Hackers have figured out how to create tickets that can be transferred – even when Ticketmaster doesn’t want them to outside its resale sites. CC-licensed photo by nerdy girl on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
There’s another post coming this week at the Social Warming Substack on Friday at 0845 UK time. Free signup.
A selection of 9 links for you. How much?! I’m @charlesarthur on Twitter. On Threads: charles_arthur. On Mastodon: https://newsie.social/@charlesarthur. Observations and links welcome.
Scalpers work with hackers to liberate Ticketmaster’s ‘non-transferable’ tickets • 404 Media
Jason Koebler:
»
A lawsuit filed in California by concert giant AXS has revealed a legal and technological battle between ticket scalpers and platforms like Ticketmaster and AXS, in which scalpers have figured out how to extract “untransferable” tickets from their accounts by generating entry barcodes on parallel infrastructure that the scalpers control and which can then be sold and transferred to customers.
By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removing the anti-scalping restrictions put on the tickets by Ticketmaster and AXS.
In the lawsuit, AXS said brokers are delivering “counterfeit” tickets to “unsuspecting consumers,” and that they are “created, in whole or in part by one or more of the Defendants illicitly accessing and then mimicking, emulating, or copying tickets from the AXS Platform.” The lawsuit accuses these services of hacking and states that AXS does not know how they are doing it. But the tickets themselves are often not counterfeit at all, and in the vast majority of cases, they scan as genuine.
Two security researchers we spoke to reverse engineered how Ticketmaster generates ticket barcodes and showed how scalpers can generate genuine tickets for concerts themselves. The system that works for Ticketmaster is also likely to work for AXS tickets, which use similar “rotating barcodes” that change every few seconds. After one of the researchers published their findings in February, brokers tried to hire the researcher to build ticket transfer services for them.
«
On this one, I’m all for the hackers: Ticketmaster (and AXS) are evil monopolies which rip off their customers in every and each way that they can. (Ticketmaster is owned by Live Nation, which had an operating income of $367m on revenue of $3.8bn in the most recent reporter quarter. Concerts are barely profitable; ticketing has 40% operating income margins.
unique link to this extract
French elections: political cyber attacks and Internet traffic shifts • Cloudflare
João Tomé:
»
As we highlighted last week, the first round of the French elections saw specific DDoS (Distributed Denial of Service) attacks targeting French political party websites. While online attacks are common and not always election-related, recent activities in France, the Netherlands, and the UK confirm that DDoS attacks frequently target political parties during election periods.
Two French political parties were attacked shortly before the first round of elections, and a third party was targeted on June 30. This third party, indicated in green on the chart below, faced attacks on the evening of June 29. Several attempts were thwarted by Cloudflare throughout election day, from 10:00 to 23:00 UTC (12:00 to 01:00 local time). The most intense attack occurred at 19:00 UTC (21:00 local time), reaching nearly 40,000 requests per second, with a total of 620 million DDoS requests recorded on that day (June 29).
Our data indicates that the most significant attack Cloudflare intercepted targeted a party shown in yellow on the chart above. The party had already been attacked on June 23, 2024, and this subsequent attack happened on July 3 at 21:36 UTC (23:36 local time), lasting four minutes and peaking at 151,000 requests per second (rps), making it the second-largest attack we’ve observed on political parties recently. This was comparable in intensity and duration to another attack on a UK political party right after their election.
On the runoff election day, July 7, the party represented by the blue line was again a target, having been attacked previously on June 24, 27, and 29. The most severe of these occurred on June 27, with attacks reaching 118,000 rps during a day that totaled 610 million daily DDoS requests. On July 7, the attacks resumed, with the first starting at 09:55 UTC (11:55 local time) and continuing sporadically until 23:18 UTC (01:18 local time on July 8). The peak of these attacks came at 11:40 UTC (13:40 local time), reaching 96,000 rps.
«
Here’s what I find puzzling: what’s the point? Why DDOS a party’s website? Who the hell goes there to find out anything at all?
unique link to this extract
Google Maps tests new pop-up ads that give you an unnecessary detour
Pranab Mehrotra:
»
Google Maps is testing a new ad format that could cause distractions while driving. It brings up a pop-up notification during navigation that covers the bottom half of the screen with an unnecessary detour suggestion.
Anthony Higman on X (formerly Twitter) recently spotted the new ad format during their commute. According to Higman, the ad popped up while passing a Royal Farms gas station, even though they did not search for a gas station or convenience store while setting their destination.
The ad has a Sponsored tag at the top of the card, followed by the name of the location, its review rating, and the estimated arrival time. It also includes two buttons to add it as a stop or cancel the suggestion.
Google appears to have borrowed this ad format from Waze, which has delivered similar ads for quite some time. User reports dating back to 2018 reveal that the banner ads in Waze popped up at the top of the screen while driving, but some say the ads only appeared while they were stationary.
«
This is just bonkers. Given how easy it is to distract drivers, and how they often have their phone in sight if they’re using it for navigation, this is dangerous.
unique link to this extract
Earth surpasses 1.5ºC of warming for twelve consecutive months • Los Angeles Times
Hayley Smith:
»
In a troubling milestone, June marked Earth’s 12th consecutive month of global warming at or above 1.5º Celsius — the internationally accepted threshold for avoiding the worst effects of climate change.
A stifling month marked by heat waves and heat deaths, June was also about a quarter of a degree warmer than the previous hottest June on record in 2023, according to a report from the European Union’s Copernicus Climate Change Service. It is the 13th straight month to break its own monthly heat record.
The planet’s persistent soaring temperature is “more than a statistical oddity and it highlights a large and continuing shift in our climate,” Copernicus’ director Carlo Buontempo said in a statement.
“Even if this specific streak of extremes ends at some point, we are bound to see new records being broken as the climate continues to warm,” he said. “This is inevitable, unless we stop adding [greenhouse gases] into the atmosphere and the oceans.”
The 1.5ºC threshold, about 2.7º Fahrenheit, was established under the 2015 Paris agreement. Under that accord, the United States and nearly 200 other nations agreed to limit the global average temperature increase to a maximum of 2ºC over pre-industrial levels — and preferably below 1.5ºC — in order to reduce the worst effects of climate change.
…The unprecedented year-long stretch is “very noteworthy and disturbing,” said Brenda Ekwurzel, a senior climate scientist with the Union of Concerned Scientists, a national nonprofit organization.
«
In India, buyers want refunds for 2016 Tesla car deposits • Rest of World
Ananya Bhattacharya:
»
When Tesla allowed Indians to get their hands on its wildly popular electric cars for the first time, Vishal Gondal was among the first to grab the opportunity.
Within hours after the company opened its pre-booking portal for India in April 2016, Gondal, a fan of Elon Musk and Tesla, paid $1,000 (then 66,237 rupees) to pre-book the Tesla Model 3. At the time, there was no clarity on what the car would eventually cost in India or when the company would start delivering the vehicle to the country. But Gondal, who had driven a Tesla in the U.S. earlier, was swept with excitement.
For almost seven years after that, Gondal, founder and CEO of health-tech startup GoQii, patiently waited for his Model 3. By 2023, when there was still no sign of the car, he decided to cancel his booking — and that was the start of another ordeal.
Gondal had to chase Tesla’s India executive over emails for six months before he received his refund in June 2023. “There was no communication, no emails. And even years later, there was no apology [from the company],” he told Rest of World.
Tesla still does not sell its cars in India — the third-largest auto market in the world.
«
Seven years? That’s a lot of patience. But surely that’s tanked Tesla’s reputation in the country.
unique link to this extract
The climate is falling apart. Prepare for the push alerts • The Atlantic
Zoë Schlanger:
»
Last July, I was living in Montreal when an emergency push alert from Canada’s environmental agency popped up on my phone, accompanied by a loud alarm. It had been raining ferociously that afternoon, and the wind was picking up. The alert warned of something worse—a marine tornado, which “are often wrapped in rain and may not be visible”—and ordered, “Take cover immediately if threatening weather approaches.”
I looked outside. The wind was howling louder now, and the sky was a strange gray. Radio signal was dipping in and out. I knocked on the ground-floor neighbor’s door to shelter there. This particular tornado spared Montreal, touching down about 30 miles northwest of the city. But the alert worked: We took measures to protect ourselves.
I took a screenshot of that push alert—a memento from this moment in which extreme weather is increasing. Climate change is here; these are the emergencies that come with it. Each push alert marks the distance we’re closing between the previous range of normal activity and the future that scientists warned us of.
I got another push alert this June, now living in a different city: “New York City USA Heat Wave: Please Take Precautions.” This one came from an air-quality-monitoring app I’d downloaded—not from any governmental agency. A colleague got a similar alert from the National Weather Service through his Alexa app warning about degraded air quality, the result of ground-level ozone, which commonly forms in overheated cities. We both took a screenshot of the message we received. They still feel novel, for now.
But as climate change progresses and extreme events mount, these alerts will keep coming. Eventually, certain climate-related extreme weather events may become so repetitive that their danger—though no less threatening—might cease to feel exceptional. Some call this human quirk “shifting baseline syndrome.” Emergency managers call it “alert fatigue.” It may be one of the biggest problems facing their field as climate disasters mount.
«
Apple reverses course to approve Epic Games Store in EU • The Register
Richard Speed:
»
Apple performed an abrupt U-turn over the weekend to approve the Epic Games Store in the European Union.
The volte-face came after a lengthy tirade from Epic at the end of last week. The company stated that its Epic Games Store notarization had been twice rejected by Apple amid claims that the company’s “Install” button looked a bit too much like Apple’s “Get” button and the in-app purchases label was too close to Apple’s own.
Epic Games said: “Apple’s rejection is arbitrary, obstructive, and in violation of the DMA, and we’ve shared our concerns with the European Commission.”
The European Commission recently launched a fresh probe into the fees and terms that Apple imposes on developers as part of its efforts to comply with the European Digital Markets Act (DMA).
If Apple fails to comply with the DMA, it could face fines of up to 10% of its global annual revenue.
However, the situation is murky. While Epic Games was quick to boast that its store notarization submission had now been accepted, it took issue with claims that Apple still wanted it to change its user interface in a future version, presumably to deal with those pesky buttons.
«
They’re just never going to be on each other’s Christmas card list, are they.
unique link to this extract
Why are US city housing costs so high? The elevator can explain why • The New York Times
Stephen Smith:
»
My mission to understand the American elevator began in 2021 when I came down with a crippling post-viral illness. The stairs to my third-floor Brooklyn walk-up apartment would leave me dizzy and winded, my ears ringing, heart beating out of my chest. At 32, I’d joined the 12% of Americans who report “serious difficulty” with stairs. On bad days, I became a prisoner in my own home.
A few months later, visiting Bucharest, I rode the elevator in my mother’s five-story building. A developer in a much poorer Eastern European country could afford to include an elevator, but the developer of my luxury five-story building in Brooklyn, built 25 years after the passage of the Americans with Disabilities Act, could not? I quit my job in real estate and started a nonprofit focused on building codes and construction policy.
Through my research on elevators, I got a glimpse into why so little new housing is built in America, and why what is built is often of such low quality and at high cost. The problem with elevators is a microcosm of the challenges of the broader construction industry — from labor to building codes to a sheer lack of political will. These challenges are at the root of a mounting housing crisis that has spread to nearly every part of the country and is damaging our economic productivity and our environment.
Elevators in North America have become over-engineered, bespoke, handcrafted and expensive pieces of equipment that are unaffordable in all the places where they are most needed. Special interests here have run wild with an outdated, inefficient, overregulated system. Accessibility rules miss the forest for the trees. Our broken immigration system cannot supply the labour that the construction industry desperately needs.
«
It’s a fascinating rant about how regulation and NIH (not invented here) has strangled the life out of the business.
unique link to this extract
Voter ID rule may have stopped 400,000 taking part in UK election, poll suggests • The Guardian
Peter Walker:
»
More than 400,000 people may have been prevented from voting in the general election because they lacked the necessary ID, with those from minority ethnic communities more than twice as likely to have experienced this, polling has suggested.
Of those surveyed by More In Common, 3.2% said they were turned away at least once last Thursday, which if reflected across the UK would equate to more than 850,000 people. Of these, more than half said they either did not return or came back and were still unable to vote.
Among people turned away at least once, about a third had ID that was not on the relatively narrow list of permitted documents; about a quarter said the name on their ID was different to that on the electoral register; and 12% said they were told the picture on the ID did not match their appearance.
The poll of more than 2,000 people across Great Britain, coordinated by the campaign group Hope Not Hate, also indicated that the voter ID rules, used last week for the first time at a general election, disproportionately affected minority ethnic people.
It found that 6.5% of voters of colour were turned away from a polling booth at least once, compared with 2.5% of white voters.
The rule that voters must show photo ID was introduced by the Conservative government as part of its 2022 Elections Act, despite minimal evidence that in-person voter fraud was a significant problem.
…The polling found that 6% of people said the ID requirements had affected their decision on whether or not to vote and that they then did not vote, which if reflected nationally could mean up to 2.8 million people not voting when they might otherwise have done.
«
Turnout was down at just under 60%; a total of 28.8m votes, from a registered population of 48.2m.
unique link to this extract
| • Why do social networks drive us a little mad? • Why does angry content seem to dominate what we see? • How much of a role do algorithms play in affecting what we see and do online? • What can we do about it? • Did Facebook have any inkling of what was coming in Myanmar in 2016? Read Social Warming, my latest book, and find answers – and more. |
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 
“Why DDOS a party’s website?”
To show who is in charge.