Blurblogs
Global
Popular
Log in
Caligula’s Pleasure Barge
17793 stories
·
173 followers

Jury agrees that Musk's tweets during Twitter takeover misled investors by John Timmer
Sunday March 22nd, 2026 at 8:46 AM

Ars Technica
1 Share

On Frida, a jury in California determined that Elon Musk had misled investors in Twitter via public statements that depressed the price of the company's stock ahead of his ultimately successful purchase of it. Because it was a class action lawsuit, Musk is likely to be faced with paying out damages to a huge range of investors, payments that may ultimately reach billions of dollars.

In the lead up to Musk's ultimate purchase of the social media platform, he made a number of comments on the platform itself and while appearing as a guest on a podcast that raised questions about whether the sale would go through, largely focused on the prevalence of bot accounts on the platform. This depressed the price of the company's shares and raised fears that the deal wouldn't go through, causing some investors to sell shares at a depressed price during this period.

A number of those investors started a suit that was certified as a class action, claiming that the statements defrauded them, and that Musk did so intentionally as part of a larger scheme. The jury rejected the arguments about the larger scheme, but found Musk liable for the tweets.

While damages have yet to be determined, the lawyers for the plaintiffs are reportedly saying that they could ultimately reach as high as $2.6 billion.

Read full article

Comments



Read the whole story
fxer
6 hours ago
reply
Bend, Oregon
Share this story
Delete

Hardening Harbor on AWS: Achieving Zero-Static-Secret Architecture - Container Registry
Sunday March 22nd, 2026 at 8:43 AM

1 Comment

Harbor is widely recognized as the CNCF-graduated standard for open-source container registries. It is powerful, feature-rich, and trusted by thousands of organizations. However, its default AWS integration relies on a legacy pattern that modern security teams increasingly reject: Static Secrets.

In strictly governed AWS environments, storing long-lived credentials in Kubernetes Secrets represents a “Secret Zero” vulnerability. In this post, I share how I modernized Harbor’s authentication layer to use AWS RDS IAM Authentication and IAM Roles for Service Accounts (IRSA), shifting security from a manual burden to an automated guarantee.

Background

The ‘Secret Zero’ Vulnerability

We have all seen this in our clusters: a secret containing a long-lived AWS_ACCESS_KEY_ID for S3 access, or a hardcoded master password for a database connection string.

Harbor Legacy Flow with static credentials

Before (Legacy Flow): The system relies on static passwords passed via config strings both for RDS and S3 access, creating significant rotation and leakage risks.

While functional, this approach requires manual key rotation and managing complex secret lifecycles. If these secrets are compromised, your entire artifact storage backend is exposed.

The Roadblocks: Why Wasn’t This Solved Before?

When we investigated modernizing this flow, we identified two primary technical gaps in the upstream Harbor project:

  1. Missing Database Logic (Issue #12546): Harbor Core lacked the internal logic required to request an AWS RDS signed token instead of a standard password.
  2. Lack of IRSA Support (Issue #12888): The Harbor components did not natively support AssumeRoleWithWebIdentity, meaning they couldn’t exchange a Kubernetes ServiceAccount token for AWS temporary credentials.

The Solution: Dynamic Cloud-Native Identity

We refactored Harbor to leverage ephemeral identity. By patching the core Go codebase and upgrading the internal distribution engine to v3, we enabled a completely keyless architecture.

Harbor Modern AWS Native Flow

After (The Modern Flow): Harbor components dynamically assume roles and request ephemeral tokens from AWS STS, removing the need for static credentials entirely.

1. Database: The Code Fix & The 15-Minute Wall

Harbor’s core components connect to PostgreSQL using the pgx driver. By default, this driver expects a static password. We refactored the connection logic in src/common/dao/pgsql.go, but a significant challenge emerged during implementation: IAM tokens expire every 15 minutes.

Standard connection pools establish a connection at startup, but once that initial token expires, any new connection attempt causes the application to crash.

I solved this by implementing a beforeConnectHook in the pgx driver. This ensures the application requests a fresh cryptographic token from AWS every time a new connection is established in the pool.

// src/common/dao/pgsql.go

// Define the Hook Function to handle ephemeral token refreshing
beforeConnectHook := func(ctx context.Context, cfg *pgx.ConnConfig) error {
 // 1. Request a fresh, signed token from AWS RDS Utilities
 token, err := getIAMToken(p.host, p.port, p.usr, region)
 if err != nil {
 log.Errorf("IAM Auth: Failed to generate token: %v", err)
 return err
 }
 // 2. Inject the temporary token as the connection password
 cfg.Password = token
 log.Debugf("IAM Auth: Token refreshed for new connection to %s", cfg.Host)
 return nil
}

// 3. Open the DB using the Option pattern to attach the hook
sqlDB := stdlib.OpenDB(*config, stdlib.OptionBeforeConnect(beforeConnectHook))
RDS IAM Authentication sequence diagram

Full sequence: How the Harbor pod creates a ServiceAccount, assumes the IAM role via IRSA, and refreshes RDS auth tokens on every connection cycle using the BeforeConnect hook.

2. Object Storage: Enabling IRSA (Distribution v3)

For S3 access, the Registry binary relies on the upstream docker/distribution. To enable IAM Roles for Service Accounts (IRSA) where a Pod inherits permissions from an AWS IAM Role, we upgraded the build process to use the modern distribution/distribution:v3 libraries.

This upgrade allows the S3 storage driver to automatically detect the AWS_WEB_IDENTITY_TOKEN_FILE projected by Kubernetes, removing the need to define accesskey and secretkey in the Helm values.

How-to: Deploy Harbor Without Static Secrets

You can deploy this hardened version of Harbor today using our verified artifacts and custom images.

Step 1: Pull the Artifacts

We have hosted the patched images and the modern OCI Helm chart in our public registry:

# Pull the images
docker pull 8gears.container-registry.com/8gcr/harbor-jobservice
docker pull 8gears.container-registry.com/8gcr/harbor-core
docker pull 8gears.container-registry.com/8gcr/harbor-registry

# Pull the Helm Chart
helm pull oci://8gears.container-registry.com/8gcr/harbor --version 3.0.0

Step 2: Preparing Infrastructure and Policy

Before deploying Harbor, we need to provision the cloud resources. This includes an OIDC-enabled EKS cluster, an S3 bucket for artifact storage, and a PostgreSQL instance with IAM authentication enabled.

2.1. Set Environment Variables

export AWS_REGION="us-east-1"
export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
export CLUSTER_NAME="harbor-on-aws-natively-cluster"
export POLICY_NAME="HarborOnAwsNativePolicy"
export BUCKET_NAME="harbor-on-aws-natively-store"
export SA_NAME="harbor-sa"
export NAMESPACE="harbor"
export DB_NAME="registry"
export DB_USER="harbor_iam_user"
export DB_INSTANCE_ID="harbor-db"
export DB_CLASS="db.t3.medium"

2.2. Create EKS Cluster with OIDC

eksctl create cluster \
 --name $CLUSTER_NAME \
 --region $AWS_REGION \
 --version 1.30 \
 --with-oidc \
 --managed \
 --nodegroup-name standard-workers \
 --node-type t3.medium \
 --nodes 2 \
 --nodes-min 1 \
 --nodes-max 4

2.3. Create S3 Bucket

aws s3 mb "s3://$BUCKET_NAME" --region $AWS_REGION

2.4. Create IAM Policy

aws iam create-policy \
 --policy-name $POLICY_NAME \
 --policy-document '{
 "Version": "2012-10-17",
 "Statement": [
 {
 "Effect": "Allow",
 "Action": [
 "s3:GetObject",
 "s3:PutObject",
 "s3:DeleteObject",
 "s3:ListBucket",
 "s3:GetBucketLocation",
 "s3:ListBucketMultipartUploads",
 "s3:AbortMultipartUpload",
 "s3:ListMultipartUploadParts"
 ],
 "Resource": [
 "arn:aws:s3:::'"$BUCKET_NAME"'",
 "arn:aws:s3:::'"$BUCKET_NAME"'/*"
 ]
 },
 {
 "Effect": "Allow",
 "Action": ["rds-db:connect"],
 "Resource": [
 "arn:aws:rds-db:'"$AWS_REGION"':'"$AWS_ACCOUNT_ID"':dbuser:*/'"$DB_USER"'"
 ]
 }
 ]
 }'

2.5. Create IRSA (IAM Role for Service Account)

eksctl create iamserviceaccount \
 --cluster=$CLUSTER_NAME \
 --name=$SA_NAME \
 --namespace=$NAMESPACE \
 --attach-policy-arn="arn:aws:iam::$AWS_ACCOUNT_ID:policy/$POLICY_NAME" \
 --approve

2.6. RDS Database Setup

We provision a PostgreSQL instance with IAM Database Authentication enabled (--enable-iam-database-authentication).

# Get EKS Network Information

export EKS_VPC_ID=$(aws eks describe-cluster \
 --name $CLUSTER_NAME \
 --region $AWS_REGION \
 --query "cluster.resourcesVpcConfig.vpcId" \
 --output text)

export EKS_CIDR=$(aws ec2 describe-vpcs \
 --vpc-ids $EKS_VPC_ID \
 --region $AWS_REGION \
 --query "Vpcs[0].CidrBlock" \
 --output text)

export SUBNET_IDS=$(aws ec2 describe-subnets \
 --filters "Name=vpc-id,Values=$EKS_VPC_ID" \
 --region $AWS_REGION \
 --query "Subnets[*].SubnetId" \
 --output text)

echo "VPC ID: $EKS_VPC_ID"
echo "CIDR: $EKS_CIDR"

# Create Security Group

export DB_SG_ID=$(aws ec2 create-security-group \
 --group-name harbor-db-sg \
 --description "Security group for Harbor RDS" \
 --vpc-id $EKS_VPC_ID \
 --output text --query 'GroupId' --region $AWS_REGION)

aws ec2 authorize-security-group-ingress \
 --group-id $DB_SG_ID \
 --protocol tcp \
 --port 5432 \
 --cidr $EKS_CIDR \
 --region $AWS_REGION

# Create DB Subnet Group

aws rds create-db-subnet-group \
 --db-subnet-group-name harbor-native-subnets \
 --db-subnet-group-description "Subnets for Harbor RDS" \
 --subnet-ids $SUBNET_IDS \
 --region $AWS_REGION


# Create RDS Instance
aws rds create-db-instance \
 --db-instance-identifier $DB_INSTANCE_ID \
 --db-instance-class $DB_CLASS \
 --engine postgres \
 --engine-version 18.1 \
 --master-username harbor_admin \
 --master-user-password "<yourPassword>" \
 --allocated-storage 20 \
 --db-name $DB_NAME \
 --enable-iam-database-authentication \
 --vpc-security-group-ids $DB_SG_ID \
 --db-subnet-group-name harbor-native-subnets \
 --backup-retention-period 7 \
 --no-publicly-accessible \
 --region $AWS_REGION

echo "Waiting for RDS (5-10 minutes)..."
aws rds wait db-instance-available \
 --db-instance-identifier $DB_INSTANCE_ID \
 --region $AWS_REGION


# Configure IAM Database User

export DB_ENDPOINT=$(aws rds describe-db-instances \
 --db-instance-identifier $DB_INSTANCE_ID \
 --region $AWS_REGION \
 --query "DBInstances[0].Endpoint.Address" \
 --output text)

echo "Database Endpoint: $DB_ENDPOINT"

kubectl create namespace $NAMESPACE

# Connect to RDS (Note: the master password is only needed for this one-time setup.
# Consider using AWS Secrets Manager for the master password in production.)
kubectl run postgres-client --rm -it --image=postgres:18 --restart=Never --namespace=$NAMESPACE --env=PGPASSWORD=<yourPassword> -- psql -h $DB_ENDPOINT -U harbor_admin -d $DB_NAME

Once connected, run the following SQL commands inside PostgreSQL:

CREATE USER harbor_iam_user WITH LOGIN;
GRANT rds_iam TO harbor_iam_user;
GRANT ALL PRIVILEGES ON DATABASE registry TO harbor_iam_user;
GRANT ALL ON SCHEMA public TO harbor_iam_user;
\q

Step 3: Configure values-aws-native.yaml

We configure Harbor to use native AWS authentication. Note that HARBOR_DATABASE_IAM_AUTH is explicitly enabled, the password field is left as a dummy value (it will be ignored by our hook), and the storage credential fields are left empty. The registry inherits permissions directly from the ServiceAccount via IRSA.

# ============================================================
# HARBOR AWS NATIVE CONFIGURATION
# Features: RDS IAM Auth + S3 IRSA
# ============================================================

# 1. GLOBAL SETTINGS
externalURL: "https://harbor.test"

# 2. CONFIGURATION & IAM AUTH
core:
 replicas: 1
 image:
 repository: 8gears.container-registry.com/8gcr/harbor-core
 tag: latest
 # SERVICE ACCOUNT (Required for IRSA)
 serviceAccount:
 create: false
 name: "harbor-sa" # This SA must be annotated with your AWS Role ARN
 securityContext:
 readOnlyRootFilesystem: false
 config:
 HARBOR_DATABASE_IAM_AUTH: "true"
 POSTGRES_HOST: "<YOUR_DB_ENDPOINT>"
 POSTGRES_PORT: "5432"
 POSTGRES_USER: "harbor_iam_user"
 POSTGRES_DATABASE: "registry"

# --- JOBSERVICE ---
jobservice:
 replicas: 1
 image:
 repository: 8gears.container-registry.com/8gcr/harbor-jobservice
 tag: latest
 serviceAccount:
 create: false
 name: "harbor-sa"
 securityContext:
 readOnlyRootFilesystem: false
 config:
 HARBOR_DATABASE_IAM_AUTH: "true"

# --- REGISTRY ---
registry:
 replicas: 1
 image:
 repository: 8gears.container-registry.com/8gcr/harbor-registry
 tag: latest
 serviceAccount:
 create: false
 name: "harbor-sa"
 relativeurls: true
 persistence:
 enabled: false
 securityContext:
 readOnlyRootFilesystem: false
 env:
 - name: REGISTRY_STORAGE_CACHE_LAYERINFO
 value: "inmemory"
 - name: AWS_REGION
 value: "<YOUR_AWS_REGION>"
 storage:
 type: s3
 s3:
 region: "<YOUR_AWS_REGION>"
 bucket: "<YOUR_BUCKET_NAME>"
 secure: true
 v4auth: true
 # No static keys required! The driver uses the pod role via IRSA.
 accesskey: ""
 secretkey: ""

# 3. DATABASE (RDS IAM Auth)
database:
 host: "<YOUR_DB_ENDPOINT>"
 port: 5432
 username: "harbor_iam_user"
 password: "dummy_password" # Required by the Helm chart schema but ignored at runtime; the BeforeConnect hook replaces it with an IAM token
 database: "registry"
 sslmode: "require"

Step 4: Deploy

helm upgrade --install my-harbor oci://8gears.container-registry.com/8gcr/harbor \
 --version 3.0.0 \
 --namespace harbor \
 -f values-aws-native.yaml

Step 5: Verify the Deployment

kubectl -n harbor get pods
kubectl -n harbor logs -l app=harbor-core --tail=50

Confirm all pods reach Running state. In the core logs, look for IAM Auth: Token refreshed messages to verify that RDS IAM authentication is active.

Conclusion

Modernizing Harbor to embrace AWS native identity isn’t just about refactoring code, it’s about shifting security from a manual burden to an automated guarantee.

By replacing static, long-lived secrets with ephemeral, auto-rotating tokens via RDS IAM and IRSA, we empower platform engineers to meet strict enterprise compliance standards without the operational toil. This architecture sets a new benchmark for running Harbor on EKS, ensuring your registry is as secure as the infrastructure it runs on. Ultimately, it allows your team to stop managing keys and start focusing on what matters: delivering software.


Read the whole story
fxer
6 hours ago
reply
Ran into this setting up Harbor, even the latest version of the app uses ancient libraries
Bend, Oregon
Share this story
Delete

Des canons sans beurre by Scott Lemieux
Thursday March 19th, 2026 at 7:45 PM

Lawyers, Guns & Money
1 Share

Paul Waldman observes that Donald Trump’s war of (very bad) choice is costing fortunes, but for Republican wars money is never a constraint:

Speaking to Sky News last week, Treasury Secretary Scott Bessent was asked if there was some point at which the Iran war could grow so costly that he would tell President Trump it had become unaffordable.

“Absolutely not,” Bessent replied.

Whatever it costs, the American taxpayer will pony up. That makes this war a lot like all our other ones. And however much it looks today like the war will cost, it will almost certainly cost more. That’s how war works: It’s always more complicated, difficult, and expensive than the people who start it think it’s going to be. But with only one or two exceptions, Republicans are unperturbed by the effect of Trump’s “excursion” on our national balance sheet.

[…]

We’re less than three weeks into this war, and already the numbers are shockingly large, even if they’re difficult to pin down with precision.

In a briefing early on, the Pentagon told lawmakers that the first six days of the war cost $11.3 billion. Democratic Sen. Chris Coons, not one given to hyperbole, said after the briefing, “I expect that the current total operating number is significantly above that.” The Center for Strategic and International Studies estimated that after 12 days, the cost had risen to $16.5 billion.

While some days cost more than others, the total price tag will keep rising. Expenses include everything from the ordnance we’re going through, which will will have to be restocked (for instance, each Tomahawk missile costs $2.5 million or more, and we’ve launched hundreds of them at Iran), to the extra fuel the Pentagon is using, to rebuilding the systems and bases Iran is hitting, to the medical costs for injured service members, and more.

And this is before we get to the massive costs that will be imposed by choking the Strait of Hormuz — higher prices for energy, agricultural commodities, pharmaceuticals, etc.

It is trite to observe that we could be spending this money on positive-sum things rather than negative-sum things, but it’s trite because it’s true. And yet Republicans are notably less likely to face media scrutiny for these tradeoffs:

And what could we do with $50 billion, the low end of what the Iran war will cost? So many things. We could give Medicaid coverage to 6.75 million Americans. We could pay for free school lunches for every public school student in America. We could fund the National Park Service at pre-DOGE levels for 17 years.

When Democrats want to do those things, and especially when they want to do something big, the cries of “But how will you pay for it?!?” ring out from both their opponents and the news media. So they come up with an answer. For instance, when they passed the Affordable Care Act, Democrats labored for months to produce cost savings and tax increases to offset every penny of new spending the bill entailed.

Republicans feel no such obligation. Their most consequential piece of legislation in recent years was the Big Beautiful Bill, which will increase the deficit by $2.4 trillion over a decade, according to the Congressional Budget Office. In addition to cutting taxes for the wealthy, it showered money on the Pentagon and allocated $170 billion in additional funds for immigration and border enforcement.

But Republicans are the party of Fiscal Rectitude, don’t you know, by which I mean they can send some 23-year-old incels to starve African children in exchange for no material savings.

The post Des canons sans beurre appeared first on Lawyers, Guns & Money.

Read the whole story
fxer
2 days ago
reply
Bend, Oregon
Share this story
Delete

Afroman keeps trolling cops after winning “Lemon Pound Cake” defamation case by Ashley Belanger
Thursday March 19th, 2026 at 7:01 PM

Ars Technica
1 Share

On Wednesday, Afroman won a widely watched defamation lawsuit that seven cops filed after the rapper made music videos mocking them for conducting a 2022 raid of his home that resulted in no charges and no marijuana found.

Videos for songs like "Lemon Pound Cake," "Why You Disconnecting My Video Camera," and "Will You Help Me Repair My Door" used real footage from the raid, pulling from security camera footage and videos shot by Afroman's wife. Cops from the Adams County Sheriff's Office alleged they were humiliated and received death threats after the videos went viral.

Accusing Afroman of defamation, cops individually sought damages as high as $1.5 million. But Afroman's lawyer, David Osborne, argued this was a clear-cut First Amendment case. At trial, Afroman testified that cops had no one to blame for the reputational damage but themselves, arguing that "if they hadn’t wrongly raided my house, there would be no lawsuit," The New York Times reported.

"They broke into my house, put themselves onto my video cameras, and into my music career," Afroman testified, according to Ohio-based Local 12, a news outlet sharing footage from the trial. "With my freedom of speech, I had the right to talk about events going on in my life."

Tears streamed down Afroman's face when the jury sided with him on all claims after deliberating for just a few hours, Local 12's footage showed.

"I'm just happy," Afroman said. At trial, he argued that he'd been a "sport" in turning the raid into entertainment—simply striving to cover costs of damage from the raid. He said he was appalled by the cops' attack on his free speech, arguing, "I don’t go to their house, kick down their doors, flip them off on their surveillance cameras, then try to play the victim and sue them."

An attorney for officers suing, Bob Klinger, could not immediately be reached for comment. But at the trial, he tried and failed to argue that through the music videos and social media posts, Afroman "perpetuated lies intentionally, repeatedly, over three and a half years on the Internet about these seven brave deputy sheriffs," a Cincinnati-based ABC affiliate reported.

In the end, as Afroman argued in a memo supporting his motion for the winning verdict, jurors listened to the songs and agreed that Afroman was merely sharing opinions about all the police who raided his home, rather than defaming cops.

The bottom line, Osborne had argued, is that cops are public officials who should be used to their work being criticized. Further, it seemed ridiculous that cops would expect that anyone would take the rapper's social commentary as truth, Osborne said at trial. Not only is the rapper most famous for writing a completely unserious song called "Because I Got High," but Afroman also wore a loud American flag-patterned suit to trial with matching shades to punctuate his flippant nature.

"Look at that suit," Osborne said. "Does this look like a man who thinks that everybody's going to assume that everything he's saying is fact?"

Still wearing the suit, immediately following the verdict, Afroman celebrated the win outside the courthouse, as seen in a video he posted to Instagram.

"We did it America," the rapper said. "God bless America, land that I love!!! Freedom of speech!!!!!!!!!!!"

Afroman photo with Trump resurfaces criticism

On social media, clips from the trial were widely shared, with many rooting for Afroman and excited by his win.

However, some critics took the moment to point out that Afroman had used the popularity of hits like "Lemon Pound Cake" to support Donald Trump. A photo of Afroman wearing that same American flag suit and shaking hands with Trump in 2024 began recirculating online, which some claimed served as a "milkshake duck" rapidly tanking his online popularity on the back of his win.

Back in 2024, Afroman told AllHipHop that he met Trump while the rapper's own presidential campaign was in "full effect," denying that he was a Trump supporter. Instead, he claimed that his only interest in meeting with Trump was to discuss marijuana reform and "ending police immunity."

The pair also commiserated about "witch hunts" and "laughed about" them both "getting raided," Afroman said in an Instagram post attempting to clarify what was happening in the photo.

However, in the same post, Afroman seemed excited that Trump liked his song "Hunter Got High," which is a version of "Because I Got High" mocking Hunter Biden. And critics resurfacing the photo noted that the rapper told Newsweek that he hoped to perform the Hunter Biden song at Trump rallies as part of a comeback bid.

"I might really be back," Afroman said. "This one might take me to the stratosphere. I might be singing it at some Trump rallies."

Cops admitted nicknames weren't defamatory

Afroman has not addressed the Trump criticism since his victory yesterday. He has continued trolling cops on his Instagram, though. His most recent post, as of this writing, shared a clip of one of the cop's wives testifying that their divorce was not due to Afroman's music videos, as the officer had alleged.

In music videos, Afroman had dubbed that officer, Shawn Grooms, "the hunchback of Notre Dame," which was among the tamer insults the rapper threw out. On the other end of the extreme was an officer named Brian Newland, whom Afroman referred to as a "pedophile" and "child molester." And cops seemed to agree that Lisa Phillips, the only female officer involved, was treated worst when Afroman described her with innuendo insinuating she was a lesbian.

Klinger argued that Grooms' reputational hit, as well as that of three other officers, warranted $400,000 in damages, Newland's $1 million, and Phillips' $1.5 million.

Most of the cops were offended by the nicknames that Afroman assigned them. But none of them could prove that anything Afroman said was false or caused them economic harm.

In Afroman's memo, he counted the most surprising times when cops failed to prove his exaggerated statements weren't true. For example, one officer, Randy Walters, was offended that Afroman said he slept with his wife, but curiously did not testify that this was false. Instead, Walters only testified that "he would hope that his wife would not have extramarital affairs," Afroman's memo said.

"The use of his word, hope, is nebulous and renders the statement by the Defendant such that the truth cannot be proven," the memo said. "If that cannot be proven, then it is an opinion."

Amusing many social media onlookers, at the trial, Walters—whom Afroman called "Gomer Pyle" after the slow-to-pick-up-on-things Andy Griffith Show character—also testified that there was no way to prove he wasn't a "son of a bitch." His mother had been dead "for years," Walters testified.

Similarly, Newland testified that while "nasty," he believed that Afroman's insults were based on the rapper's opinions. And in Phillips' case, Afroman's comments were deemed impolite but not defamatory. Additionally, Shawn Cooley, the subject of Afroman's hit "Lemon Pound Cake," testified that no reasonable person would think that "Officer Pound Cake" was a "major misrepresentation" of his character, Afroman's memo said.

"In Ohio, allegedly defamatory statements that constitute opinion enjoy an absolute privilege and may not give rise to a cause of action for defamation," Afroman successfully argued.

For anyone looking for clips from the trial, you can practically watch the whole thing on independent journalist Meghann Cuniff's Instagram. Clips include testimony from Afroman and each officer, as well as lawyers arguing what Judge Jonathan Hein called "an emotional case."

Among those clips is one of Afroman's lawyer, Osborne, reminding jurors that Afroman "exaggerates for the sake of entertainment. That’s who he is. I’m not going to say it’s tasteful to everyone, but some people do find it entertaining."

“A reasonable person knows that people can post opinions, social commentary, and hurtful things all over the Internet, and it is just to be expected. That’s why we are supposed to use our own filter, use our common sense, use our experiences in life,” Osborne said.

Ars updated this story on Thursday to remove a line that confused a reference to jury instructions in Afroman's memo with legal analysis.

Read full article

Comments



Read the whole story
fxer
2 days ago
reply
Bend, Oregon
Share this story
Delete

Paul Atreides faces the cost of his holy war in Dune: Part 3 teaser by Jennifer Ouellette
Wednesday March 18th, 2026 at 10:12 AM

Ars Technica
1 Share

Warner Bros. just dropped a broody and haunting extended teaser for Denis Villeneuve's Dune: Part 3, the highly anticipated third film in the director's acclaimed franchise—the last in his planned trilogy.

(Spoilers for first two films in the franchise below.)

In 2021's Dune, we first met Frank Herbert's iconic anti-hero, Paul Atreides (Timothée Chalamet). That film culminated in the brutal defeat of House Atreides by rival House Harkonnen, with Paul and his mother, Lady Jessica (Rebecca Ferguson), fleeing to the desert and taking refuge with the Fremen. Among them is Chani (Zendaya), whom Paul has been seeing in visions all along.

In Dune: Part 2 (2024), Paul ingratiated himself with the Fremen, learning to ride a sandworm and winning Chani's love. Meanwhile, a pregnant Lady Jessica had her own plans for Paul as a messiah figure, in order to fulfill a Bene Gesserit prophecy; we learned she was actually Baron Harkonnen's daughter, married to Paul's father to merge the bloodlines to bring the prophecy to fruition. Ultimately, Paul challenges the emperor, defeats his champion, and demands the Princess Irulan (Florence Pugh) as his wife, to Chani's chagrin. The other Great Houses reject Paul as ruler, so he essentially launches a holy war against them. And Chani rides off on a sandworm after refusing to bow down to Paul.

Dune: Part Three will take place roughly 12 years after the end of Part Two, according to Villeneuve, as Paul faces the consequences of his earlier actions. Per the official premise:

Dune Messiah continues the story of Paul Atreides, better known—and feared—as the man christened Muad’Dib. As Emperor of the known universe, he possesses more power than a single man was ever meant to wield. Worshipped as a religious icon by the fanatical Fremen, Paul faces the enmity of the political houses he displaced when he assumed the throne—and a conspiracy conducted within his own sphere of influence.

And even as House Atreides begins to crumble around him from the machinations of his enemies, the true threat to Paul comes to his lover, Chani, and the unborn heir to his family’s dynasty…

Naturally, Chalamet will be back as Paul Atreides, along with Zendaya, Pugh, and Ferguson. Josh Brolin reprises his role as weapons master Gurney Halleck; Javier Bardem is back as Stilgar, leader of the Fremen tribe at Sietch Tabr; and Jason Momoa returns as Duncan Idaho, a fan favorite who died in the first film (book fans will know how and why he returns).

Joining the cast are Anya Taylor-Joy as Paul's younger sister, Alia, glimpsed in visions in Part 2 when Jessica was pregnant; Robert Pattinson as the villainous Scytale, who plots to dethrone Paul; Isaach de Bankolé as Paul's former Fedaykin, Farok; Nakoa-Wolf Momoa (son of Jason) as Paul and Chani's son, Leto II Atreides; and Ida Brooke as Paul and Chani's daughter, Ghanima Atreides.

Dune: Part 3 is slated to hit theaters on December 18, 2026. Several character posters were released yesterday, too:

Credit: Warner Bros.
Credit: Warner Bros.
Credit: Warner Bros.
Credit: Warner Bros.
Credit: Warner Bros.
Credit: Warner Bros.
Credit: Warner Bros.
Credit: Warner Bros.
Credit: Warner Bros.

 

Read full article

Comments



Read the whole story
fxer
4 days ago
reply
Bend, Oregon
Share this story
Delete

Adobe settles DOJ cancellation fee lawsuit, will pay $75 million penalty by Ryan Whitwam
Friday March 13th, 2026 at 4:15 PM

Ars Technica
1 Share

Canceling a software subscription is supposed to be easy—that's what US law dictates. Adobe, however, has played fast and loose with its Creative Cloud subscriptions in the past. The company was sued by the Department of Justice in 2024 due to its practice of hiding hefty termination fees when customers signed up. The case has now been settled, with Adobe agreeing to a $75 million fine and matching free services to users of its products.

Turning software into a monthly subscription is all the rage these days, but Adobe was way ahead of the curve. The company began offering its suite of editing tools, like Photoshop and Illustrator, as a monthly subscription back in 2013, and most of its customers migrated to the new system.

It was easy for Adobe to get away with that shift because CS6, the last perpetual license offered for its editing tools, started at $700 and went up to more than $2,600 for all apps. By contrast, paying between $10 and $70 per month seems like a good deal, and it might be in the short term. Although anyone who has been paying monthly since the change has spent thousands of dollars on Adobe software. And when people noticed that and decided they wanted to cancel, many of them were frustrated with the outcome.

Core to the government's complaint was Adobe's practice of hiding cancellation fees for its subscriptions in the fine print or behind hyperlinks. Adobe charges 50 percent of the remaining subscription term when you cancel, which can be hundreds of dollars on annual plans. In addition, the company used labyrinthine phone trees to make canceling more difficult.

The DOJ alleged in its 2024 filing that Adobe's handling of subscriptions violated the Restore Online ‌Shoppers’ ⁠Confidence Act, which was passed in 2010 to prevent deceptive charges in online services. With the newly announced settlement, Adobe will be able to wrap up the case for a relative pittance.

Adobe maintains innocence

The case could have been messy for Adobe if it had gone to court, but now that won't happen. Under the terms of the settlement, Adobe has agreed to pay the government $75 million, but it doesn't admit to violating the law.

"While we disagree ⁠with the government's claims and deny any wrongdoing, we are pleased to resolve this matter," Adobe said in a statement.

In addition to giving the government its pound of flesh, Adobe says it will provide $75 million in free services to affected customers. It is unclear from the statement which customers qualify or what they'll get. We've asked Adobe for specifics, but it's a safe bet that anyone who paid a cancellation fee is included. Adobe says it will reach out to these customers with details once it has made the necessary court filings to wrap up the case.

Don't expect this outcome to change how Adobe does business today. The company claims it has rolled out changes to its sales pipeline in recent years to make the cancellation fees clearer at the time of purchase. And it's undoubtedly going to continue focusing on subscriptions. Revenues have been growing steadily ever since it switched to Creative Cloud, and it made more than $7 billion in net profit last year. Writing a $75 million check to make this case go away is a big win for Adobe.

Read full article

Comments



Read the whole story
fxer
8 days ago
reply
Bend, Oregon
Share this story
Delete
Next Page of Stories