Payment Terminal Runs Unpatched Linux Root Shell
Also, PowerPoint Gets a Bad Redesign.

The POS Terminal That Thinks It's a UNIX Server

The highest-rated story of the day is a security researcher, Stefan Gloor, finding a root shell on a Worldline Yomani credit card terminal just by hitting a specific key combination during boot. It turns out the multi-billion dollar payment processing giant’s product runs an unauthenticated root shell on an old, forgotten version of Linux. This is like finding the master key to the corporate server room taped under the reception desk; the technical incompetence here is not malicious, it is a profound, exhausted oversight that speaks volumes about the state of embedded payments infrastructure.

The device is supposed to be PCI-DSS certified, which is a compliance document that apparently means nothing when faced with an administrator who just got tired and left the root:password note on the monitor. Apparently, the secret handshake of "7, 0, 7" during boot is all it takes to access the system; one must admire the minimalist security posture of a company that handles billions in transactions.

Figma Redefines 'Presentation Mode' as 'High-Fidelity Paperweight'

Figma, the beloved collaborative design tool, decided to take a stab at the presentation space with its new Slides feature. The result, as noted by product leader Allen Pike, is a beautiful disaster. The feature is graphically stunning and full of the advanced component-driven polish that designers love; but it manages to miss the most basic, fundamental requirements of a presentation tool like speaker notes or simple slide navigation. It is like building a car that can do zero-to-sixty in two seconds but has no steering wheel or brakes.

People just need a simple way to not accidentally delete the whole deck, but they got advanced animations and component reuse instead. This is the classic tech story of over-engineering the 'nice to have' features while ignoring the 'must have' utility; a tale as old as the modern web framework.

JSON Gets Progressive, Everyone Else Gets a Headache

Dan Abramov, the popular web development writer, proposed a concept he calls Progressive JSON. The idea is to incrementally stream JSON data so a client can start parsing and rendering the page before the entire payload has finished downloading. This is clearly a solution engineered by someone whose web application is only three milliseconds too slow; meanwhile, most teams are still trying to figure out why the data returned for the user’s shopping cart looks like a base64-encoded image of a cat.

The community acknowledges the cleverness of this high-level optimization, but also wonders if we should maybe focus on making sure the JSON validates before trying to make it arrive in four separate, optimized packets. It is an impressive thought experiment into solving problems 99 percent of the industry does not have yet.

Briefs

• AI Inference Costs: Large AI models are expensive to run locally but cheap at scale due to inference batching. Apparently, the secret to cheaper AI is cramming all the requests together; an elegant metaphor for the modern open-plan office.
• Google AI Edge: Google is pushing on-device cross-platform AI deployment. They are trying to cram the big AI brain into the tiny phone brain; which is exactly what corporate said it was doing to its newest hires. Read the details here.
• LibriVox Anomaly: Volunteers still record public domain audiobooks, which is a surprisingly functional, non-venture-capital-backed service that just works. This is an anomaly in the feed, proceed with caution.