 

Who is doing JaaS?

The first brave pioneers are already experimenting in many
different verticals. The revenue model is mostly the same. “No Win, No Fee”
either as a share of the compensation or a fixed fee. Here are some examples
worth following and perhaps trying out for yourself:

  • AirHelp. Helps you get money back from
    airlines if you’ve been on a delayed or cancelled flight, according to air
    passenger rights laws. You type in your flight info or login with your email.
    AirHelp then fetches all of your flight confirmation emails from the past 3
    years (statute of limitation) and shows you your flights that are eligible for
    compensation. They charge a 25% service fee if they are successful in getting
    you your money. If not, then it’s free. AirHelp uses flight, weather and
    airport data to automatically validate a claim. Then the law is applied and a
    probability analysis is made to determine the likelihood of claim’s success.
    Everything happens in seconds before claim docs are generated and then sent to
    the airline.

  • Fixed. Take a picture of your parking
    ticket. Send it to Fixed and they will challenge your ticket on your behalf.
    Fixed charges a flat fee (depending on your location) if successful.
  • Paribus. Paribus monitors your Amazon orders by granting
    them access to your order history through Amazon’s API. If the price drops shortly
    after you made a purchase then you’re entitled to the price difference,
    according to Amazon’s terms and conditions. Paribus automatically sends the
    claim to Amazon on your behalf and charges a fee of the refund.
  • BillFixers. For a percentage of the savings,
    BillFixers fix your mobile or cable bill by making sure you’re not paying more
    than what is being offered in the latest marketing campaign from the mobile or
    cable provider.
  • 71lbs. B2B service for shipping delays
    and lost packages. 71lbs monitors your UPS and FedEx packages, and if they are delayed
    the company claim compensation according to T&Cs. 

JaaS is about converting law into code and making it
available in the palm of your hand. It’s legal tech and big data coming together
to disrupt and expand an industry that has a bad history of being very manual
and slow to adopt the latest technology, as their incentive is to invoice as
many hours as possible. We’re seeing the beginning of an industry that not only
will force lawyers to start thinking in code, but will also make life easier for
you and I by standing up for the consumer and providing justice…and all that JaaS!


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/flh8AhCoKr4/justice-as-a-service

Original article

Integrating a VT220 into my life

I bought a DEC VT220 terminal a while ago, and put it next to my desk at work. I
use it to read emails on mutt now, and it’s actually quite pleasant. There was
some setup involved in making it as comfortable as possible, though.

My desk at work

Here’s the terminal up close:

The terminal itself

Hardware

First, I have several pieces of hardware involved in this:

It took a while to get all of these things, but I was able to get a nice
refurbished terminal and a couple of crappy LK201 keyboards. Luckily I was able
to eventually remove the need for the keyboard.

Basic Setup

Getting this working on Linux is actually pretty simple thanks to decades of
backwards compatability. Plug all of the cords together, turn on the machine,
and (on Arch, at least) run:

systemctl start serial-agetty@ttyUSB0.service

This will start up a getty for you to log into on your terminal. For a while I
would use the LK201 to log in to this getty and spin up a mail cilent.

I did have to make a couple of changes to serial-agetty@.service, though:

ExecStart=-/sbin/agetty -h -L 19200 %I vt220

This specifies the TERM variable as “vt220” and sets the baud rate to 19200. I
had to also set the baud rate in the terminal’s settings to 19200 baud as well,
to get the fastest possible terminal.

I eventually got into the habit of logging into the terminal with the LK201,
then running tmux and attaching to tmux from my desktop session. I would then
hide this tmux terminal in the upper left corner of my display, and move my
mouse over to it when I wanted to interact with the terminal. This let me use
the same keyboard I used for the rest of my computer experience to interact with
the VT220, instead of trying to use the LK201 as well. This was a bit annoying,
so eventually I did some more customization.

Removing the keyboard

I wanted to be able to make everything automatic, so I could just boot my
computer and log in normally and treat the VT220 almost like a fourth monitor. I
started by automating the process of logging in and running tmux.

First, I created a user for the terminal:

Then, I wrote a shell script that would serve as the user’s login shell and
would start tmux:

#!/usr/bin/env bash
if [[ $TERM == "screen" ]]
then
	sudo /usr/local/bin/login-sircmpwn
else
	tmux -S /var/tmux/vt220.sock
fi

I made that directory, /var/tmux/, and made sure both the vt220 user and my
normal user had access to it. I also edited my sudoers file so that vt220 could
run that command as root:

vt220 ALL=(ALL) NOASSWD: /usr/local/bin/login-sircmpwn

I put the script into /usr/local/bin and added it to /etc/shells, then made
it the login shell for the vt220 user with chsh. I then moved to my own
systemd unit for starting the getty on ttyUSB0, this time with autologin:

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

[Unit]
Description=Serial Getty on %I
Documentation=man:agetty(8) man:systemd-getty-generator(8)
Documentation=http://0pointer.de/blog/projects/serial-console.html
BindsTo=dev-%i.device
After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service

# If additional gettys are spawned during boot then we should make
# sure that this is synchronized before getty.target, even though
# getty.target didn't actually pull it in.
Before=getty.target
IgnoreOnIsolate=yes

[Service]
ExecStart=-/sbin/agetty -a vt220 -h -L 19200 %I vt220
Type=idle
Restart=always
UtmpIdentifier=%I
TTYPath=/dev/%I
TTYReset=yes
TTYVHangup=yes
KillMode=process
IgnoreSIGPIPE=no
SendSIGHUP=yes

[Install]
WantedBy=getty.target

The only difference here is that it invokes agetty with -a vt220 to autologin
as that user. systemctl enable vtgetty@ttyUSB0.service makes it so that on
boot, the getty would run on ttyUSB0 and autologin as vt220. Then the script
from earlier will run tmux, and within tmux will run sudo
/usr/local/bin/login-sircmpwn
, which is this shell script:

#!/usr/bin/env bash
until who | grep sircmpwn 2>&1 >/dev/null
do
	sleep 1
done
sudo -iu sircmpwn

What this does is pretty straightforward – it loops until I log in as sircmpwn,
then enters an interactive session with sudo as sircmpwn.

The net of all of this is that now, I can boot up my machine, and when I log in,
the VT220 starts up with tmux running and logged in as me. Then I went back to
the old way of attaching to this tmux session with a terminal on my desktop
session hidden in a corner of the screen. And now I could ditch the clunky old
LK201 keyboard!

Treating the terminal as another output

I said earlier that my goal was to treat the terminal as a fake “output” that I
could switch to from my desktop session just like I switch between my three
graphical outputs. I run sway, of course, so
I decided to add a fake output in sway and see where that went. I made a
somewhat complicated branch
for this purpose, but the important change is here:

diff --git a/sway/handlers.c b/sway/handlers.c
index cec6319..60f8406 100644
--- a/sway/handlers.c
+++ b/sway/handlers.c
@@ -704,6 +704,21 @@ static void handle_wlc_ready(void) {
 		free(line);
 		list_del(config->cmd_queue, 0);
 	}
+	// VT220 stuff
+	// Adds a made up output that we can use for a tmux window
+	// connected to my vt220
+	swayc_t *output = new_swayc(C_OUTPUT);
+	output->name = "VT220";
+	output->handle = UINTPTR_MAX;
+	output->width = 1000;
+	output->height = 1000;
+	output->unmanaged = create_list();
+	output->bg_pid = -1;
+	add_child(&root_container, output);
+	output->x = -1000;
+	output->y = 0;
+	new_workspace(output, "__VT220");
+	// End VT220 stuff
 }

This creates a fake output and puts it to the far left, then adds a workspace to
it called __VT220. I assigned it the output handle of UINTPTR_MAX and everywhere
in sway that it would try to use the output handle to manipulate a real output,
I changed to to avoid doing so if the handle is UINTPTR_MAX. Then I added this
to my sway config:

for_window [title=”__VT220”] move window to workspace __VT220

And run this command when sway starts:

urxvt -T "__VT220" -e tmux -S /var/tmux/vt220.sock a

Which spawns a terminal whose window title is __VT220 running tmux attached to
the session running on the terminal. The for_window rule I added to my sway
config automatically moves this to the VT220 fake output and tada! It works. Now
I have a nice and comfortable way to use my terminal to read emails at work. Now
if only I could convince people to stop sending me HTML emails! I just bought a
second VT220 for use at home, too. Life’s good~


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/ZUOqhv6oyfg/Integrating-a-VT220-into-my-life.html

Original article

Google warns of Android flaw used to gain root access to devices

An application that allows users to gain full control — root access — over their Android devices is taking advantage of a security flaw in the Linux kernel that has remained unpatched in Android since its discovery two years ago.

The bug was originally fixed in the Linux kernel in April 2014, but wasn’t flagged as a vulnerability until February 2015 when its security implications were understood and it received the CVE-2015-1805 identifier. Even then, the fix did not get ported to Android, which is based on the Linux kernel.

It wasn’t until Feb. 19 that researchers from a security outfit called C0RE Team notified Google that the vulnerability could be exploited on Android in order to achieve privilege escalation — the execution of code with the privileges of the root account.

To read this article in full or to leave a comment, please click here


Original URL: http://www.computerworld.com/article/3046519/security/google-warns-of-android-flaw-used-to-gain-root-access-to-devices.html#tk.rss_all

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: