By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: July 10, 2019

Wednesday, 10 July 2019

Rip Torn, Actor Known for ‘The Larry Sanders Show’, Dies at 88 ★

Ross O. Lincoln, writing for The Wrap:

But it was the 1992-1998 HBO comedy “The Larry Sanders Show” for which Torn will be perhaps best remembered. For playing Artie, the doggedly loyal attack dog of a producer who runs the eponymous show and manages the fragile ego of its star, Torn was widely acclaimed. He received six Emmy nominations, winning once in 1996, and over the show’s run was also nominated for two American Comedy awards (winning one), an American Television Award, and four Cable Ace awards (winning one), among many other accolades.

One of the hardest things to do in cinema — whether movies or TV — is convey a palpable, credible sense of camaraderie. It takes great writing, great acting, and perfect casting. “The Larry Sanders Show” is, depending on my mood, my favorite TV show of all time. And the heart of the show was the unwavering friendship between Artie and Larry.

Mix up a salty dog and pour a scotch for Rip Torn.

Zoom Considers Their Major Security Vulnerability a Feature, Not a Flaw ★

Nicole Nguyen, reporting for BuzzFeed News:

Not only did Zoom allow attackers access to the video cameras of its Mac app users, but it also left its web server running in the background, even after the user uninstalled the Zoom app. BuzzFeed News also verified that the server also reinstalled the Zoom app when a meeting link was clicked, without notifying the user, if the Zoom app had been deleted from the machine.

Saitta criticized these behaviors, saying they are “not justifiable in these cases and come with significant risk.” She recommends that people remove Zoom from their systems and refrain from using the app until the company delivers a version without that always-on web server. “This is an excellent example of what my friend Deb Chachra calls ‘nonconsensual technology,’” she told BuzzFeed News. “It’s a sadly common attitude among tech companies that what the user wants can be ignored on a whim.”

Simply outrageous.

Zoom Is Disturbingly Dangerous Software ★

Jonathan Leitschuh:

This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user’s permission.

On top of this, this vulnerability would have allowed any webpage to DOS (Denial of Service) a Mac by repeatedly joining a user to an invalid call.

Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.

Any architecture that requires a localhost web server is questionable at best. (That means every Mac with Zoom installed is running a web server.) But the fact that Zoom implemented it in a way such that the web server was still there, still running, even when you deleted the Zoom app, is morally criminal, and should be legally criminal. No one who understands how this worked could possibly have thought this was ethical. Install the app, try the app, delete the app — you expect all traces of the app to be gone. Not only did Zoom leave something behind, it left behind a web server with serious security vulnerabilities. I’m not prone to histrionics but this is genuinely outrageous — not even to mention the fact that Leitschuh reported this to Zoom months ago and Zoom effectively shrugged its corporate shoulders.

If you ever installed Zoom, I’d go through the steps to eradicate it and never install it again.