BlackBerry’s newest Android smartphone is official.
The BlackBerry KEYone runs Android 7.1 Nougat on a 4.5-inch 1620×1080 display with a 3:2 aspect ratio. Of course, one of its highlight features is its physical keyboard, which sits directly below the screen.
In addition to entering text, the KEYone’s physical keyboard can be used for shortcuts to your favorites contacts and apps, and you flick predictive text up onto the KEYone’s screen. The keyboard also works as a trackpad, letting you scroll through webpages and emails without touching the screen. And packed inside the KEYone’s space bar is a fingerprint reader.
Around on the other side of the KEYone is a 12-megapixel camera with a Sony IMX378 sensor and large 1.55µm pixels. The front-facing camera is an 8-megapixel shooter with a wide angle lens.
Rounding out the KEYone’s spec list is an octa-core Snapdragon 625 processor, 3GB of RAM, 32GB of storage, a microSD slot for adding even more storage, NFC, a 3505mAh battery, Quick Charge support for topping that battery up in a hurry, and USB Type-C. All of those features are crammed into a body with an aluminum frame and a soft textured back.
The BlackBerry KEYone includes LTE bands 1, 2, 3, 4, 5, 7, 12, 17, 19, 20, 28, 29, 30, 38, 39, 40, and 41 in North America and Latin America. In Europe, the Middle East, Africa, and Asia Pacific, the KEYone offers LTE bands 1, 2, 3, 4, 5, 7, 8, 13, 17 20, 28A, 38, 40, and B28.
Expect the BlackBerry KEYone to launch in April at a price of $549/€599/£499. While it’s not the most high-end Android phone around, it’s one of the only smartphones on the market with a physical keyboard, which will make it stand out. A lot of people are perfectly happy to tap out their text on glass, but for folks that like the feel of a physical keyboard and miss the old days of BlackBerry, the KEYone could be a nice daily driver.
Honestly, this Wonder Woman balloon jet one of the cutest and cleverest cosplays I’ve ever seen. It’s the work of Chicago-based balloon artist Smarty Pants and his superhero daughter Penny.
It’s yet another Monday and you’re hard at work on those TPS reports for your boss, Lumbergh. Why not play Emacs’s Zork-like text adventure game to take your mind off the tedium of work?
But seriously, yes, there are both games and quirky playthings in Emacs. Some you have probably heard of or played before. The only thing they have in common is that most of them were added a long time ago: some are rather odd inclusions (as you’ll see below) and others were clearly written by bored employees or graduate students. What they all have in common is a whimsy and a casualness that I rarely see in Emacs today. Emacs is Serious Business now in a way that it probably wasn’t back in the 1980s when some of these games were written.
Tower of Hanoi
The Tower of Hanoi is an ancient mathematical puzzle game and one that is probably familiar to some of us as it is often used in Computer Science as a teaching aid because of its recursive and iterative solutions.
In Emacs there are three commands you can run to trigger the Tower of Hanoi puzzle: M-x hanoi with a default of 3 discs; M-x hanoi-unix and M-x hanoi-unix-64 uses the unix timestamp, making a move each second in line with the clock, and with the latter pretending it uses a 64-bit clock.
The Tower of Hanoi implementation in Emacs dates from the mid 1980s — an awful long time ago indeed. There are a few Customize options (M-x customize-group RET hanoi RET) such as enabling colorized discs. And when you exit the Hanoi buffer or type a character you are treated to a sarcastic goodbye message (see above.)
5x5
The 5x5 game is a logic puzzle: you are given a 5x5 grid with a central cross already filled-in; your goal is to fill all the cells by toggling them on and off in the right order to win. It’s not as easy as it sounds!
To play, type M-x 5x5, and with an optional digit argument you can change the size of the grid. What makes this game interesting is its rather complex ability to suggest the next move and attempt to solve the game grid. It uses Emacs’s very own, and very cool, symbolic RPN calculator M-x calc (and in Fun with Emacs Calc I use it to solve a simple problem.)
So what I like about this game is that it comes with a very complex solver – really, you should read the source code with M-x find-library RET 5x5 – and a “cracker” that attempts to brute force solutions to the game.
Try creating a bigger game grid, such as M-10 M-x 5x5, and then run one of the crack commands below. The crackers will attempt to iterate their way to the best solution. This runs in real time and is fun to watch:
M-x 5x5-crack-mutating-best
Attempt to crack 5x5 by mutating the best solution.
M-x 5x5-crack-mutating-current
Attempt to crack 5x5 by mutating the current solution.
M-x 5x5-crack-randomly
Attempt to crack 5x5 using random solutions.
M-x 5x5-crack-xor-mutate
Attempt to crack 5x5 by xoring the current and best solution.
Text Animation
You can display a fancy birthday present animation by running M-x animate-birthday-present and giving it your name. It looks rather cool!
The animate package is also used by M-x butterfly command, a command added to Emacs as an homage to the XKCD strip above. Of course the Emacs command in the strip is teeechnically not valid but the humor more than makes up for it.
Blackbox
The objective of this game I am going to quote literally:
The object of the game is to find four hidden balls by shooting rays into the black box. There are four possibilities: 1) the ray will pass thru the box undisturbed, 2) it will hit a ball and be absorbed, 3) it will be deflected and exit the box, or 4) be deflected immediately, not even being allowed entry into the box.
So, it’s a bit like the Battleship most of us played as kids but… for people with advanced degrees in physics?
It’s another game that was added back in the 1980s. I suggest you read the extensive documentation on how to play by typing C-h f blackbox.
Bubbles
The M-x bubbles game is rather simple: you must clear out as many “bubbles” as you can in as few moves as possible. When you remove bubbles the other bubbles drop and stick together. It’s a fun game that, as an added bonus, comes with graphics if you use Emacs’s GUI. It also works with your mouse.
You can configure the difficulty of the game by calling M-x bubbles-set-game-<difficulty> where <difficulty> is one of: easy, medium, difficult, hard, or userdefined. Furthermore, you can alter the graphics, grid size and colors using Customize: M-x customize-group bubbles.
For its simplicity and fun factor, this ranks as one of my favorite games in Emacs.
Fortune & Cookie
I like the fortune command. Snarky, unhelpful and often sarcastic “advice” mixed in with literature and riddles brightens up my day whenever I launch a new shell.
Rather confusingly there are two packages in Emacs that does more-or-less the same thing: fortune and cookie1. The former is geared towards putting fortune cookie messages in email signatures and the latter is just a simple reader for the fortune format.
Anyway, to use Emacs’s cookie1 package you must first tell it where to find the file by customizing the variable cookie-file with customize-option RET cookie RET.
If you’re on Ubuntu you will have to install the fortune package first. The files are found in the /usr/share/games/fortunes/ directory.
You can then call M-x cookie or, should you want to do this, find all matching cookies with M-x cookie-apropos.
Decipher
This package perfectly captures the utilitarian nature of Emacs: it’s a package to help you break simple substitution ciphers (like cryptogram puzzles) using a helpful user interface. You just know that – more than twenty years ago – someone really had a dire need to break a lot of basic ciphers. It’s little things like this module that makes me overjoyed to use Emacs: a module of scant importance to all but a few people and, yet, should you need it – there it is.
So how do you use it then? Well, let’s consider the “rot13” cipher: rotating characters by 13 places in a 26-character alphabet. It’s an easy thing to try out in Emacs with M-x ielm, Emacs’s REPL for Evaluating Elisp:
*** Welcome to IELM *** Type (describe-mode) for help.
ELISP> (rot13 "Hello, World")
"Uryyb, Jbeyq"
ELISP> (rot13 "Uryyb, Jbeyq")
"Hello, World"
ELISP>
Simply put, you rotate your plaintext 13 places and you get your ciphertext; you rotate is another 13 and you end up where you started. This is the sort of thing this package can help you solve.
So how can the decipher module help us here? Well, create a new buffer test-cipher and type in your cipher text (in my case Uryyb, Jbeyq)
You’re now presented with a rather complex interface. You can now place the point on any of the characters in the ciphertext on the purple line and guess what the character might be: Emacs will update the rest of the plaintext guess with your choices and tell you how the characters in the alphabet have been allocated thus far.
You can then start winnowing down the options using various helper commands to help infer which cipher characters might correspond to which plaintext character:
D
Shows a list of digrams (two-character combinations from the cipher) and their frequency
F
Shows the frequency of each ciphertext letter
N
Shows adjacency of characters. I am not entirely sure how this works.
M and R
Save and restore a checkpoint, allowing you to branch your work and explore different ways of cracking the cipher.
All in all, for such an esoteric task, this package is rather impressive! If you regularly solve cryptograms maybe this package can help?
Doctor
Ah, the Emacs doctor. Based on the original ELIZA the “Doctor” tries to psychoanalyze what you say and attempts to repeat the question back to you. Rather fun, for a few minutes, and one of the more famous Emacs oddities. You can run it with M-x doctor.
Dunnet
Emacs’s very own Zork-like text adventure game. To play it, type M-x dunnet. It’s rather good, if short, but it’s another rather famous Emacs game that too few have actually played through to the end.
If you find yourself with time to kill between your TPS reports then it’s a great game with a built-in “boss screen” as it’s text-only.
Oh, and, don’t try to eat the CPU card :)
Gomoku
Another game written in the 1980s. You have to connect 5 squares, tic-tac-toe style. You can play against Emacs with M-x gomoku. The game also supports the mouse, which is rather handy. You can customize the group gomoku to adjust the size of the grid.
Game of Life
Conway’s Game of Life is a famous example of cellular automata. The Emacs version comes with a handful of starting patterns that you can (programmatically with elisp) alter by adjusting the life-patterns variable.
You can trigger a game of life with M-x life. The fact that the whole thing, display code, comments and all, come in at less than 300 characters is also rather impressive.
Pong, Snake and Tetris
These classic games are all implemented using the Emacs package gamegrid, a generic framework for building grid-based games like Tetris and Snake. The great thing about the gamegrid package is its compatibility with both graphical and terminal Emacs: if you run Emacs in a GUI you get fancy graphics; if you don’t, you get simple ASCII art.
You can run the games by typing M-x pong, M-x snake, or M-x tetris.
The Tetris game in particular is rather faithfully implemented, having both gradual speed increase and the ability to slide blocks into place. And given you have the code to it, you can finally remove that annoying Z-shaped piece no one likes!
Solitaire
This is not the card game, unfortunately. But a peg-based game where you have to end up with just one stone on the board, by taking a stone (the o) and “jumping” over an adjacent stone into the hole (the .), removing the stone you jumped over in the process. Rinse and repeat until the board is empty.
There is a handy solver built in called M-x solitaire-solve if you get stuck.
Zone
Another of my favorites. This time’s it’s a screensaver – or rather, a series of screensavers.
Type M-x zone and watch what happens to your screen!
You can configure a screensaver idle time by running M-x zone-when-idle (or calling it from elisp) with an idle time in seconds. You can turn it off with M-x zone-leave-me-alone.
This one’s guaranteed to make your coworkers freak out if it kicks off while they are looking.
Multiplication Puzzle
This is another brain-twisting puzzle game. When you run M-x mpuz you are given a multiplication puzzle where you have to replace the letters with numbers and ensure the numbers add (multiply?) up.
You can run M-x mpuz-show-solution to solve the puzzle if you get stuck.
Miscellaneous
There are more, but they’re not the most useful or interesting:
You can translate a region into morse code with M-x morse-region and M-x unmorse-region.
The Dissociated Press is a very simple command that applies something like a random walk markov-chain generator to a body of text in a buffer and generates nonsensical text from the source body. Try it with M-x dissociated-press.
The Gamegrid package is a generic framework for building grid-based games. So far only Tetris, Pong and Snake use it. It’s called gamegrid.
The gametree package is a complex way of notating and tracking chess games played via email.
The M-x spook command inserts random words (usually into emails) designed to confuse/overload the “NSA trunk trawler” – and keep in mind this module dates from the 1980s and 1990s – with various words the spooks are supposedly listening for. Of course, even ten years ago that would’ve seemed awfully paranoid and quaint but not so much any more…
Conclusion
I love the games and playthings that ship with Emacs. A lot of them date from, well, let’s just call a different era: an era where whimsy was allowed or perhaps even encouraged. Some are known classics (like Tetris and Tower of Hanoi) and some of the others are fun variations on classics (like blackbox) — and yet I love that they ship with Emacs after all these years. I wonder if any of these would make it into Emacs’s codebase today; well, they probably wouldn’t — they’d be relegated to the package manager where, in a clean and sterile world, they no doubt belong.
There’s a mandate in Emacs to move things not essential to the Emacs experience to ELPA, the package manager. I mean, as a developer myself, that does make sense, but… surely for every package removed and exiled to ELPA we chip away the essence of what defines Emacs?
Everyone needs a helping hand sometimes. Enter the Google Assistant, which is conversational, personal and helps you get things done—from telling you about your day to taking a selfie. The Assistant is already available on Pixel, Google Home, Google Allo and Android Wear. Now we're bringing it to even more people. Starting this week, the Google Assistant is coming to smartphones running Android 7.0 Nougat and Android 6.0 Marshmallow.
Whether you need to know how to say “nice to meet you” in Korean or just a simple reminder to do laundry when you get home, your Assistant can help. With the Google Assistant on Android phones, you have your own personal, helpful Google right in your pocket.
The Google Assistant on the Samsung Galaxy S7, LG V20 and HTC 10.
And here are a few other things to try out—just long press on the Home button or say “Ok Google” to get started:
What’s my confirmation number for my London flight?
Take me to Museu Picasso.
Show my photos of sunsets in Tahoe.
Do I need an umbrella today?
Turn on the living room lights.
The Google Assistant will begin rolling out this week to English users in the U.S., followed by English in Australia, Canada and the United Kingdom, as well as German speakers in Germany. We’ll continue to add more languages over the coming year.
The Google Assistant will automatically come to eligible Android phones running Nougat and Marshmallow with Google Play Services. You'll also see the Google Assistant on some newly announced partner devices, including the LG G6.
If you happen to be in Barcelona, Spain at the mobile industry’s largest trade show Mobile World Congress this week, stop by the Android Global Village to try out the Google Assistant across a number of Android partner phones, including HTC, Huawei, Samsung and Sony.
Our goal is to make the Assistant available anywhere you need it. It came to Android Wear 2.0—via new smartwatches—just a few weeks ago and, as we previewed in January, the Assistant is also coming to TVs and cars. With this update, hundreds of millions of Android users will now be able to try out the Google Assistant. What will you ask first?
The decision comes nearly 3½ years after Miyazaki, 76, announced his retirement amid persistent calls for him to make a comeback from his fans both in and outside Japan.
“He is creating it in Tokyo, working hard right now,” Toshio Suzuki, a producer at the major Japanese animation company, said Thursday on a talk show, adding he was presented by the animation maestro with the storyboard of the new film at the end of last year.
“(The storyboard) was quite exciting,” 68-year-old Suzuki said, adding, “but if I’d told him it was good, I know it would ruin my own retirement,” as making the film would dominate his life, Suzuki told the audience.
On a recent episode of Justin, Travis, and Griffin McElroy's terrific advice podcast, My Brother, My Brother and Me, the brothers pondered a Yahoo Answers question about what would happen if you put a toaster inside a freezer. (The discussion comes around the 36-minute mark.)
They have a fun discussion of a few aspects of the problem before eventually moving on to the next question. Since they don't really settle on a final answer, I thought we could help them out by taking a closer look at the physics of freezer toasters.
(A quick safety note: If you actually do this, keep in mind that the toaster may melt some of the ice in the freezer, leaving you with a running electrical appliance in a pool of water.)
Griffin sums up the situation like this:
You put a toaster in a freezer. You run the extension cord in there. You put some good bread in there. You click it down. What even happens, right? Because if your answer is, "it would get hot," then the freezer hasn't done its job. But if you say "it would get cold," then the toaster hasn't done its job.
For starters, the answer: The toaster would win. The freezer wouldn't do its job. Toasters beat freezers.
It's easy to think of a toaster and freezer as equivalent—one cools things down and the other warms them up. But toasters heat things up a lot more than freezers cool them down.
The coils in regular toasters get hot enough to glow, which means they're over about 600°C. Since the toaster is operating at such high temperatures, it would hardly notice whether the surrounding environment is 20°C (room temperature), 4°C (a fridge), or -15°C (a freezer).[1]The zero on our usual temperature scales can confuse things, since it makes it seem like going from 10° to 20° is "doubling" the temperature. But the "zero" on the Celsius scale is just a point chosen by convention. If we switch to Kelvin, which counts in degrees above absolute zero, a freezer is 260 K, a fridge is 275 K, a normal room is 295 K ... and the heating element in a toaster is 900 K.
The toaster needs to heat its coils from room temperature to somewhere over 600°C. From the toaster's point of view, a 20- or 40-degree change in starting temperature hardly matters. The coils will get hot, and then the bread will get hot, too. If the bread is colder at the start, the toaster will have to heat it a little longer to get it up to ideal toasting temperature, but it will have no trouble getting there. As anyone who's ever burned a piece of toast knows, toasters are definitely capable of heating bread to above the ideal temperature for toast.
In their discussion, the McElroys brought up another question: Even if the toaster can still toast bread at first, would it struggle to stay warm over time? If you left both the toaster and the freezer running, who would win in the long term?
The answer is that the toaster would still win. A toaster produces about a thousand watts of heat, and the cooling system in a household freezer can't remove heat that fast. In fact, since freezers are so well insulated, the inside of the freezer would probably get much hotter than the rest of the house, and eventually the toaster and/or the freezer would probably overheat.[2]Either device have a safety cutoff that stops things from actually melting down, but it's probably not wise to count on that in this situation.
Refrigerators and freezers work by soaking up heat from their interior and dumping it out the back.[3]That's why the area behind your freezer is warm, and why you can't cool a room by leaving the fridge door open. In a sense, they're more efficient than toasters. Fridges have a "coefficient of performance" of 2 or 3, which means it only takes them 1 unit of electrical energy to move 2 or 3 units of heat energy from the interior to the exterior. A toaster, on the other hand, produces 1 unit of heat from 1 unit of electricity. But since the compressor in a fridge-freezer typically only uses 100 or 150 watts when it's running,[4]You can see some real-world graphs of refrigerator power usage, courtesy people with home electricity meters, with a simple Google Image search. The distinctive on-off square-wave pattern is the compressor switching on and off throughout the day, while the big spikes are the heating element that keeps frost from building up on the coils. This power consumption is split between the fridge and the freezer, but if the fridge is already cold, most of the energy will be spent fighting with the toaster. so even with the efficiency multiplier, it can't keep up with the toaster's 1000+ watts of heat production.
Eventually, the toaster will start to heat up the inside of the freezer. Even if the freezer were as powerful as the toaster, it wouldn't be able to keep the toaster coils themselves from getting hot and toasting bread. The freezer can make the air around the toaster cold, but remember, to the toaster, all our air is cold.
If you happen to live in the Canadian city of Winnipeg, you can check this experimentally. The winter temperature at night in Winnipeg is about the same as the inside of a freezer, so the environment there effectively simulates a freezer with infinite capacity to absorb heat. Suppose you put a toaster out on your porch one night, plugged in by an extension cord, and leave it running for a few hours, going outside every so often to collect the toast and put in some fresh bread. What will happen? Simple: You'll quickly be eaten by wolves.
But assuming you survive the experiment, you should find that the toaster doesn't have trouble working in the cold air. It may take a bit longer to get the bread properly browned, but unless the wind is extremely strong, it should be able to manage it fine. After all, to a toaster, all weather is cold.
The difference between what humans consider "cold" and "warm" is negligible in a lot of high-temperature processes. For example, Antarctica has a well-equipped fire department. It might seem strange to worry about things getting too hot in the coldest place on Earth, but fire poses a serious threat to the researchers there. After all, the place is dry, windy, and doesn't have a lot of liquid water sitting around to douse a flame with. Sure, it's cold—but to a fire, everything is cold.
On the other hand, there are no wolves in Antarctica. So as long as you don't mind a trip—and you get clearance from the Antarctica fire department—you can go there to enjoy your outdoor freezer toast in peace.
One question I’ve often been asked since I started learning Korean is: do the two halves of the peninsula speak the same language? The answer is yes and not quite. Yes, because division happened only in the previous century, which isn’t enough time for mutual unintelligibility to develop. Not quite, because it is enough time for those countries’ vastly different trajectories to impact on the language they use, most noticeably in the case of English loanwords – a veritable flood in the South, carefully dammed in the North. The biggest differences, though, are those of dialect, which have pronounced regional differences both between and within North and South. Unlike in the UK, a dialect doesn’t just mean a handful of region-specific words; conjunctions and sentence endings, for example, are pronounced and thus written differently. That’s a headache until you crack the code.
But while the original manuscript of The Accusation apparently contains around 200 words that the average South Korean would be unlikely to know, I was lucky to be working from a version that had already been edited for publication in South Korea. I also had a generous friend, Kyeong-soo, to consult in those few instances when even the internet drew a blank. Still, these blanks tended not to be drawn over anything to do with ideology, party rank or the apparatus of state. Rather the challenge was capturing details such as children playing on sorghum stilts – a specificity of a culture that is in danger of becoming shared only in memory, whose evocation reaches back to a time when north Korea meant simply the collection of provinces 100 miles up the country where the food was milder, the winters were colder, and where your aunt and uncle lived.
An interesting question, but frustratingly dealt with, in that she doesn’t give any examples; fortunately, Wikipedia comes to the rescue. (Thanks, Trevor!)
These aren't particularly hard to web search for, but just in case you didn't know they existed I figured I'd drop them here. I've used all three of these in the past and I think they do a good job of driving home how cool of patterns you can make in SVG with such little code.
The Blonde Swan Hat Boutique on Etsy has added a whole bunch of nerdy hat designs since we last checked in, but the leather Boba Bowler certainly grabbed our attention. It’s a fine choice for a dapper Star Wars fan with deep pockets. Take a closer look at the hat below, along with a selection of some of our other favorites.
I notice a strikethrough sale earlier today. Very nice.
Google is improving the Play Store for Android, but rather than focus on the users this time around, the company is focusing on developers. It introduced some tweaks to help developers with apps, and games in particular, on the Play Store.
The first tweak is a change to the algorithm that promotes games. Rather than basing popularity strictly on installs, it will now take user engagement into account. This will push less popular apps that are getting a lot of use by dedicated fans further up in popularity and rankings.
Google is also allowing for strikethrough sales. Developers can run sales with the original price listed, which Google has noticed causes installs to go up 3x-20x.
Lastly, Google will be creating editorial pages later this month. These editorial pages will be themed and hand picked rather than using any algorithms.
If you’re a developer, hit the source link for more info on the new features. If you’re a regular user, keep an eye out for Google’s editorial pages this month!
Is Google obsessed with chat platforms? I think they've become chat platform hoarders.
Without announcement or fanfare, Meet by Google Hangouts is live, at least to an extent. The service is an enterprise-focused group video call app based on Hangouts.
The service supports up to 30 people, meeting codes, a list of scheduled meetings, and integration into G Suite. The site meet.google.com is now live, so you can check it out if you’d like.
The app was live on iTunes for a short period of time but was later pulled. The service looks like it isn’t quite ready for use but could be officially announced at any time.
I was strongly reminded about the scariness of non-secure websites the other day.
I'm using Xfinity as an internet service provider, and they give you a device that is both a cable modem and a router.
Here's a tiny bit of backstory. I use a VPN, and I discovered that in using their modem directly, the VPN wouldn't work. I'm not sure why. I didn't dig into it very far, because I have a modem of my own I'd prefer to use. So I plugged that in, which worked... but not particularly well. The connection was spotty and slow, even right in my own house.
I think (maybe?) it was competing WiFi signals from the two routers sitting right next to each other. Don't quote me on that. The reason I think that is because, fortunately, I was able to turn off the router on the Xfinity device, and that solved the problem. Thde speed and connectivity was back. To their credit, it was really fast. The Xfinity device has a featured called "Bridge Mode" that is specifically for turning off the router so that you can use your own. I was able to enable that, use my own router, get the speed back, and connect to the VPN.
Win! That lasted for a few months. Then recently there was some weird big internet outage in our area. Xfinity notified us about it. They had to push some updates or something to our device, and that broke everything again. I struggled with it for days, but what ultimately worked was turning off Bridge Mode, and turning it back on again (isn't it always?).
In those in-between days, the only thing I could figure out to get online was to connect to the SSID "xfinitywifi" that this router seemed to be emitting. This "xfinity" network is unusual because it behaves kinda like a coffee shop or university hotspot in that it pops up that weird browser modal and you have to log in with your (Xfinity) credentials. It's a value-add kinda thing for their service. Their routers are dotted all over the place, so if you're a customer of theirs, you get internet ("for free") a lot of places. My fiance was at the doctor the other day, and she was using it there.
If that's the network you're connected to, Xfinity performs man-in-the-middle attacks on websites to send you messages. Here's an example of me just looking at a (non-secure) website:
Man-in-the-middle, meaning, this website had no such popup in its code. Xfinity intercepted the request, saw it was a website, and forcefully injected its own code into the site. In this case, to advertise an app and to tell you about security. Ooozing with irony, that.
If they can do that, imagine what else they can do. (Highly recommended listening: ShopTalk #250) They could get even more forceful with advertising. Swap out existing advertising with their own. Install a keylogger. Report back information about what you're doing and where you are. You might not even know if anything is happening at all.
This might seem a little tin foil hatish, but realize: they've already been incentivized to do this. All the incentive is there to keep milking value out of this superpower they have.
Some good news: Individual websites can stop this with HTTPS. That's a massively good step. With HTTPS, the traffic packets are encrypted and Xfinity can't read or manipulate them effectively. Through metadata, they might be able to guess what they are (e.g. know you're streaming a video and throttle speed), but there isn't much else they can do.
It's not just this one indiscretion, Xfinity also uses this tactic to send you other messages.
@chriscoyier@XFINITY also how they warn you about bandwidth or billing issues. not fun.
Seriously?! You require me to have a box in my house that broadcasts a public WiFi hotspot that I can't turn off? You're automatically opted into it, but you can turn it off.
Seriously?! You use that hotspot to perform man-in-the-middle attacks on anybody using it?
I'm sure it's not just Xfinity, it's just that's what I'm using now and have now seen it with my own eyes. To be clear, I'm sure I signed something that allows them to do everything they are doing and I don't think anything they are doing is technically illegal (again, don't quote me on that).
Being upset at them, and telling them about it, is a good step. Fighting back is another. Internet access is vital, so you have to use something, but if you have an option, is there an ISP that doesn't do this available to you? Use them. Money talks.
Again, HTTPS solves this on a per-website basis. Jeff Atwood sums this up pretty well:
You have an unalienable right to privacy, both in the real world and online. And without HTTPS you have zero online privacy – from anyone else on your WiFi, from your network provider, from website operators, from large companies, from the government.
Using HTTPS means nobody can tamper with the content in your web browser. This was a bit of an abstract concern five years ago, but these days, there are more and more instances of upstream providers actively mucking with the data that passes through their pipes. For example, if Comcast detects you have a copyright strike, they'll insert banners into your web content … all your web content! And that's what the good guy scenario looks like – or at least a corporation trying to follow the rules. Imagine what it looks like when someone, or some large company, decides the rules don't apply to them?
The move to HTTPS is non-trivial, and introduces somewhat complicated dependencies. It's easy to forget to renew your certificate and break your entire website just like that. I'm not arguing against HTTPS (exactly the opposite), but you should know that it requires some upfront work and some diligent maintenance.
If you're on WordPress like me, I wrote up how I moved to all-HTTPS going on two years ago. It involved a little database work even, getting URL's pointing to the right places.
SSL certificates (the main prerequisite for HTTPS) also have traditionally cost money. No more! Let's Encrypt is here:
Lets Encrypt is a free, automated, and open Certificate Authority.
There is an in-progress WordPress plugin for it. Let's hope that gets off the ground. Just a few days ago I used the Let's Encrypt Plesk extention to put HTTPS on ShopTalk's website and it took me like 5 minutes. I'll have to write that up soon.
A community site to help site owners migrate to HTTPS with a simple tested process. Allowing you to filter the plan based on multiple platforms (WordPress, Magento, and more), hosting environments (cPanel, Apache, and more) along with the level of control / access you have over the site.
The 5x5 game is a logic puzzle: you are given a 5x5 grid with a central cross already filled-in; your goal is to fill all the cells by toggling them on and off in the right order to win. It’s not as easy as it sounds!
![[*disables social networking accounts*] [*social isolation increases*] Wait, why does this ALSO feel bad?](https://imgs.xkcd.com/comics/phone.png "[*disables social networking accounts*] [*social isolation increases*] Wait, why does this ALSO feel bad?")