Good Morning! Suprisingly, a developer has cracked open TicketMaster's SafeTix rotating barcode system, raising questions about the security of the anti-fraud measures. Worldcoin, founded by OpenAI's Sam Altman, has launched its World Chain blockchain for developer testing, promising enhanced scalability and user-centric features. The free Zed code editor has come under scrutiny for automatically downloading and running programs without user consent, sparking concerns about security and transparency in developer tools.

— Forrest Knight & Meghanadh Vasireddy

TicketMaster's SafeTix System Cracked Open

A developer has successfully reverse engineered TicketMaster's SafeTix rotating barcode system, exposing potential vulnerabilities in the ticketing giant's anti-fraud measures. The study found that SafeTix barcodes are made up of a fixed code and two changing numbers that update every 15 seconds.

Main discoveries:

• Barcodes contain Base64 data, two 6-digit numbers, and a time stamp

• The system uses eventKey and customerKey to make the changing numbers

• Ticket codes can be easily found in the web browser's message log

While TicketMaster says SafeTix stops ticket fraud and reselling, this breakdown shows that tickets might still be copied or shared outside their system. The researcher even made a simple app called TicketGimp to show SafeTix barcodes using the extracted codes.

This discovery makes people wonder if SafeTix is really as secure as TicketMaster claims it to be.

Read More Here

Worldcoin's World Chain Opens to Developers

Worldcoin, started by Sam Altman from OpenAI, is testing a new blockchain called World Chain. Some developers can now try it out before everyone else gets to use it later this summer.

World Chain is built using tools from Optimism and works with Worldcoin's system. It aims to help more people use the network without slowing things down.

Key Features about World Chain:

• Uses Reth, which is fast Ethereum software

• Can handle twice as much work as Optimism's main network

• Wants to process 1,000 million gas per second someday

• Works with over 10 million users in many countries

World Chain is teaming up with companies like Alchemy, Safe, and Elliptic to make it better. It also has extra safety features to keep it secure.

The big idea is to make a blockchain that's fast and puts people first, while still working well with Ethereum. This test run will help make sure everything's ready for the big launch.

Read More Here

Zed Editor automatically downloads binaries and NPM packages from the Internet without user consent

The free Zed code editor is in trouble for quietly getting and running programs without asking users. People found out Zed grabs Node.js, npm packages, language servers, and other tools from the internet when it starts up.

Main worries include:

• Safety risks from running unchecked programs

• Surprise data use, especially on limited internet plans

• Not working well on some Linux systems like NixOS

• Maybe breaking GPL license rules

Lots of people are saying this is bad for places that care about security and goes against what users expect. Some have turned off language servers to avoid the problem.

The Zed team says they did this to make things easy for new users. But they're looking at ways to let users control what gets downloaded.

This shows how hard it is to make tools both easy and safe for developers. People are waiting to see how Zed will fix this issue.

Read More Here

🔥 More Notes

• Amazon launches its fourth-generation Graviton4 chip as competition intensifies

• The next Intel desktop chips may muddy the AI waters

• The developers suing over GitHub Copilot got dealt a major blow in court

Youtube Spotlight

How I made a Pokedex for Real Life with AI / GPT4o

Was this forwarded to you? Sign Up Here