Just because I don't care doesn't mean I don't understand.
330 stories
·
2 followers

Pickles by Brian Crane for Fri, 21 Jan 2022

1 Comment

Pickles by Brian Crane on Fri, 21 Jan 2022

Source - Patreon

Read the whole story
jgbishop
26 minutes ago
reply
Haha!
Durham, NC
Share this story
Delete

China’s Olympics App Is Horribly Insecure

1 Comment

China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes.

Key Findings:

  • MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users.
  • MY2022 is fairly straightforward about the types of data it collects from users in its public-facing documents. However, as the app collects a range of highly sensitive medical information, it is unclear with whom or which organization(s) it shares this information.
  • MY2022 includes features that allow users to report “politically sensitive” content. The app also includes a censorship keyword list, which, while presently inactive, targets a variety of political topics including domestic issues such as Xinjiang and Tibet as well as references to Chinese government agencies.
  • While the vendor did not respond to our security disclosure, we find that the app’s security deficits may not only violate Google’s Unwanted Software Policy and Apple’s App Store guidelines but also China’s own laws and national standards pertaining to privacy protection, providing potential avenues for future redress.

News article:

It’s not clear whether the security flaws were intentional or not, but the report speculated that proper encryption might interfere with some of China’s ubiquitous online surveillance tools, especially systems that allow local authorities to snoop on phones using public wireless networks or internet cafes. Still, the researchers added that the flaws were probably unintentional, because the government will already be receiving data from the app, so there wouldn’t be a need to intercept the data as it was being transferred.

[…]

The app also included a list of 2,422 political keywords, described within the code as “illegalwords.txt,” that worked as a keyword censorship list, according to Citizen Lab. The researchers said the list appeared to be a latent function that the app’s chat and file transfer function was not actively using.

The US government has already advised athletes to leave their personal phones and laptops home and bring burners.

Read the whole story
jgbishop
27 minutes ago
reply
As an American who works for a Chinese company, this doesn't surprise me. The holes are likely unintentional. I've never been impressed by the acumen of my Chinese counterparts...
Durham, NC
Share this story
Delete

“You gotta help us, Doc. We've tried nothin' and we're all out of ideas!” pic.twitter.com/pjYBxtCPcP

1 Comment

“You gotta help us, Doc. We've tried nothin' and we're all out of ideas!” pic.twitter.com/pjYBxtCPcP





2843 likes, 386 retweets
Read the whole story
jgbishop
2 days ago
reply
One of my favorite lines.
Durham, NC
GaryBIshop
2 days ago
Yes! I love that line. We've tried NOTHIN'
Share this story
Delete

Engineer Figures Out How to Unload a 400-Pound Pallet From Her Vehicle Without a Forklift

1 Comment

Mechanical engineer Amy Qian purchased a cabinet-style SawStop table saw, which was loaded into her Honda Element on a pallet by a forklift at the store. When she got home, she then had to figure out how to get the 400-pound unit safely out of the vehicle—by herself.

Qian's clever solution utilizes the built environment, two elements she fabricated herself, two tools she had lying around, and some 2x4s:




Read the whole story
jgbishop
3 days ago
reply
Very clever.
Durham, NC
Share this story
Delete

At Target, The Price is  Right  Variable

1 Comment

Nothing is easy anymore. You go shopping in a real store, you see the price on the shelf, and you expect that is the price you will pay. But then reality intervenes.

MrConsumer had a $5 coupon from Target that he got when getting his COVID booster and it was about to expire. He finally found something he wanted to buy by checking Target.com on his home computer — four bottles of Market Pantry honey mustard dressing for $1.39 each.

Target honey mustard

So he went to his local Target, and found the salad dressing on the shelf, but it was $1.99!

Target Honey Mustard 1.99

Distressed, he went up to the aisle scanner to double-check the price.

Target honey mustard scanner

It said $1.79. So now we have three different prices: $1.39, $1.79, and $1.99. We know the middle price is what will be actually charged at the register, but that would allow MrConsumer to only get three of the dressing bottles instead of his planned four with his coupon. Grrr.

MrConsumer asked the checkout clerk to price match the $1.39 Target.com price, and he gladly did. (Here is Target’s price match policy.)

But the story doesn’t end there. Did the online price for this salad dressing vary depending on what store you chose as “your” store on the website?

Checking the online price at over a dozen different Target store locations within a 10-mile radius of Boston yielded shocking results.

*MOUSE PRINT:

Target Price Comparison

Target price comparison

The prices ranged from a low of $1.19 to a full dollar more — $2.19. How crazy is that? Supermarkets and drugstores are known for “zone pricing” (charging different prices in different neighborhoods factoring in local competition) but who knew that Target apparently engaged in that practice too? Of course, a sample size of one item says nothing about how Target prices all its other groceries and other merchandise. So we asked the company for details and an explanation.

A Target spokesperson sidestepped most of our questions but acknowledged:

Like many retailers, overall prices and promotions may vary by location and channel.

In further checking, we also learned that not all the Target locations in the chart above actually carry that item, but a shopper could order that product for delivery at the stated web price.

The bottom line is this. Target’s prices for at least some groceries vary store to store, as perhaps other categories of goods do. And since Target maintains a price match policy, including to the prices on its own website, it behooves shoppers to check there to see if the price is lower. Savvy shoppers might discover this is a new way to save money.

Please share your thoughts about the dramatic price differences brought to light in this story.

Read the whole story
jgbishop
3 days ago
reply
Someone needs to develop a software solution to this. Let me search all the stores in my area to find the lowest price.
Durham, NC
GaryBIshop
3 days ago
Yes and prepare a list to show the teller to get the price match
Share this story
Delete

Debut of X (1984)

1 Comment

19 June 1984

From: rws@mit-bold (Robert W. Scheifler)
To: window@athena
Subject: window system X
Date: 19 Jun 1984 0907-EDT (Tuesday)

I've spent the last couple weeks writing a window
system for the VS100. I stole a fair amount of code
from W, surrounded it with an asynchronous rather
than a synchronous interface, and called it X. Overall
performance appears to be about twice that of W. The
code seems fairly solid at this point, although there are
still some deficiencies to be fixed up. 

We at LCS have stopped using W, and are now
actively building applications on X. Anyone else using
W should seriously consider switching. This is not the
ultimate window system, but I believe it is a good
starting point for experimentation. Right at the moment
there is a CLU (and an Argus) interface to X; a C
interface is in the works. The three existing
applications are a text editor (TED), an Argus I/O
interface, and a primitive window manager. There is
no documentation yet; anyone crazy enough to
volunteer? I may get around to it eventually. 

Anyone interested in seeing a demo can drop by
NE43-531, although you may want to call 3-1945
first. Anyone who wants the code can come by with a
tape. Anyone interested in hacking deficiencies, feel
free to get in touch.

Adblock test (Why?)

Read the whole story
jgbishop
3 days ago
reply
It wouldn't surprise me if the documentation *still* hasn't been written...
Durham, NC
Share this story
Delete
Next Page of Stories