Latest Article

US pulls rule that would have made it harder for American companies to sell to Huawei January 24, 2020

Illustration by Alex Castro / The Verge The US Department of Commerce has pulled a potential regulation would have made it more difficult for US companies to sell to Huawei, according to sources who spoke with the Wall Street Journal, after the Pentagon and Treasury Department protested the rule. Right now, US companies can sell […]

Cyber Monday 2019 deal: These excellent Bose-style noise-canceling headphones are only $80 at Best Buy – CNET

These are some of the best headphones we’ve seen at this price in the lead up to the holiday weekend. Cyber Monday 2019 deal: These excellent Bose-style noise-canceling headphones are only at Best Buy – CNET
Source: CNet

An Efficient Homemade Wood furnace

For poor [workshop from scratch], winter brings the joy of a cold workshop. Since the building is structurally made from tin, warming up the room is difficult.

Naturally, the solution was to construct a homemade wood furnace. The build starts off with an angle grinder being taken to a compressed air tank. After sawing off the top and sanding down the edges, the builder slices out an opening and welds together some rods into a stand for the center. He then proceeds to weld some external frames for the furnace, as well as a chimney stack, some nifty covers joined by hinges, and a fan/temperature regulator to keep the fire going.

Most of the pieces seem to come from scrap metal lying around the workshop, although the degree to which the entire project comes together is quite smooth. Some filter and spray paint do the trick for cleaning up the furnace and making it look less scrappy. The last step? A stack of wooden logs and a blow torch to start the fun. Outside of the furnace, an LCD screen keeps track of the temperature, giving some feedback and control.

The result is perhaps a too effective at warming up the workshop, but the problem sure is solved!

An Efficient Homemade Wood furnace
Source: HackADay

Adobe: Black Friday online sales grew 19.6% YoY to $7.4B, as Thanksgiving sales rose 14.5%, to $4.2B; Cyber Monday sales are expected to reach $9.4B, up 18.9% (Ingrid Lunden/TechCrunch)


Ingrid Lunden / TechCrunch:

Adobe: Black Friday online sales grew 19.6% YoY to $7.4B, as Thanksgiving sales rose 14.5%, to $4.2B; Cyber Monday sales are expected to reach $9.4B, up 18.9%  —  Following swiftly on the heels of a Thanksgiving that broke records with $4.2 billion in online sales, Black Friday also hit a new high …

Adobe: Black Friday online sales grew 19.6% YoY to .4B, as Thanksgiving sales rose 14.5%, to .2B; Cyber Monday sales are expected to reach .4B, up 18.9% (Ingrid Lunden/TechCrunch)
Source: Tech Meme

Amazon: Black Friday to Cyber Monday there are great deals to be had – CNET

With some incredible prices this weekend, the space between Black Friday and Cyber Monday is a great time to save even more at Amazon on everything from TVs to tablets. Amazon: Black Friday to Cyber Monday there are great deals to be had – CNET
Source: CNet

Walmart: Black Friday to Cyber Monday there are plenty of deals still available – CNET

It’s not hard to catch a great deal at Walmart — the space between Black Friday and Cyber Monday still carries some of the best prices we’ve seen all year. Walmart: Black Friday to Cyber Monday there are plenty of deals still available – CNET
Source: CNet

The Best Place to Park Your Car at the Mall, According to Math

If your holiday shopping adventures bring you to your local mall or shopping center this year, there’s some strategy behind where you park when you get there.

Read more…

The Best Place to Park Your Car at the Mall, According to Math
Source: Life Hacker

Best Buy: Black Friday to Cyber Monday, there are still plenty of deals to be had – CNET

With some of the lowest prices we expect to see this year, the weekend between Black Friday and Cyber Monday is the best time to save big at Best Buy. Best Buy: Black Friday to Cyber Monday, there are still plenty of deals to be had – CNET
Source: CNet

This Week in Security:Malicious Previews, VNC Vulnerabilities, Powerwall, and The 5th Amendment

Malware embedded in office documents has been a popular attack for years. Many of those attacks have been fixed, and essentially all the current attacks are unworkable when a document is opened in protected view. There are ways around this, like putting a notice at the top of a document, requesting that the user turn off protected view. [Curtis Brazzell] has been researching phishing, and how attacks can work around mitigations like protected view. He noticed that one of his booby-trapped documents phoned home before it was opened. How exactly? The preview pane.

The Windows Explorer interface has a built-in preview pane, and it helpfully supports Microsoft Office formats. The problem is that the preview isn’t generated using protected view, at least when previewing Word documents. Generating the preview is enough to trigger loading of remote content, and could feasibly be used to trigger other vulnerabilities. [Curtis] notified Microsoft about the issue, and the response was slightly disappointing. His discovery is officially considered a bug, but not a vulnerability.

VNC Vulnerabilities

Researchers at Kaspersky took a hard look at several VNC implementations, and uncovered a total of 37 CVEs so far. It seems that several VNC projects share a rather old code-base, and it contains a plethora of potential bugs. VNC should be treated similarly to RDP — don’t expose it to the internet, and don’t connect to unknown servers. The protocol wasn’t written with security in mind, and none of the implementations have been sufficiently security hardened.

Examples of flaws include: Checking that a message doesn’t overflow the buffer after having copied it into said buffer. Another code snippet reads a variable length message into a fixed length buffer without any length checks. That particular function was originally written at AT&T labs back in the late 90s, and has been copied into multiple projects since then.

There is a potential downside to open source that is highlighted here. Open source allows poorly written code to spread. This isn’t a knock against open source, but rather a warning to the reader. Just because code or a project uses an OSS license doesn’t mean it’s secure or hi quality code. There are more vulnerabilities still in the process of being fixed, so watch out for the rest of this story.

Powerwall

And since we’re talking about security fails, Tesla’s Powerwall contained a few of them. It’s unclear how many of these have been fixed with firmware updates, but the researchers at Hacker’s Choice just released the results of their testing.

The highlight of of the work is the hard-coded wifi password, set to the unit’s serial number. The problem is that the serial number is a known format: ST0001. “YY” is the year of manufacture. So far, that’s only since 2015, meaning there’s only 5 possible options. “L” is the revision, with only 6 seen in the wild so far. The last 7 digits appear to be a linearly incrementing number, with only numbers between 1000 and 2000 being seen. The real kicker is that the wifi network name appears to contain the last 3 digits of the serial number, giving that information away for free. For those keeping track at home, that means that an attacker trying to connect to a Powerwall’s wifi network has only 30 possible passwords to try, given this best case scenario.

How bad could it be, for an attacker to gain access to a Powerwall’s network? There is a web-based management interface that uses the same password as the wifi. This interface has all sorts of useful functions, like inverting the power sensor logic. This option probably exists to work around a hapless electrician that installed the sensor clamp backwards, but different combinations of inversion lead to various interesting results, like charging the grid when the battery should be charging, or pulling power instead. Another fun option is to change the power output to the home to another country’s standard. Doubling the voltage or changing the power frequency could be disastrous.

While this research was just published, the firmware tested appears to be from late 2017, with multiple updates released since then. Tesla hasn’t published details about security fixes in their firmware releases, so it’s hard to know how many of the problems presented here have been fixed.

Passwords, Freedom, and Self-incrimination

A legal fight has been slowly brewing in the US over the last few years. The central question is this: Does the Constitutionally guaranteed right against self-incrimination apply to passwords? Courts have been testing this issue for years, but so far a case has not come before the US Supreme Court. Prior cases have applied something known as the “Foregone Conclusion Exception”. This essentially means that with a warrant, police can compel an individual to turn over documentation that is known to exist. The Pennsylvania Supreme Court weighed in on the issue recently, and found that the act of giving a password is inherently testimonial, and therefore protected under the 5th amendment.

No person…shall be compelled in any criminal case to be a witness against himself….

This is yet another case of the difficulty of applying laws and rulings from before the computer revolution. If the password was instead a combination to a safe, it would be easy enough to open that safe through various means, even without the cooperation of the individual. Modern encryption is an entirely different realm, where decryption is impossible without the password. This latest ruling rejects the notion that the forgone conclusion exception can apply to a password. This issue will likely be decided at the US Supreme Court eventually.

We’re running this weekend because of Thanksgiving, but keep your eyes peeled Friday mornings for This Week in Security, and we’ll keep you up to date with these stories and more.

This Week in Security:Malicious Previews, VNC Vulnerabilities, Powerwall, and The 5th Amendment
Source: HackADay

Black Friday 2019 best deals under $250: Save on iPad, PS4, Xbox, Fire TV, Beats (updated) – CNET

Check out our updated list of deals on headphones, game consoles and more from Amazon, Walmart, Target and Best Buy, all still available. Black Friday 2019 best deals under 0: Save on iPad, PS4, Xbox, Fire TV, Beats (updated) – CNET
Source: CNet

Baby Yoda sipping soup meme threatens to replace Kermit sipping tea – CNET

This new Star Wars Mandalorian meme is hot. Baby Yoda sipping soup meme threatens to replace Kermit sipping tea – CNET
Source: CNet

Black Friday Amazon deals still available: iPads, Jabra Elite 65t earbuds and more (just updated) – CNET

Amazon’s Black Friday deals are still going strong with huge savings on Fire TVs and tablets, DNA kits, Echo Dots, big-screen TVs and more. Black Friday Amazon deals still available: iPads, Jabra Elite 65t earbuds and more (just updated) – CNET
Source: CNet

Disney screens Star Wars: The Rise of Skywalker early for dying fan – CNET

“The patient and his family are completely over the moon of Endor about it all.” Disney screens Star Wars: The Rise of Skywalker early for dying fan – CNET
Source: CNet

EU antitrust regulators are conducting a preliminary investigation into Google's data collection practices (Foo Yun Chee/Reuters)


Foo Yun Chee / Reuters:

EU antitrust regulators are conducting a preliminary investigation into Google’s data collection practices  —  BRUSSELS (Reuters) – EU antitrust regulators are investigating Google’s collection of data, the European Commission told Reuters on Saturday, suggesting the world’s …

EU antitrust regulators are conducting a preliminary investigation into Google's data collection practices (Foo Yun Chee/Reuters)
Source: Tech Meme

Let A CPR Robot Save The Day

Four highschool students in Lyon France are building a CPR robot, with the aim of removing the endurance problem faced by those delivering this form of essential first aid.

By every after action report, CPR is an emotionally and physically exhausting way to save a life. When someone’s heart stops beating their breathing stops too. After that there’s a very small window in which to keep just enough oxygen in the blood to prevent brain damage and organ failure. A person has to precisely position their hands and press, repeatedly, with enough force to break someone’s sternum in order to keep their heart pumping; sometimes for over fifteen minutes waiting for rescue to arrive. On top of that, depending on which school of thought they learned the technique, they may be required to also force air into the patients lungs.

While this pushes the boundary of human endurance, a robot would not have the same issue. In fact, many of the existing problems are solved. CPAP Machines can force air into lungs all day long. A motor and a mechanism could position and provide the mechanical pumping motion to keep the blood flowing. Sensors could tell when the heart takes back over. The machine is currently a proof-of-concept built from plywood, and off-the-shelf parts. Yet it can maintain the 30 compression – 2 breath cycle indefinitely on a CPR Dummy.

It’s an interesting idea; while defibrillators do exist, they don’t always get the heart going in time. We wonder if someone more medically inclined can weigh in on this interesting idea.

Let A CPR Robot Save The Day
Source: HackADay

Twitter Permanently Suspends Accounts of Ilhan Omar’s Potential Challenger

Danielle Stella, a Republican, suggested on Twitter that Ms. Omar be tried for treason and hanged. Twitter Permanently Suspends Accounts of Ilhan Omar’s Potential Challenger
Source: NY Times Tech

Best Black Friday 2019 deals under $250: Save on iPad, PS4, Xbox, Fire TV, Beats (updated) – CNET

Check out our updated list of deals on headphones, game consoles and more from Amazon, Walmart, Target and Best Buy, all available now. Best Black Friday 2019 deals under 0: Save on iPad, PS4, Xbox, Fire TV, Beats (updated) – CNET
Source: CNet

Quickly Create Your Own Custom Emojis With This Website

Emojis can be a fun addition to a tweet or messages, but something the right emoji doesn’t quite exist. Emoji Maker is a simple tool that can help.

Read more…

Quickly Create Your Own Custom Emojis With This Website
Source: Life Hacker

Cyber Monday 2019 Nintendo Switch deals available now: $25 off Switch Lite at Amazon, Mario Kart bundle and more – CNET

You can still get the Mario Kart bundle for $300 or a Switch Lite for $25 off. Plus: $20 off Joy-Cons! Cyber Monday 2019 Nintendo Switch deals available now: off Switch Lite at Amazon, Mario Kart bundle and more – CNET
Source: CNet

Black Friday phone savings still available: $500 off an iPhone 11, 11 Pro or Pro Max (just updated) – CNET

Black Friday is over, but there are still great offers on the Pixel 4, Galaxy S10 and iPhone, along with hundreds of dollars’ worth of free gift cards from Walmart, Best Buy and Target. Black Friday phone savings still available: 0 off an iPhone 11, 11 Pro or Pro Max (just updated) – CNET
Source: CNet

Biggest Black Friday 2019 deals: All of the Fitbit and Apple Watch models on sale now – CNET

The Fitbit Inspire HR for $69. The Versa Lite for $99. And massive markdowns on the Apple Watch Series 4. Biggest Black Friday 2019 deals: All of the Fitbit and Apple Watch models on sale now – CNET
Source: CNet

Black Friday 2019 Costco deals on Saturday include Dell, Fitbit, Sonos discounts and more (updated) – CNET

Black Friday deals are still going strong at Costco, with massive savings and electronics. We’ve gathered some of the best deals for your holiday shopping pleasure. Black Friday 2019 Costco deals on Saturday include Dell, Fitbit, Sonos discounts and more (updated) – CNET
Source: CNet

How angel investing for social status is a core part of Bay Area tech ecosystem, and is critically missing from other cities trying to grow their tech scenes (Alex Danco)


Alex Danco:

How angel investing for social status is a core part of Bay Area tech ecosystem, and is critically missing from other cities trying to grow their tech scenes  —  Michael Seibel of YC posted a short video the other day about a topic that’s near and dear to my heart: Why Fundraising is Different in Silicon Valley.

How angel investing for social status is a core part of Bay Area tech ecosystem, and is critically missing from other cities trying to grow their tech scenes (Alex Danco)
Source: Tech Meme

Multi Material 3D Printing Makes Soft Robot

When you zoom in on a fractal you find it is made of more fractals. Perhaps that helped inspire the Harvard 3D printers that have various arrays of mixing nozzles. In the video below you can see some of the interesting things you can do with an array of mixing nozzles. The coolest, we think, is a little multi-legged robot that uses vacuum to ambulate across the bench. The paper, however, is behind a paywall.

There are really two ideas here. Mixing nozzles are nothing new. Usually, you use them to mimic a printer with two hot ends. That is, you print one material at a time and purge the old filament out when switching to the new filament. This is often simpler than using two heads because with a two head arrangement, both the heads have to be at the same height, you must know the precise offset between the heads, and you generally lose some print space since the right head can’t cross the left head and vice versa. Add more heads, and you multiply those problems. We’ve also seen mixing nozzles provide different colors.

The printers in the video, can lay down filament of different types and achieves very rapid change overs. According to the authors:

… exploit(s) the diode-like behaviour that arises when multiple visco-elastic materials converge at a junction to enable seamless, high-frequency switching between up to eight different materials…

This should be within reach of existing hobby-level mixing hot ends, although perhaps it requires different materials than we currently use.

In addition to the robot, there is a folding origami-like structure that uses both rigid and flexible plastic. The only thing that struck us is that while the array of nozzles makes fast prints with repetitive structure, it didn’t seem possible to turn them off. So the things you could print with, say, an 8-head nozzle would be very limited by the spacing between the nozzles since all the nozzles print together.

Still, this could be a good research project for anyone with a mixing hotend. The capability is even available on tiny printers. If you want to mix four filaments, there’s always the diamond. If you get results — positive or negative — experimenting with this technique, write it up, hit us with a tip, and we’ll pass it along.

Multi Material 3D Printing Makes Soft Robot
Source: HackADay

Black Friday 2019 Nintendo Switch deals: Mario Kart bundle for $300, $25 off a Switch Lite, and discounted games and more – CNET

Most of the best deals have already sold out or expired, but you can still get the Mario Kart bundle for $300 or a Switch Lite for $25 off. Plus: $20 off Joy-Cons! Black Friday 2019 Nintendo Switch deals: Mario Kart bundle for 0, off a Switch Lite, and discounted games and more – CNET
Source: CNet

Airlines Are Offering Travel Waivers For Some Flights Due to Winter Storm Ezekiel

If you’re planning on traveling home from your Thanksgiving festivities this weekend, you might run into trouble if those travel plans have you coming or going from the Northeast. Winter storm Ezekiel is expected to cause some serious issues starting tomorrow, so much so that a number of airlines have already issued…

Read more…

Airlines Are Offering Travel Waivers For Some Flights Due to Winter Storm Ezekiel
Source: Life Hacker