370 stories
·
2 followers

Long Live the New Flesh

jwz
2 Comments



Read the whole story
kbrint
27 days ago
reply
So meaty!
Share this story
Delete
1 public comment
mkalus
28 days ago
reply
“Meat Products"
iPhone: 49.287476,-123.142136

Right to Repair!

jwz
1 Comment and 4 Shares

"Apple shipped me a 79-pound iPhone repair kit to fix a 1.1-ounce battery. I'm starting to think Apple doesn't want us to repair them."

The thing you should understand about Apple's home repair process is that it's a far cry from DIY. I expected Apple would send me a small box of screwdrivers, spudgers, and pliers; I own a mini iPhone, after all. Instead, I found two giant Pelican cases -- 79 pounds of tools -- on my front porch. I couldn't believe just how big and heavy they were considering Apple's paying to ship them both ways. [...]

But I wasn't done yet. The single most frustrating part of this process, after using Apple's genuine parts and Apple's genuine tools, was that my iPhone didn't recognize the genuine battery as genuine. "Unknown Part," flashed a warning. Apparently, that's the case for almost all of these parts: you're expected to dial up Apple's third-party logistics company after the repair so they can validate the part for you. That's a process that involves having an entirely separate computer and a Wi-Fi connection since you have to reboot your iPhone into diagnostics mode and give the company remote control. Which, of course, defeats a bunch of the reasons you'd repair your own device at home! [...]

Yeah, none of that surprised me. What surprised me was the price tag.

  • $69 for a new battery -- the same price the Apple Store charges for a battery replacement, except here I get to do all the work and assume all the risk.
  • $49 to rent Apple's tools for a week, more than wiping out any refund I might get for returning the old used part.
  • A $1,200 credit card hold for the toolkit, which I would forfeit if the tools weren't returned within seven days of delivery. [...]

Apple can say it's giving consumers access to everything, even the same tools its technicians use, while scaring them away with high prices, complexity, and the risk of losing a $1,200 deposit. This way, Apple gets credit for walking you through an 80-page repair, instead of building phones where -- say -- you don't need to remove the phone's most delicate components and two different types of security screws just to replace a battery.

To me, those giant Pelican cases are the proof. It would cost Apple a fortune to ship 79 pounds of equipment to individual homes all over the country, even with corporate discounts. [...] It would cost us upwards of $200 just to return those cases to their sender. Yet Apple offers free shipping both directions with your $49 rental.

Previously, previously, previously, previously.







Read the whole story
kbrint
39 days ago
reply
Share this story
Delete
1 public comment
kazriko
38 days ago
reply
Basically, Apple sends you the tools that Apple uses to do these jobs, at the price that Apple charges for doing those jobs. Unfortunately, the reason that people want Right to Repair is because Apple's prices are too high, and Apple's methods of repair are too inefficient, if you could just get individual components instead of entire assemblies, then you could get the repair done at a price that makes sense, rather than being nearly the cost of a new phone.
Colorado Plateau
kazriko
38 days ago
https://odysee.com/@rossmanngroup:a/the-verge-is-so-bad-they-have-me:8?r=6V7P13rqLaYvwVq7qfT8zaUnPisdpQ9m&lid;=watchlater

Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries

1 Share

Interesting implementation mistake:

The vulnerability, which Oracle patched on Tuesday, affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authenticate messages digitally.

[…]

ECDSA signatures rely on a pseudo-random number, typically notated as K, that’s used to derive two additional numbers, R and S. To verify a signature as valid, a party must check the equation involving R and S, the signer’s public key, and a cryptographic hash of the message. When both sides of the equation are equal, the signature is valid.

[…]

For the process to work correctly, neither R nor S can ever be a zero. That’s because one side of the equation is R, and the other is multiplied by R and a value from S. If the values are both 0, the verification check translates to 0 = 0 X (other values from the private key and hash), which will be true regardless of the additional values. That means an adversary only needs to submit a blank signature to pass the verification check successfully.

Madden wrote:

Guess which check Java forgot?

That’s right. Java’s implementation of ECDSA signature verification didn’t check if R or S were zero, so you could produce a signature value in which they are both 0 (appropriately encoded) and Java would accept it as a valid signature for any message and for any public key. The digital equivalent of a blank ID card.

More details.

Read the whole story
kbrint
67 days ago
reply
Share this story
Delete

Neoliberal John Snow

jwz
1 Comment and 5 Shares
The father of epidemiology, but neoliberal. Addressing preventable disease through deregulation and individualism.

This whole account is pure gold.

  • Broad street businesses were complaining so I reinstalled the pump handle.

  • There is no parliamentary solution to the 1854 cholera epidemic. Cholera will be circulating in our community for hundreds of years and we must realize a new normal of life.

  • I'm relieved to let you know that most people dying from cholera in the 1854 epidemic have multiple comorbidities.

  • I respect the individual choices of all Londoners in this 1854 cholera epidemic. If you have cholera and want to defecate in the drinking water, that is your individual freedom. If you are afraid of getting cholera yourself, simply don't drink, cook, clean, or bathe with water.

  • We've been struggling with the 1854 cholera epidemic for so long. Zero Cholera isn't a realistic goal. The parliament simply cannot allocate the necessary funds to upgrade the London sewage system.

    Look at that! The Royal Navy received a larger budget increase than requested.

  • The cholera epidemic of 1854 has split Londoners into two adversarial groups: Those who will defecate in the drinking water and those who won't. Can't we find middle ground to heal this rift, and simply drink the feces-contaminated water?

  • The 1854 cholera epidemic has disproportionately burdened the destitute. Calls for Queen Victoria to provide support for this group have not gone unheard, and she now recommends that these people stop being poor.

  • The Supreme court ruling means companies can now take down their burdensome "Employees Must Wash Hands Before Returning to Work" signs. Great news for businesses in this 1854 cholera epidemic.

  • Our restaurant industry is ready to serve you in this 1854 cholera epidemic! If you are having uncontrollable diarrhea when you arrive at the restaurant, please be sure to hold it in until you are seated at your table.

  • The 1854 cholera epidemic has been difficult for Londoners. To alleviate this burden, Queen Victoria is proud to announce that each household in London can register to receive 4 entire squares of toilet paper! Please avoid contracting cholera during the 7-10 day shipping window.

  • As I watch excrement dribble down the pantleg of the grocery clerk and expand the puddle on the floor of the produce department, I smile. Our 'Get to Work' policies allowed this boy with the sunken eyes to meaningly contribute to the economy, despite the 1854 cholera epidemic.

  • It's not an 'anti-clean-water' protest, they just oppose any mandate for the installation of sewers during the 1854 cholera epidemic.

  • You orphans have nothing to complain about. Your parents died WITH cholera, not FROM cholera. They really died from hypovolemic shock.

Previously, previously, previously, previously, previously, previously, previously.

Read the whole story
kbrint
144 days ago
reply
It makes sense if you don't think about it.
Share this story
Delete

IRS login makes you take a selfie for this security company you've never heard of

jwz
1 Comment and 3 Shares
I see no way this could possibly go wrong.

You'll soon have to prove your identity to a Virginia-based security company called ID.me in order to file a return, check tax records, or make payments on the Internal Revenue Service (IRS) website. Your old username and password credentials -- if they still work -- will stop working in the summer of 2022. [...]

ID.me compares your selfie with your driver's license or passport image to verify you are who you say you are. It might also ask for other documentation, such as a copy of a recent bill. If the system still isn't satisfied, it may even ask you to jump on a video call with a human representative. [...] The company says it's also devised ways for overseas, under-documented, or homeless people to verify their identities.

Uh huh.

ID.me says a total of ten federal agencies use its system, including the Department of Veterans Affairs and the Social Security Administration.

The IRS, of course, is a big agency that deals directly with many millions of individuals and businesses. ID.me will become responsible for a huge amount of personally identifiable information -- at a time when cyberattacks on government networks have become common. Recall the 2015 cyberattack on the United States Office of Personnel Management (OPM), in which cybercriminals gained access to 22.1 million government personnel records, including those of government employees and their families, and people who had undergone background checks. [...]

And ID.me can store tax filers' personal data for up to seven and a half years, the representative tells me in an email. [...]

In the event of a data leak, however, your options for redress are somewhat limited. At the very top of the ID.me terms of service, you'll find an all-caps statement saying that by using ID.me you agree to binding arbitration in the event of a dispute, and wave your right to join a class action against the company.

I first encountered this bullshit a few months ago.

My business, DNA Lounge, tried to apply for the "California Venues Grant Program funded by the State of California and administered by CalOSBA", and we couldn't even begin the application process without me personally submitting to this techbro biometric-harvesting bullshit by ID.me. And I wouldn't do that, so we couldn't apply.

There are many ways to prove who I am to the State of California, and giving my biometric information to some third-party for-profit data-harvester with a Montenegro domain is not an acceptable one.

Previously, previously, previously, previously, previously, previously, previously, previously, previously.

Read the whole story
kbrint
157 days ago
reply
Yeah, fuck this.
Share this story
Delete

Where the Rich Use Public Transportation…

2 Comments

I ran across this quote while reading about what makes Tokyo work as a city:

A developed country is not a place where the poor have cars. It’s where the rich use public transportation.

It’s a great quote and the piece attributes it to the former mayor of Bogotá, Colombia, Gustavo Petro. But he never said it (even though the vast majority of the results on Google say he did). The original quote (from 2012) is from another former mayor of Bogotá, Enrique Peñalosa, and it reads:

Una ciudad avanzada no es en la que los pobres pueden moverse en carro, sino una en la que incluso los ricos utilizan el transporte público.

That roughly translates in English to:

An advanced city is not one where the poor can get around by car, but one where even the rich use public transportation.

Peñalosa, who made public transportation a central issue during his two terms as mayor, provided his own English translation in a 2013 TEDTalk:

An advanced city is not one where even the poor use cars, but rather one where even the rich use public transport.

I’m not sure if Peñalosa ever actually said the exact quote at the top of the post. The misattribution to Petro seems to stem from a tweet that went viral in 2012, an episode that foreshadowed how easily pithy information spreads on social media but also how difficult it is to correct misinformation once it’s out there. I expect this post to do almost nothing to change that, but one must tilt at one’s windmills.

Tags: Enrique Penalosa   Gustavo Petro
Read the whole story
kbrint
216 days ago
reply
As only The Onion can...

https://www.theonion.com/report-98-percent-of-u-s-commuters-favor-public-trans-1819565837
Share this story
Delete
1 public comment
emdot
223 days ago
reply
"A developed country is not a place where the poor have cars. It’s where the rich use public transportation."
San Luis Obispo, CA
Next Page of Stories