Sean Hollister, writing for The Verge (gift link):

If you’ve visited a cannabis club in Spain, [Sammy] Azdoufal says, chances are your photo ID was among them — and possibly your phone number, address, your favorite strains of cannabis, and how much you consumed each month while there. Azdoufal says celebrities are in the database, too, and visitors from all over the world, including 30,000 from the United States. “They have famous people,” says Azdoufal. “People who don’t want everyone to know they smoke weed.”

But when Azdoufal decompiled that PuffPal app, he explains in his report, he discovered that Nefos had no meaningful level of security. He discovered a secret key for the Stripe payments platform sitting inside the app in plain text. He discovered he could pull up any member’s profile just by changing one number. If those profiles included their phone number, home address, passport, and weed preferences, he now had access to them too.

And then, he discovered that those passports, drivers licenses, and photo IDs were stored at public URLs as simple as this: https://ccsnubev2.com/v8/images/_{club}/ID/{user_id}-front.jpg

Those clubs were uploading 5,000 new photo IDs with these insecure URLs every day, Azdoufal tells me.

Azdoufal’s full report on the leak, including the ease with which he discovered it, is worth reading.

Bruce Schneier:

Note what happened. A high-value credential — a passport — was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it’s the low-value system that got hacked, putting the high-value credential at risk.

Access to cannabis clubs has to be age verified. The security ought not be shit, but age verification is part of the industry. But now think about the legislation being proposed and passed around the world requiring age verification for just doing anything online. This sort of identity leaks is the inevitable result. And for a lot of these use cases for age verification, the security expertise is going to be even lower.

Sanders’s tweet is better punctuated and capitalized, but it’s the same argument as Trump’s. Zero economic sense, 100 percent ideological wishful thinking.

From the bottom of Rolfe Winkler’s report for The Wall Street Journal Thursday, on Apple’s unprecedented price increases (gift link):

Apple’s price hikes arrived the day after Micron Technology, the big American maker of memory and storage, reported blowout quarterly earnings, touting gross profit margins that topped 80%. Shares jumped 16% after the close and appeared likely to power a Thursday rally among semiconductor stocks. [...]

In an interview Wednesday night, Micron Chief Business Officer Sumit Sadana said the company couldn’t make investments during the memory market’s last downturn, when Micron’s gross profits went negative, in part because certain customers took advantage to pay rock-bottom prices.

“We told a couple of the customers who were being very aggressive with pricing at that time that this is not constructive,” he said, without naming Apple, adding that low prices discouraged capital investments. “A lot of the industry investments got shut down in 2023 because of really poor pricing and really poor margins.”

I overlooked this segment when I read (and linked to) Winkler’s report Thursday. It really does seem clear that Sadana is blaming Apple for not cutting Micron any slack when the supply/demand curve for RAM had a different look in 2023. I’m sure Micron’s current 80 percent margins are here to stay this time, so getting a few jabs in at Apple will never come back to bite Micron and Sadana.

From a September 2022 letter to then-Director of National Intelligence Avril Haines, co-signed by Marco Rubio (then a Republican senator from Florida, currently secretary of state) and Mark Warner (Democratic senator from Virginia):

We write to convey our extreme concern about the possibility that Apple Inc. will soon procure 3D NAND memory chips from the People’s Republic of China (PRC) state-owned manufacturer Yangtze Memory Technologies Co. (YMTC). Such a decision would introduce significant privacy and security vulnerabilities to the global digital supply chain that Apple helps shape given YMTC’s extensive, but often opaque, ties to the Chinese Communist Party (CCP) and concerning PRC-backed entities. In addition, we write to convey that any decision to partner with YMTC, no matter the intended market of the product offerings developed by such a partnership, would affirm and reward the PRC’s distortive and unfair trade practices, which undermine U.S. companies globally by creating significant advantages to Chinese firms at the expense of foreign competitors. Last year, the Biden Administration described YMTC as China’s “national champion memory chip producer,” which supports the CCP’s efforts to counter U.S. innovation and leadership in this space.

The “no matter the intended market of the product offerings” bit was a reference to Apple’s plan only to use Chinese RAM chips for iPhones sold in the Chinese market. I wouldn’t want Chinese RAM in my iPhone any more than I’d want to buy a “Chinese DSLR” as my camera.

Anyway, Apple’s 2022 attempt to get an OK for this went over like a lead balloon, meeting sharp bipartisan opposition. Rubio is today the most influential man in the Trump administration in foreign affairs.

Microsoft’s Xbox blog:

Effective August 1, 2026, we will be updating prices worldwide. The price of XBOX consoles will increase by US$100 for 512 GB models and US$150 for 1 TB models. We will also be sunsetting our 2 TB model.

Last October, we increased XBOX console price by $20-$70 in the U.S. We hoped another price increase would not be necessary, and we have spent the last several months working with suppliers on options. Unfortunately, console storage and memory prices have increased by more than 2.5× and we expect another doubling by the fall of 2027. The entire consumer electronics industry is struggling with the current components crisis, but the effects are particularly hard on consoles. Unlike phones, computers, speakers, and other consumer devices, consoles are typically not sold at a profit, but instead for less than they cost to make.

I’m not offended they’re increasing prices. I’m offended only that they want people to style “Xbox” in all caps. And cry me a river regarding that “typically not sold at a profit” line they love to pull out.

What’s most telling is that Microsoft is sunsetting the high-end Xbox model with 2 TB of storage, not the low-end 512 GB one. High-end configurations typically have the highest profit margins. Not in this crisis, however. That’s similar to the way that Mac Studios with the M3 Ultra are now only available with the base RAM configuration: 96 GB. When the M3 Ultra chip debuted in March 2025, Apple offered upgrades to 256 and 512 GB of RAM for $1,600 and $4,000 respectively. Now they don’t offer those tiers of RAM at any price. The only way to buy a Mac Studio with more than 96 GB of RAM is to buy a used one — which eBay sellers are offering for $25,000 to $30,000.