Storm Area 51 Festival Canceled Because It Was a 'Possible Humanitarian Disaster'

Found on Vice on Tuesday, 10 September 2019
Browse Various

“Due to the lack of infrastructure, poor planning, risk management, and blatant disregard for the safety of the expected 10,000+ AlienStock attendees, we decided to pull the plug on the festival,” a message on AlienStock’s website reads.

The local town has been actively warning people on its website not to come, noting that many local residents are armed and would be willing to defend their property.

Darwin Awards just lost a lot of candidates.

Firefox will encrypt web domain name requests by default

Found on Engadget on Monday, 09 September 2019
Browse Software

Mozilla's Firefox privacy protections will soon include one of the most basic tasks for any web browser: fielding the domain name requests that help you visit websites. The developer will make DNS over encrypted HTTPS the default for the US starting in late September, locking down more of your web browsing without requiring an explicit toggle like before.

If all goes smoothly, Firefox may become a go-to option for anyone who insists on securing as much of their web traffic as possible.

So, in their infinite wisdom, Mozilla decided to mess with an perfectly fine core protocol of the Internet, making it harder for system admins to trace down problems and circumventing custom DNS settings which are used to effectively avoid malware and advertising domains. Even worse, they wrap DNS requests into HTTP, adding more layers to the transport of a basic request. To top it all, they have the gall to accounce it as a much needed solution for your privacy while sending all DNS requests to Cloudflare; totally ignoring the fact that DNS over TLS already exists and is working fine and even has its own RFC.

MoviePass exposed thousands of unencrypted customer card numbers

Found on Techcrunch on Sunday, 08 September 2019
Browse Various

MoviePass customer cards are like normal debit cards: they’re issued by Mastercard and store a cash balance, which users who sign up to the subscription service can use to pay to watch a catalog of movies.

We also found records containing customers’ personal credit card numbers and their expiry date — which included billing information, including names and postal addresses. Among the records we reviewed, we found records with enough information to make fraudulent card purchases.

Security researcher Nitish Shah told TechCrunch he also found the exposed database months earlier. “I even notified them, but they [didn’t bother] to reply or fix it,” he said.

MoviePass has lost millions of customers already, and they probably will be out of business soon.

600,000 GPS trackers left exposed online with a default password of '123456'

Found on ZDNet on Saturday, 07 September 2019
Browse Technology

Avast researchers said they found these issues in T8 Mini, a GPS tracker manufactured by Shenzhen i365-Tech, a Chinese IoT device maker.

Avast said the issues also impacted over 30 other models of GPS trackers, all manufactured by the same vendor, and some even sold as white-label products, bearing the logos of other companies.

A hacker can launch automated attacks against Shenzhen i365-Tech's cloud server by going through all user ID's one by one, and using the same 123456 password, and take over users' accounts.

Unfortunately for everyone, the issue persists to this day, as Shenzhen i365-Tech did not respond to Avast's emails when the company tried to warn the vendor. Similar contact attempts made by ZDNet's sister site CNET didn't succeed either.

It could be really simple: every device that comes with some sort of authentication has to have a unique random password that's printed onto a label on the device, and which has to be changed to something different when the device is first used. Companies which do not follow these guidelines will face hefty fines and already sold devices will be recalled.

Allowlist, not whitelist. Blocklist, not blacklist. Goodbye, wtf

Found on The Register on Friday, 06 September 2019
Browse Various

Issue 981129 in the Chromium bug log lists a suggestion by Microsoft to “cleanup of potentially offensive terms in codebase” aims to rid the software blueprints of language such as whitelist (change to allowlist), blacklist (change to blocklist), “offensive terms using ‘wtf’ as protocol messages,” and other infelicities.

Googler Rick Byers, a Chromium engineer, gave the issue a cautious welcome, saying: "This sounds like a good strategy to me, thanks for doing this! We certainly have never intended for anything in the codebase to be potentially offensive, but I'm also not aware of anyone making an effort to find them all."

In May, Microsoft announced AI features in Word that, among other features, will emit “advice on more concise and inclusive language such as ‘police officer’ instead of ‘policeman.’"

All this is getting more and more ridiculous with every day and dangerously close to Newspeak; and that is not a world anybody could want.

White House to Relax Energy Efficiency Rules for Light Bulbs

Found on The New York Times on Thursday, 05 September 2019
Browse Technology

The proposed changes would eliminate requirements that effectively meant that most light bulbs sold in the United States — not only the familiar, pear-shaped ones, but several other styles as well — must be either LEDs or fluorescent to meet new efficiency standards.

Calling the move an “unforced error,” he said, “Wasting energy with inefficient light bulbs isn’t just costly for homes and businesses, it’s terrible for our climate.”

Because of their long life and energy efficiency, an LED bulb can save consumers an estimated $50 to $100 over its several-year lifetime.

It's not a matter of prohibiting classic light bulbs, but a matter of teaching people about the drawbacks.

Google has secret webpages that feed your personal data to advertisers, report says

Found on CNet News on Wednesday, 04 September 2019
Browse Internet

The company allegedly relays this information to advertisers using hidden webpages, allowing it to circumvent EU privacy regulations.

Ryan reportedly said he discovered that Google used a tracker containing web browsing information, location and other data and sent it to ad companies via webpages that "showed no content," according to FT.

The Data Protection Commission began an investigation into Google's practices in May after it received a complaint from Brave that Google was allegedly violating the EU's General Data Protection Regulation.

The more Google can tell advertisers about users, the higher the reward. True or not, it is important that someone takes a good look into it.

Over half the world is now running Windows 10

Found on The Inquirer on Tuesday, 03 September 2019
Browse Software

It has taken over four years and a hell of a lot of marketing, some good, some dodgy, but it's finally happened - Windows 10 now has over half the operating system market on desktop and laptop machines.

Most of those extra bums-on-seats come from Windows 7 which is now at 30 per cent (-1.49). That's still a big chunk of machines though, nearly a third, which is going to prove an increasing headache as we hit the last few months before the venerable OS is retired in January 2020.

Funny how most of the news you can read about Windows 10 are how updates cripple systems and delete the data users have on it.

Minecraft players to be helped by AI assistant

Found on BBC News on Monday, 02 September 2019
Browse Various

Tired of digging all those blocks in Minecraft? Help could be at hand from an artificial intelligence assistant that can dig and build on command.

Video demonstrations show the AI assistant being told to build a circle out of wooden blocks and answering questions about what it is doing, asked by the controlling player.

Moving the mouse is too much work, so let's replace it with AI. Humans are doomed to fail if that catches on.

npm bans terminal ads

Found on ZD Net on Sunday, 01 September 2019
Browse Software

After last week a popular JavaScript library started showing full-blown ads in the npm command-line interface, npm, Inc., the company that runs the npm tool and website, has taken a stance and plans to ban such behavior in the future.

However, the JavaScript community didn't react in the way Aboukhadijeh hoped, and his initiative was criticized by most developers, who claimed the ads were polluting application logs.

Now if only NPM would be banned too. Nobody who is serious would ever consider using that in anything remotely close to a production environment; but then we're talking about Javascript...