Start Up No.914: “Alexa, microwave!”, the threat to Sonos, PC market to grow?, Huawei gets AirPoddy, get rich on bugs, and more

What’s filling your RAM? Probably a to-do list and a notepad app. Why, though? Photo by osde8info on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. Because it’s Friday. I’m @charlesarthur on Twitter. Observations and links welcome.

Amazon’s Alexa-enabled microwave hands-on: it cooks but does not speak • The Verge

Dieter Bohn:


The way the Alexa integration works is pretty clever: when you set it up, it will get paired to your Alexa system as “the microwave,” and then you can command Alexa to, you know, cook stuff. There are very few buttons on the microwave because all the presets for various food types have been stored in Amazon’s cloud instead.

There is an Alexa button on the microwave, and it does two things: it turns on the microphone on one of your Echo speakers so you don’t have to use the “Alexa” wake word, and, more importantly, it sends a signal so that whatever you’re about to say will be in the context of controlling the microwave. For example, you can hit the button and just say “stop,” and it’ll stop the microwave. (How this is more efficient than just hitting the stop button is unclear.)

The fun feature is the popcorn, though. When you set it up for the first time, you’ll have an option to sign up for a subscription to buy microwave popcorn from Amazon. Then, as you pop it, Alexa will keep track of how many times you have said, “Alexa, make popcorn,” and it’ll reorder automatically when you’re running low. There’s also a popcorn button on the device.

Is all this worth $59.99? Sure, it’s a pretty dead-ahead 700W microwave after all. It’s black and boxy and simple. I don’t have a lot more to tell you about the hardware. It has a rotating tray on the inside. There are vents and a metal enclosure. It ships on November 14th.


Bohn meets the ultimate gadget that is beyond the capabilities of tech reviewing. Whether it’s secure… one has to hope so.
link to this extract

Amazon Echo subwoofer and Alexa-capable smart plug may be on the way • Ars Technica

Valentina Palladino:


Amazon seems to have given us a glimpse into some of its new, unreleased products. Listings on Amazon UK show a new Echo Sub, a subwoofer designed to work with Echo speakers, and a new Amazon Smart Plug, a socket adapter with Alexa capabilities, both with an availability date of October 11. Amazon has since removed the listings, but reports from Pocket-lint show images and details of the two new devices.

The Echo Sub looks like a fatter version of Amazon’s Echo speaker, almost like a clone of Apple’s HomePod. The wireless subwoofer includes a 6-inch down-firing woofer and 100W of bass, tech that would certainly improve the quality of existing Echo speakers. Some complained after Amazon released the updated version of the original Echo last year, claiming its sound quality was subpar.

Listed within the device’s description is stereo pairing, a feature that hasn’t been available to Echo speakers yet. Currently, users can only group multiple speakers together to fill a room with sound, but they won’t get that rich, complex left/right stereo sound. It appears that will be possible with the Echo Sub connected to two compatible Echo devices.


Stereo pairing and subwoofers are all becoming standard very rapidly: Sonos might have something to worry about. After years in which its combination of sound quality, streaming capability and variety set it apart, it’s being caught up at the top and bottom by Apple and Amazon. Is there room for it in the middle?

link to this extract

Global PC market to halt decline in 2019 as APAC leads with 1% growth • Canalys


The worldwide PC market will enjoy a slight recovery in 2019, with shipments of desktops, notebooks and two-in-ones set for 0.3% growth after seven years of decline. APAC will be a key driver as the industry turns to the region in the face of falling demand in Europe and China. PC shipments to Asia Pacific will overtake those to Western Europe by 2021.

“Windows 10 refresh will continue to be the main driver of commercial demand for PCs in 2019,” said Canalys Chief Analyst Alastair Edwards. “This will be buoyed by strong economic performance and business spend in the United States, the largest PC market in the world, as well as a continued global push to upgrade on the back of heightened IT security concerns. Furthermore, 2019 is likely to bring about an easing of component supply constraints that have recently plagued the industry. Intel and its partners have admitted that tight supply of 14 nanometer processors will delay PC shipments this year, while DRAM shortages will start to ease toward the end of 2018, with the effects to be felt next year. Pent-up demand from this year will boost growth in 2019 as these issues are resolved.”


One% growth! Hang out more flags!
link to this extract

E.U. justice commissioner quits Facebook, describing her experience as ‘channel of dirt’ • The Washington Post

Hamza Shaban:


The European Commissioner for justice, consumers and gender equality shut down her Facebook account, describing her experience on the social network as a “channel of dirt.”

At a news conference Thursday in Brussels, Vera Jourova said that she received an “influx of hatred” on the popular platform and decided to cancel her account as a result.

“I don’t want to avoid communication with people, even with critical people,” she said, noting her decision to leave Facebook was not to avoid public criticism. Her mailbox is filled with critical comments, she said, and she responds to those people who don’t use vulgar language. “This is my nature, I speak to everybody who wants normal, honest, descent communication.” Euractiv earlier reported on Jourova’s remarks.

Facebook did not immediately respond to a request for comment.


…but she’s staying on Twitter.
link to this extract

Android and Google Play Security Rewards Programs surpass $3M in payouts • Google Online Security Blog

Jason Woloz and Mayank Jain are on the Android Security & Privacy team:


In the ASR program’s third year, we received over 470 qualifying vulnerability reports from researchers and the average pay per researcher jumped by 23%. To date, the ASR program has rewarded researchers with over $3M, paying out roughly $1M per year.

Here are some of the highlights from the Android Security Rewards program’s third year:
• There were no payouts for our highest possible reward: a complete remote exploit chain leading to TrustZone or Verified Boot compromise.
• 99 individuals contributed one or more fixes.
• The ASR program’s reward averages were $2,600 per reward and $12,500 per researcher.
• Guang Gong received our highest reward amount to date: $105,000 for his submission of a remote exploit chain.


That’s quite a healthy average payout; some way short of earning a living, but if you were to do this across multiple platforms (Google, Facebook, Twitter, Uber, Apple, Microsoft all have bug bounty programs, as do others) then you could.

The question is, is the value of these exploits as paid by Google greater than their market value?
link to this extract

Apple’s new strategy: sell pricier iPhones first • WSJ

Tripp Mickle, Yoko Kubota and Takashi Mochizuki:


This year, according to people familiar with Apple’s production plans, the company prioritized production of its two pricier OLED models, the iPhone XS and XS Max, whose prices start at about $1,000. Both will hit stores Friday, followed five weeks later by the least expensive new model, the XR, which has an LCD screen and a starting price of $749.

The staggered release gives Apple a month to sell the higher-end models without cheaper competition from itself. It also simplifies logistics and retail demands and could strengthen Apple’s ability to forecast sales and production of all three models through the Christmas holidays, analysts and supply chain experts said.

“It’s sort of a Dutch auction,” said Josh Lowitz, co-founder of research firm Consumer Intelligence Research Partners, referring to the practice of starting with a high asking price, then lowering it until a buyer accepts. “The people who are most committed will pay to get early access. Then you get to the people who are making a choice and may settle for the $750 phone. This could become the new normal.”


It does seem pretty obvious that you’d offer the priciest phone first, so you can mop up all the eager buyers. But you can’t just write a story speculating that for the WSJ; you need to actually ask the people who know. Which is what they did. After the iPhone 8 last year, and the iPhone 5C v 5S in 2013, Apple seems to have figured out what it’s doing. Though it seems odd if it really took that much figuring out.
link to this extract

That Apple wireless AirPod charging case is delayed, so Huawei is making one instead • BGR

Chris Mills:


Roland Quandt, a mobile device leaker with a strong track record, shared images of two upcoming Huawei products on Twitter earlier today.

In more images, he shows off the Freebuds 2 Pro, which look like a nearly perfect AirPods knockoff. According to Quandt, the Freebuds have three hours of listening, extended to 20 hours with charges from the case, just like the AirPods.

Unlike the AirPods, however, it seems that the Freebuds 2 Pro case has Qi wireless charging built in, as demonstrated in the image. More…usefully, the case can also be charged wirelessly from the Huawei Mate 20 Pro smartphone, if you desperately need more juice while on the go. The case can also charge via USB-C if you prefer.


That is such a shameful ripoff. Could Huawei really not think of any other design? Seriously? After two years?
link to this extract

Apple gives you a TRUST rating – and it’s based on your phone call and email habits • The Sun

Sean Keach:


Apple builds a score based on the number calls and emails you send and receive – to help spot fraudulent transactions made using your device.

“To help identify and prevent fraud, information about how you use your device, including the approximate number of phone calls or emails you send and receive, will be used to compute a device trust score when you attempt a purchase,” Apple explained. “The submissions are designed so Apple cannot learn the real values on your device. The scores are stored for a fixed time on our servers.”

So how does it actually work? Apple has a bunch of different anti-fraud systems in place to work out whether payments you make are legitimate.

One of these, added in the new iOS 12 update, is a numeric trust score that’s associated with your device. This score is sent directly to Apple when you make a purchase.

The data used to create the score – including the number of phone calls you’ve made – is only ever stored on your device.

Importantly, when Apple sees the score, it doesn’t see the contents of your communications. It’s not reading your emails, for instance. These scores are also encrypted in transit, which means anyone who managed to intercept them would only see gibberish. Apple says it holds onto the scores for a limited period of time, although it’s not clear how long that is.


Clever. It all goes into a single number.
link to this extract

Software disenchantment •

Nikita Tonsky is in software development:


Look around: our portable computers are thousands of times more powerful than the ones that brought man to the moon. Yet every other webpage struggles to maintain a smooth 60fps scroll on the latest top-of-the-line MacBook Pro. I can comfortably play games, watch 4K videos but not scroll web pages? How is it ok?

Google Inbox, a web app written by Google, running in Chrome browser also by Google, takes 13 seconds to open moderately-sized emails.

It also animates empty white boxes instead of showing their content because it’s the only way anything can be animated on a webpage with decent performance. No, decent doesn’t mean 60fps, it’s rather “as fast as this web page could possibly go”. I’m dying to see web community answer when 120Hz displays become mainstream. Shit barely hits 60Hz already.

Windows 10 takes 30 minutes to update. What could it possibly be doing for that long? That much time is enough to fully format my SSD drive, download a fresh build and install it like 5 times in a row.

Modern text editors have higher latency than 42-year-old Emacs. Text editors! What can be simpler? On each keystroke, all you have to do is update tiny rectangular region and modern text editors can’t do that in 16ms. It’s a lot of time. A LOT. A 3D game can fill the whole screen with hundreds of thousands (!!!) of polygons in the same 16ms and also process input, recalculate the world and dynamically load/unload resources. How come?


link to this extract

Are New York’s free LinkNYC internet kiosks tracking your movements? • The Intercept

Ava Kofman:


Plans to replace the city’s payphone booth network with Wi-Fi-enabled kiosks were first announced by de Blasio in 2014. Less than a year later, the city awarded a contract to a chameleon-like consortium of private companies known as CityBridge. It was an attractive deal: LinkNYC kiosks, at no cost to the city, would provide free internet coverage to anyone walking by. CityBridge, in turn, would be responsible for the installation, ownership, and construction of the devices, with plans to earn back its expenses through advertising. The twin 55in displays will eventually carry targeted ads derived from the information collected about kiosk users.

These terms raised alarms among internet researchers and privacy experts, who were quick to point out that nothing in life is truly free. “As we know,” Benjamin Dean, a technology policy analyst, told attendees at a New York hacking conference in 2016, “When you’re not paying, you’re not the customer — you’re the product.”

The key player in CityBridge is known as Intersection, and one of Intersection’s largest investors is Sidewalk Labs, with whom it also shares the same offices and staff. Sidewalk Labs CEO Daniel Doctoroff is the chair of Intersection’s board. Sidewalk Labs is owned by Google’s holding company, Alphabet Inc. In other words, the plan to blanket New York City with 7,500 camera-equipped obelisks has been largely underwritten by the company formerly known as Google — a corporation whose business model depends on selling your personal information to advertisers.


link to this extract

Whatever happened to the Semantic Web? • Two Bit History

Sinclair Target:


the Semantic Web we were promised has yet to be delivered. In 2018, we have “agents” like Siri that can do certain tasks for us. But Siri can only do what it can because engineers at Apple have manually hooked it up to a medley of web services each capable of answering only a narrow category of questions. An important consequence is that, without being large and important enough for Apple to care, you cannot advertise your services directly to Siri from your own website. Unlike the physical therapists that Berners-Lee and his co-authors imagined would be able to hang out their shingles on the web, today we are stuck with giant, centralized repositories of information. Today’s physical therapists must enter information about their practice into Google or Yelp, because those are the only services that the smartphone agents know how to use and the only ones human beings will bother to check. The key difference between our current reality and the promised Semantic future is best captured by this throwaway aside in the excerpt above: “…appointment times (supplied by the agents of individual providers through their Web sites)…”

In fact, over the last decade, the web has not only failed to become the Semantic Web but also threatened to recede as an idea altogether. We now hardly ever talk about “the web” and instead talk about “the internet,” which as of 2016 has become such a common term that newspapers no longer capitalize it. (To be fair, they stopped capitalizing “web” too.) Some might still protest that the web and the internet are two different things, but the distinction gets less clear all the time. The web we have today is slowly becoming a glorified app store, just the easiest way among many to download software that communicates with distant servers using closed protocols and schemas, making it functionally identical to the software ecosystem that existed before the web. How did we get here?


link to this extract

Meituan IPO fact-checks Mobike’s fanciful numbers • Bloomberg

Tim Culpan:


Compare the details in the prospectus with statements made in press releases and the divergence is striking. 

Consider user numbers.

In a December press release, Mobike claimed 200 million users worldwide. That figure has been repeated often, with the most recent example I could find coming in July.

Meituan’s prospectus says otherwise:


With 48.1 million Active Bike Users, 7.1 million Active Bikes and over 1.0 billion rides completed in the four months ended April 30, 2018, Mobike is a leading player in bike-sharing.


Let’s skip past the fact that Mobike was claiming nine million bikes, not the actual 7.1 million, and look at that last data point: 1 billion rides.

In October, Bloomberg cited Mobike’s statement that it was “the clear leader in the global bikesharing industry,  supporting 30 million rides in 180 cities around the world every single day” (emphasis added). Just a month earlier it was telling the world it “supports over 20 million rides every day” (emphasis added). 

With 119 days during the period cited in Meituan’s prospectus, Mobike was actually averaging 8.4 million trips daily — 70% fewer than it had been claiming.


I get the feeling that Culpan is tired of being lied to by these companies. So the fact that their prospectus has to be truthful is amusing.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up No.913: the crypto wild west, the Circle’s catfish game, Magecart strikes again, Nest looks to health, Google’s new tablet?, and more

Is note-taking app Evernote in a “death spiral”? Photo by Leif Harboe on Flickr.

A selection of 10 links for you. Get that ring of confidence. I’m @charlesarthur on Twitter. Observations and links welcome.

Time to regulate bitcoin, says Treasury committee report • The Guardian

Angela Monaghan:


Bitcoin and other cryptocurrencies are “wild west” assets that expose investors to a litany of risks and are in urgent need of regulation, MPs on the Treasury select committee have said.

The committee said in a report that consumers were left unprotected from an unregulated industry that aided money laundering, while the government and regulators “bumble along” and fail to take action.

The Conservative MP Nicky Morgan, the chair of the committee, said the current situation was unsustainable.

“Bitcoin and other crypto-assets exist in the wild west industry of crypto-assets. This unregulated industry leaves investors facing numerous risks,” Morgan said. “Given the high price volatility, the hacking vulnerability of exchanges and the potential role in money laundering, the Treasury committee strongly believes that regulation should be introduced.”


The report is on the Parliament site, and doesn’t pull its punches. How do you regulate? Introduce anti-money laundering measures – basically, get people to explain where large amounts of arriving (fiat) money come from.
link to this extract

Nest’s digital health ambitions revealed in records from secretive purchase of Seattle startup Senosis • GeekWire

Nat Levy and Todd Bishop:


Nest’s ambitions are revealed in internal communications and financial documents released by the University of Washington in response to a public records request related to the sale of Senosis Health, a UW spinout focused on smartphone-based health monitoring systems. GeekWire made the records request last year, shortly after breaking news of Google’s acquisition of Senosis, but received the documents only recently, after the university worked with Google officials and others to determine what could be released.

The documents show that Nest acquired Senosis to bolster its digital health capabilities, shedding new light on a deal that to this day hasn’t been acknowledged publicly. If it follows through on the plans, Nest would join a growing number of major tech brands moving into health technology.

RELATED: Google buys Seattle health monitoring startup Senosis, bolstering digital health push
The majority of the communication is between UW, Senosis and Google officials, and the search giant appears on many of the documents related to the acquisition. Financial information such as the purchase price and other sensitive details were redacted. However, the documents clearly show that Nest — which Google acquired in 2014 for $3.2 billion — was in fact the buyer of Senosis, which went by the legal name Bilicam LLC.

Nest has gone to great lengths to keep its involvement secret, records show, telling personnel not to utter the company’s name and barring UW from immediately publicizing the sale.


Oops! Also: the health space is starting to get crowded. Notable: Senosis is a smartphone-based product. Does that mean Nest rolling into Android? Or what?
link to this extract

John Hancock will include fitness tracking in all life insurance policies • VentureBeat


John Hancock, one of the oldest and largest North American life insurers, will stop underwriting traditional life insurance and instead sell only interactive policies that track fitness and health data through wearable devices and smartphones, the company said on Wednesday.

The move by the 156-year-old insurer, owned by Canada’s Manulife Financial, marks a major shift for the company, which unveiled its first interactive life insurance policy in 2015. It is now applying the model across all of its life coverage.

Interactive life insurance, pioneered by John Hancock’s partner the Vitality Group, is already well-established in South Africa and Britain and is becoming more widespread in the United States.

Policyholders score premium discounts for hitting exercise targets tracked on wearable devices such as a Fitbit or Apple Watch and get gift cards for retail stores and other perks by logging their workouts and healthy food purchases in an app.


Ever so faintly creepy.
link to this extract

Equifax IT staff had to rerun hackers’ database queries to work out what was nicked – audit • The Register

John Dunn:


Equifax was so unsure how much data had been stolen during its 2017 mega-hack that its IT staff spent weeks rerunning the hackers’ database queries on a test system to find out.

That’s just one intriguing info-nugget from the US Government Accountability Office’s (GAO) report, Actions Taken by Equifax and Federal Agencies in Response to the 2017 Breach, dated August but publicly released this month.

During that attack, hackers broke into the credit check agency’s systems, getting sight of highly personal information on roughly 150 million people in America plus 15 million Brits, and others.

Computer security breaches are rarely examined in this much detail, however, several departments of the US government are Equifax customers, which meant the Feds wanted the GAO to convince them it’s not going to happen again.

The cyber-break-in happened on May 13 when criminals started exploiting a vulnerability in the Apache Struts 2 framework running on Equifax’s online portal. The company didn’t clock it until July 29. However, the report confirmed that failing to patch this flaw earlier was not the only screw-up.


And yet they still had the chutzpah to offer people “one year’s free protection” on their accounts, chargeable after that. A great way to drum up business. (That bit wasn’t a screw-up. It was intentional greed.)
link to this extract

Pictures leak of the “Google Home Hub,” Google’s version of a smart display • Ars Technica

Ron Amadeo:


Google’s big hardware event is coming October 9, and we’re getting a clearer picture of what to expect from the show as the days go by. The event is promoted as the “Pixel 3 launch event,” but the company’s previous two hardware events featured five or more product announcements. Besides the Pixel 3, a Pixelbook 2 is a good option, and with the launch of Google’s Smart Display software on third-party hardware earlier this year, it seems inevitable that we’ll soon see a first-party Google Smart Display.

As luck would have it, today MySmartPrice has scored pictures of the “Google Home Hub,” a product that is clearly Google’s flagship hardware for its Smart Display software. The device has a 7-inch touchscreen and basically looks like a 16:9 tablet mounted to Google Home Max. Some of the pictures, which look like a leaked store listing, show a few more specs: 802.11ac Wi-Fi at 2.4 and 5GHz, Bluetooth, an “Ambient light and color sensor,” a “full-range speaker for crystal clear sound,” and “far-field voice recognition.” The listing shows the display available in two colors (“chalk” and “charcoal”), with Google’s traditional mute switch on the back and what looks to be a video chat camera on the front.


How is a device like this any different from a mounted tablet with a good speaker?
link to this extract

Trump’s tariffs won’t bite Apple, illustrating Tim Cook’s political sway • The Washington Post

Tony Romm and Damian Paletta:


Apple chief executive Tim Cook has been one of President Trump’s staunchest critics in Silicon Valley, opposing the White House on immigration, climate change and more.

But the 57-year-old tech leader has also become one of the technology industry’s savviest political operators — a behind-the-scenes Trump whisperer, able to shape some of the administration’s economic policies in ways that benefit Apple and some of its tech peers.

Those efforts seemed to pay off Monday, after Trump unveiled tariffs on roughly $200 billion in goods imported from China, the latest salvo in the trade war Washington is waging against Beijing. The initial list of imports the White House had threatened to penalize included some of Apple’s best-known products, the company said earlier this month, such as its recently updated Apple Watch smartwatch, HomePod home assistant and AirPods wireless headphones (but not the iPhone). On Monday evening, though, those products were spared. Thousands of other imports weren’t so lucky, and Americans could soon be paying more for such things as refrigerators and toys.


link to this extract

Magecart strikes again: Newegg in the crosshairs • Volexity


In another brazen attack against a major online retailer, the actors behind Magecart have struck the eCommerce operations of the popular computer hardware and electronics retailer Newegg. With this latest attack, joins the ranks of high-profile eCommerce websites that have fallen victim to the financial theft group. Based on findings recently published by RiskIQ, Magecart was identified as being responsible for a recently publicized breach claiming upwards of 380,000 victims that had used the British Airways website or mobile application. As it turns out, a nearly identical data theft campaign was being carried out against Newegg at the same time. In fact, it appears the Newegg compromise may have started nearly a week earlier.

Volexity was able to verify the presence of malicious JavaScript code limited to a page on presented during the checkout process at Newegg. The malicious code specifically appeared once when moving to the Billing Information page while checking out.  This page, located at the URL, would collect form data, siphoning it back to the attackers over SSL/TLS via the domain


I’m not sure I would call it “brazen” – it’s very subtle. “” was created on 13 August and the siphoning of data began three days later. These guys are very organised and very dangerous. The script was running on the site for a month; that’s a lot of lost data.

In brief: Javascript considered harmful.
link to this extract

The Circle says a lot more about the evils of reality TV than it does about social media • New Statesman

Mic Wright:


“What if phones, but too much.” Daniel Ortberg’s six-word description of Black Mirror ended up reflexively inspiring “Playtest”, an episode in the programme’s third season. That joke could also have been the entire pitch for Channel 4’s latest reality TV show dolled up in the clothes of a social experiment, The Circle, in which a collection of the usual reality TV stereotypes are placed in apartments and encouraged to catfish their fellow contestants in the hope of winning £50,000. The first episode, which went out last night, introduced us to the cast, which includes a digital marketer pretending to be an oncologist (“They didn’t even question it!” she crowed in delight) and a gay man pretending to be an odious straight lad, with a recently deceased dog (he also delighted when the others fell for this ruse).

The Circle’s hook is that unlike its reality TV antecedents, such as Big Brother, which is shivering its way to an overdue demise with a final series on Channel 5, face-to-face conflict isn’t on the menu. Instead, the participants are each sequestered in their own apartment and forced to communicate via a bespoke social network that comes off like the unholy love child of LinkedIn, Twitter and Instagram with an unpalatable pinch of Tinder thrown in. The conclusion of episode one ended with a particularly uncomfortable date conducted via private message between a barman from Norwich and what he thought was a pretty young woman, but was in fact another young guy using his girlfriend’s pictures to aid him in the quest for the cash.


Circles within circles: this sounds like the basic outline for a Black Mirror episode. No wonder Charlie Brooker is finding new episodes increasingly challenging to write: we’ve gone beyond navel-gazing to ourobouros to some place of infinitely reflecting mirrors.

Although I liked this detail:


The pacing is deathly slow, as contestants dictate their messages to the Circle (which we’re led to believe is voice-activated but is patently the work of put-upon researchers hunched over keyboards) and read out replies. All this as the moral is tediously repeated: You never know who you’re talking to online.


link to this extract

The Mirai botnet architects are now fighting crime with the FBI • WIRED

Garrett Graff:


Josiah White, Paras Jha, and Dalton Norman, who were all between 18 and 20 years old when they built and launched Mirai, pleaded guilty last December to creating the malware. Mirai, which hijacked hundreds of thousands of internet-of-things devices and united them as a digital army, began as a way to attack rival Minecraft videogame hosts, but it evolved into an online tsunami of nefarious traffic that knocked entire web-hosting companies offline. At the time, the attacks raised fears amid a presidential election targeted online by Russia that an unknown adversary was preparing to lay waste to the internet…

…In a separate eight-page document, the government lays out how, over the 18 months since the FBI first made contact with the trio, they have worked extensively behind the scenes with the agency and the broader cybersecurity community to put their advanced computer skills to noncriminal uses. “Prior to even being charged, the defendants have engaged in extensive, exceptional cooperation with the United States Government,” prosecutors wrote, saying that their cooperation was “noteworthy in both its scale and its impact.”

As it turns out, the trio have contributed to a dozen or more different law enforcement and security research efforts around the country and, indeed, around the globe. In one instance, they helped private-sector researchers chase what they believed was an “advanced persistent threat” from a nation-state hacking group; in another, they worked with the FBI in advance of last year’s Christmas holiday to help mitigate an onslaught of DDoS attacks. Court documents also hint that the trio have been engaged in undercover work both online and offline, including traveling to “surreptitiously record the activities of known investigative subjects,” and at one point working with a foreign law enforcement agency to “ensur[e] a given target was actively utilizing a computer during the execution of a physical search.”

The government estimates that the trio have already collectively logged more than 1,000 hours of assistance, the equivalent of half a year of full-time employment.


So that’s positive, sort of. More details at the US Justice Department site.
link to this extract

Evernote just slashed 54 jobs, or 15% of its workforce • TechCrunch

Connie Loizos:


It’s no secret that Evernote, the productivity app that lets people take notes and organize other files from their working and non-work life, has been trying to regain its former footing as one of the most popular apps in the U.S., and that doing so has been an ongoing struggle.

Just two weeks ago, we reported that Evernote had lost several of its most senior executives, including its CTO Anirban Kundu, CFO Vincent Toolan, CPO Erik Wrobel and head of HR Michelle Wagner.

Now, Chris O’Neill — who took over as CEO of Evernote in 2015 after running the business operations at the Google X research unit — is sharing more demoralizing news with employees. To wit, he’s firing dozens of them. At an an all-hands meeting earlier today, he told gathered staffers that Evernote has no choice but to lay off 54 people —  roughly 15% of the company’s workforce — and to focus its efforts instead around specific functions, including product development and engineering.

…a person who tipped TechCrunch off to the executive departures two weeks ago characterized Evernote as “in a death spiral,” saying that user growth and active users have been flat for the last six years and that the company’s enterprise product offering hasn’t caught on.


Also facing a funding crunch. The CEO letter says it serves “over 225 million people around the world” who have more than 9bn notes (that’s an average of 40 each, though I bet there’s a lot of 1-note tryouts there). O’Neill has a rather vague blogpost subsequent to this rather more detailed story.
link to this extract

Errata, corrigenda and ai no corrida: none notified

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Start Up No.912: the gamified date, Twitter goes chronological, AMP opens up, YouTube’s alternative paths, iPhone XS reviewed, and more

Is iOS 12 really faster than iOS 11 on old devices? Photo by Toshiyuki IMAI on Flickr.

A selection of 10 links for you. Because you’re worth it. I’m @charlesarthur on Twitter. Observations and links welcome.

Alternative Influence • Data & Society


YouTube is a principal online news source for young people. Which is why it is concerning that YouTube, a subsidiary of Google, has become the single most important hub by which an extensive network of far-right influencers profit from broadcasting propaganda to young viewers.

“Social networking between influencers makes it easy for audience members to be incrementally exposed to, and come to trust, ever more extremist political positions,” writes Lewis, who outlines how YouTube incentivizes their behavior. Lewis illustrates common techniques that these far-right influencers use to make money as they cultivate alternative social identities and use production value to increase their appeal as countercultural social underdogs. The report offers a data visualization of this network to show how connected influencers act as a conduit for viewership.


Read it and worry. For all the right-wingers’ wailing about Google, the reality is that YouTube is their most effective recruiting sergeant – and they don’t pay a penny for it.
link to this extract

An open governance model for the AMP Project • Accelerated Mobile Pages Project

Malte Ubl is tech lead for the AMP project at Google:


One of our first tasks in working towards the new system is to complete the initial membership of AMP’s governance groups. If you are interested in being involved in any of these governance groups please let us know. This is real work, and we want to pay for it if it isn’t covered by your day job! If you need financial support, please let us know in the form. One area that we are particularly interested in is representation from folks with experience in consumer rights and protection. Meanwhile we’re excited to announce that we’ve talked to a few folks up front and they agreed to join the Advisory Committee including representatives from publishers (El País, Washington Post and Terra), e-commerce sites (AliExpress and eBay) and platforms (Cloudflare and Automattic) as well as advocates for an open web (Léonie Watson of The Paciello Group, Nicole Sullivan of Google/Chrome, and Terence Eden).


Seems like Google is loosening its grip on this. But I suspect the criticisms will go on, no matter what the general advisory committee looks like. The simple way to think about it is this: if AMP is so great, when is Facebook – which has an interest in serving lots of pages really fast all over the web – going to adopt it?
link to this extract

Behind your rising health-care bills: secret hospital deals that squelch competition • WSJ

Anna Wilde Mathews:


The Wall Street Journal has identified dozens of contracts with terms that limit how insurers design plans, involving operators such as Johns Hopkins Medicine in Maryland, the 10-hospital OhioHealth system and Aurora Health Care, a major system in the Milwaukee market. National hospital operator HCA Healthcare Inc. also has restrictions in insurer contracts in certain markets.

The U.S. spends more per capita on health care than any other developed nation and will soon spend close to 20% of its GDP on health. Americans aren’t buying more health care overall than other countries. What they are buying is increasingly expensive. Among the factors driving spending is the opaque way the price of health care is set, a problem exacerbated by the hidden details in agreements between insurers and health-care providers.

“No hospital system should be able to exercise market power to demand contract agreements that prevent more competitively priced networks,” said Cigna’s chief medical officer, Alan Muney, in a written statement provided by the company.

A health plan that excludes a costly system can be more than 10% less expensive for consumers and employers, according to insurance-industry officials. A plan that includes all providers but steers patients away from the costlier ones can save 3% to 7% or more, these people said.

Restrictive hospital-insurer contracts have helped prevent even big employers, including Walmart Inc. and Home Depot Inc., from moving forward with plans they were exploring to try to lower costs and improve quality for their workers.


The WSJ is quietly chipping away at the gigantic vested interests which are pushing US health costs into the skies, though it is ideologically unable to suggest that the best solution is to move to a monopsony – that is, a single buyer (the government) for all healthcare. The irony is that that solution would roughly halve health costs: the EU average is 10.1% of GDP (in 2013).

But the catch: healthcare costs are part of US GDP. Putting it into government (and reducing the cost) would make GDP seem to fall quite substantially. And of course you’d put a lot of people in insurance companies out of work. (This doesn’t seem like a justification for keeping them in work, though.)
link to this extract

Twitter will soon let you switch between chronological and ranked feeds • The Verge

Nick Statt:


Twitter has made a surprise change to how it shows tweets to its users, following a viral thread earlier today that discussed ways to reverse the platform’s algorithmic timeline. Now, when you uncheck the settings box reading “Show the best tweets first,” Twitter will completely revert your timeline to a non-algorithmic, reverse-chronological order, which is how Twitter was originally designed and operated for years until the company introduced a default algorithmic model in early 2016.

Prior to the change, unchecking the box would still result in the “in case you missed it” tweets, recommended tweets from people you didn’t follow, and tweets informing you when someone you do follow liked or interacted with someone else’s tweet. Twitter is now acknowledging that its users want more control over their timeline, and that the initial settings tool and how it functioned was not an adequate way to address this.


I was one of a number of people who, when a Twitter product manager asked a week or two ago about some proposed changes that would show if someone was actually “present” on Twitter – “you might say ‘who’s around’ at an airport” – suggested that it would be simpler just to let people have non-algorithmic (ie reverse chronological) feeds. So it was nice to see this tweet to that effect in my responses.
link to this extract

✨🎧 tenori-off •


A ✨Tenori-on✨ is a dope electronic music instrument sequencer thingie that Yamaha made for a hot minute. I love pixels and patterns and generating things out of pixels and patterns, which means I LOVE the Tenori-on. Since they’re rare and mad expensive, I’ve never seen one, so I made a JavaScript version of what I think it looks like.

You can change between drums or a synth sound (also using the D or S keys). The URL also holds the state, so you can send it to a pal to have them listen to your masterpiece. If you hit a bug, refreshing usually makes it go away.


This is good, if 8-bit, fun. Move the squares around to create different noises. Annoy everyone within earshot. Then say “it’s the machine learning. These things, oof.”
link to this extract

HBO documentary ‘Swiped’ argues that Silicon Valley must fix the dating mess it created • Marie Claire

Cady Drell:


when it comes to asking big questions about modern dating, this is not [Nancy Jo] Sales’s first rodeo. Her 2015 Vanity Fair article—“Tinder and the Dawn of the ‘Dating Apocalypse’”—went viral, and not always because people agreed with her. (Tinder famously sent out a 30-tweet response in which the app seemed to protest a bit too much about signaling the end of dating.)

But Sales, with whom I spoke a few days before the documentary premiered, says now that her thesis got lost in the furor. “Throughout this controversy, what struck me the most is that what people really seemed to want to talk about was the effect [dating apps have] on women,” she says. “And that was really the central issue for me, how this was leading to a lot of sexual harassment.”

Sales’s first outing as a director explores primarily heterosexual dating (though there is a part about Grindr and the pros and cons of dating apps when you’re a member of the LGBTQ+ community), exploring a laundry list of its characteristics and ills. It moves from interviews with young people at parties about their swiping habits to how specific relationships formed via app dating to how dating app culture negatively impacts monogamy. But while I initially feared Swiped would be a referendum on sex in general disguised as a “just asking questions” documentary on dating apps, its most lasting message was sort of about corporate responsibility. As in: Do the corporations who get us onto dating apps have a responsibility to make them safe and conducive to healthy relationships? Sales argues that they do.


link to this extract

iOS 12 on the iPhone 5S, iPhone 6 Plus, and iPad Mini 2: It’s actually faster! • Ars Technica

Andrew Cunningham:


I’ve been testing iOS on old devices for six years, and I’ve never seen a release that has actually improved performance on old devices. At best, updates like iOS 6, iOS 9, and iOS 10 didn’t make things much worse; at worst, updates like iOS 7 and iOS 8 made old devices feel like old devices. Anyone using an older device can safely upgrade to iOS 12 without worrying about speed, and that’s a big deal. You’ll notice an improvement most of the time, even on newer devices (my iPad Air 2, which had started to feel its age running iOS 11, feels great with iOS 12).

Again, it’s not all rosy. We didn’t notice any improvements in keyboard display times. You may still run into trouble running newer games, since there’s no software update that can transform an old GPU into a new one. And the iPad Air and Mini 2, in particular, are going to continue feeling kind of slow in general—an iPhone-class processor and 1GB of RAM are just not enough power to keep a high-resolution tablet feeling snappy for five years. With devices as old as these, the condition of the battery can significantly affect performance, too. If you’ve never replaced your battery (or if it has been more than two or three years since you did it last), make an appointment with the Genius Bar before those $29 battery replacements go away at the end of 2018.

But if nothing else, iOS 12 is a convincing counterargument to the theory that Apple intentionally hobbles its old devices to force people to buy new ones. In addition to running more like iOS 10 did, it supports devices going all the way back to 2013, which sets a new record for iOS’ software support window.


I noticed that iOS 12 was faster literally from the first minute of using the first developer beta, installed on a 12in iPad Pro. Of course, having used it all summer, I’m now inured to the difference. But Cunningham found improvements of up to 26% in app launch times and restarts, and none where it was slower.
link to this extract

iPhone Xs and Xs Max benchmarked: world’s fastest phones (again) • Tom’s Guide


The world’s first 7-nanometer processor in a phone isn’t the breakthrough that the A11 Bionic was regarding raw performance, but it still runs circles around Android phones powered by Qualcomm’s Snapdragon 845 chip in several world real-world tests and synthetic benchmarks.

The new hexa-core chip inside the iPhone XS and XS Max packs two performance cores that are designed to be 15% faster than its predecessor, along with four high-efficiency cores that use up to 50% less power, according to the company. On top of that is a four-core GPU that Apple says is up to 50% faster.


They come out faster in pretty much all the benchmarks, and show up as 11% faster than the iPhone X (which is probably the more relevant statistic).
link to this extract

Child abuse algorithms: from science fiction to cost-cutting reality • The Guardian

David Pegg and Niamh McIntyre:


Machine learning systems built to mine massive amounts of personal data have long been used to predict customer behaviour in the private sector.

Computer programs assess how likely we are to default on a loan, or how much risk we pose to an insurance provider.

Designers of a predictive model have to identify an “outcome variable”, which indicates the presence of the factor they are trying to predict.

For child safeguarding, that might be a child entering the care system.

They then attempt to identify characteristics commonly found in children who enter the care system. Once these have been identified, the model can be run against large datasets to find other individuals who share the same characteristics.

The Guardian obtained details of all predictive indicators considered for inclusion in Thurrock council’s child safeguarding system. They include history of domestic abuse, youth offending and truancy.

More surprising indicators such as rent arrears and health data were initially considered but excluded from the final model. In the case of both Thurrock, a council in Essex, and the London borough of Hackney, families can be flagged to social workers as potential candidates for the Troubled Families programme. Through this scheme councils receive grants from central government for helping households with long-term difficulties such as unemployment.

Such systems inevitably raise privacy concerns. Wajid Shafiq, the chief executive of Xantura, the company providing predictive analytics work to both Thurrock and Hackney, insists that there is a balance to be struck between privacy rights and the use of technology to deliver a public good.

“The thing for me is: can we get to a point where we’ve got a system that gets that balance right between protecting the vulnerable and protecting the rights of the many?” said Shafiq. “It must be possible to do that, because if we can’t we’re letting down people who are vulnerable.”


link to this extract

The iPhone Xs is the best iPhone since the last one • Buzzfeed News

John Paczkowski is a little nonplussed at what to say about the new devices:


I know the Xs Max is faster, but the X was so fast I struggle to appreciate its speed improvements. The display is beautiful, but is its true black a truer black than the one I see on the X? I am embarrassed that I am even asking the question. Also, I don’t care. The true black of my other dog has been great since his puppy pics.

The one feature that I truly appreciate in the Xs line is the size of the Max — largely because I am old and now prefer my phones graphing calculator size. If I decide to upgrade my phone this year, the Max and its size will be my only rationale. The display is vast — stunning, really. I can configure it to have as much memory as my laptop (512GB). For a plus-size smartphone it feels better in the hand, more ergonomic, though I have no idea why. Its battery lasts long enough that I’m not screwed if I forget to charge it overnight. Beyond that, I already know it’s a badass phone; its predecessor was badass too.

But when I tell my wife I might want to upgrade, she asks the price. Then she says, “Which do you like better, new phones or vacations?”

My daughter has an iPhone 7. The other day I handed her the Xs Max. She was puzzled in a “Why was this handed to me?” sort of way. I raised an eyebrow. “Oh,” she said. “This is the new iPhone. … It’s bigger.” Then, without a second thought, she handed it back to me, returning to whatever she was doing on her 7. Disappointedly, I said, “You’re not interested in the new iPhones? Not at all?”

“Not really,” she replied. “My phone works fine.”

Then my daughter suggested that, perhaps, the reason I care about new iPhones and she doesn’t is because once upon a time, way back a long time ago when the smartphone universe consisted of nothing more elaborate than…flip phones, I had to use one. Meanwhile, she has known only the iPhone — and other phones that look and behave like it.


Smartphone reviews stopped being useful a couple of years ago. Sure, the XS does a garbillion calculations per second rather than a groomtillion, but we are not in iPhone 4S v 4 territory here, nor iPhone 5S v Galaxy Note 3. The ecosystem war is over, and the trenches aren’t going to move substantially; nor is either side going to make a dramatic leap in performance. Although it is worth noting that those who can really perceive differences in camera quality from year to year (such as John Gruber and Matthew Panzarino at Techcrunch, who used to be a professional photographer) are mightily impressed with the XS’s camera capability, and especially its light-capturing abilities. Most folk wouldn’t notice the year-to-year difference, though they would over a two-year or three-year gap.
link to this extract

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

Errata, corrigenda and ai no corrida: none notified

Start Up No.911: Frasier!, the open tightness of Brexit-Trump, CSS to crash WebKit, videogame gambling gets squeezed, and more

Can a satellite photo detect obesity? Photo by Brock Boland on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. Like clockwork. I’m @charlesarthur on Twitter. Observations and links welcome.

25 essential episodes of Frasier for its 25th anniversary • Sitcom Studies

Marlessa Stivala:


Today, September 16, 2018 marks the twenty-fifth anniversary of Frasier: one of the most successful spin-offs of all time, recipient of the Emmy for Outstanding Comedy Series (five times), and (in my experience) somehow still drastically underrated. I’ve found that I always encounter people who haven’t even seen a single episode. It’s happened so often that I can no longer say I’m surprised but, as Frasier himself would say, “I am wounded.”

Amongst the show’s core five characters, there’s not a single weak link: Frasier (Cheers’ snobbish yet lovable psychiatrist), Niles (his fussy younger brother), Martin (his brash yet humble retied-cop father, with whom he lives), Daphne (Martin’s “just a bit psychic” physical therapist), and Roz (quite simply one of the best, wittiest female characters on any series).

I’ll never discourage anyone from a rewatch of Seinfeld, The Office, or Friends, but if you’ve yet to watch any or much of Frasier’s eleven-year run, the series’ 25th anniversary is the perfect excuse. And if eleven years sounds a bit too daunting, consider the 25 classics below the perfect way to start.


Niles: “I thought you liked my [wife] Maris.”

Frasier: “I do. I like her from a distance. You know, the way you like the sun.”

A work of genius. Well, many geniuses in the writers’ room, and then the actors too. Kudos to Stivala, whose site looks like a great way to lose many, many hours.
link to this extract

Here’s the science behind the Brexit vote and Trump’s rise • The Guardian

Michele Gelfand:


Analysing hundreds of hunter-gatherer groups, as well as nation-states including the Aztecs and Incas, we found that cultures that experienced existential threats, such as famine and warfare, favoured strong norms and autocratic leaders. Our computer models show a similar effect: threat leads to the evolution of tightness.

This tight-loose logic also applies to regional differences within countries. We’ve shown that US states with histories punctuated by high threat, including more natural disasters, higher pathogen prevalence and food instability, are much tighter than those that enjoyed relative safety. Similarly, communities that face financial danger – hunger, poverty, bankruptcy – and higher occupational hazards, are substantially tighter. This helps explain why those on low incomes have consistently told us they desire strong rules and leaders. In fact, when we ask respondents to free-associate from the word “rules”, low-income subjects consistently write positive words such as “good”, “safe” and “structure”, while wealthier ones write down words such as “bad”, “frustrating”, and “constricting”. These preferences arise early: in our lab, three-year-olds from low-income families were more visibly upset than peers from wealthier homes when they saw puppets violate clear rules.

Is tight better, then, or loose? The answer is, neither are. Both confer different advantages and liabilities, depending on your vantage point. Tight groups have cornered the market in social order: they have lower crime and tend to be cleaner and more coordinated. They also exhibit higher self-control: they tend to have fewer problems with obesity and debt, and lower rates of alcoholism and drug abuse. Loose groups are comparatively more disorganised and experience a host of self-regulation failures; yet they excel at openness. They’re much more tolerant, creative and flexible. Tight groups, by contrast, are far less innovative, more ethnocentric, and more resistant to new ideas. This is what I call the tight-loose trade-off; advantages in one realm coexist with drawbacks in another.

Tight-loose differences can explain global patterns of conflict, revolution, terrorism and populism. They operate as a universal faultline, causing cultural cohesion to buckle and rifts to open up. As threats arrive, groups tighten. As they subside, groups loosen. Threats don’t even need to be real. Our experiments show that, as long as people perceive a threat, the perception can be as powerful as objective reality.


link to this extract

US wants prison sentence for Facebook user who pirated ‘Deadpool’ • TorrentFreak



To be clear, [Trevon] Franklin [aged 22, from Fresno, California] wasn’t the person who originally made the copy available. [In early 2016] He simply downloaded it from the file-sharing site and then proceeded to upload it to his Facebook account, using the screen name ‘Tre-Von M. King.’

This post went viral with more than six million viewers ‘tuning in.’ While many people dream of this kind of attention, in this case, it meant that copyright holder Twentieth Century Fox and the feds were alerted.

The FBI launched a full-fledged investigation which eventually led to an indictment and the arrest of Franklin last summer.

Earlier this year, Franklin signed a plea agreement with the Government where he admitted to sharing the pirated film on Facebook. In return, the authorities recommended a sentence reduction.

This week the Government submitted its sentencing recommendation. Franklin pleaded guilty to a Class A misdemeanor which carries a maximum prison term of a year. While the Government doesn’t go that far, it believes a significant sentence is required.

“[T]he government recommends the high-end sentence of six months’ imprisonment, to be followed by a one-year term of supervised release, and a mandatory special assessment of $100,” the sentencing position reads.


Franklin was aged, what, 19 or 20 when he uploaded the film? I think the time when you might claim you didn’t know making pirated films available was illegal has long since passed. Six months comes across as pretty light compared to what hackers have suffered.
link to this extract

In killing Inbox, Google takes another swipe at its most passionate users • Computerworld

Mike Elgan:


For all its skill and dominance in artificial intelligence, Google can be surprisingly lacking in the natural kind.

In move after move, Google snatches defeat from the jaws of victory. And all because the company’s culture is blind to the value of passionate users.

I’m quite certain that Google watches user numbers and applies analytics to everything it can measure. A radically analytical approach is powerful, but it can blind you to the factors that cannot be measured. Factors such as user passion.

My favorite example is Google+. After an initial surge of usage in the first couple of years, the social network gradually fizzled — smothered by a reputation for low engagement.

That reputation was largely false. But over time it became a self-fulfilling prophecy as Google took repeated action to hide and suppress engagement.

It killed Circle sharing, the best way to discover high-quality active users. It added Communities, which reduced attention aimed at users. Its dumb algorithms flagged (and thereby hid from public view) high-quality comments, while simultaneously failing to flag obvious spam. (Eventually, Google’s algorithms got much better, but only after most users had already abandoned the platform.)

This is a great plan — if your objective is to minimize user engagement.


“To comment on this story, go to our Facebook page”, it says.
link to this extract

This AI predicts obesity prevalence—all the way from space • Singularity Hub

Marc Prosser:


A research team at the University of Washington has trained an artificial intelligence system to spot obesity—all the way from space. The system used a convolutional neural network (CNN) to analyze 150,000 satellite images and look for correlations between the physical makeup of a neighborhood and the prevalence of obesity.

The team’s results, presented in JAMA Network Open, showed that features of a given neighborhood could explain close to two-thirds (64.8 percent) of the variance in obesity. Researchers found that analyzing satellite data could help increase understanding of the link between peoples’ environment and obesity prevalence. The next step would be to make corresponding structural changes in the way neighborhoods are built to encourage physical activity and better health.

Convolutional neural networks (CNNs) are particularly adept at image analysis, object recognition, and identifying special hierarchies in large datasets.

Prior to analyzing 150,000 high-resolution satellite images of Bellevue, Seattle, Tacoma, Los Angeles, Memphis, and San Antonio, the researchers trained the CNN on 1.2 million images from the ImageNet database. The categorizations were correlated with obesity prevalence estimates for the six urban areas from census tracts gathered by the 500 Cities project.


Seriously? “Yo momma so big she can be seen from SPACE.”
link to this extract

Apple, Firefox tools aim to thwart Facebook, Google tracking

Anick Jesdanun:


Facebook and other companies routinely track your online surfing habits to better target ads at you. Two web browsers now want to help you fight back in what’s becoming an escalating privacy arms race.

New protections in Apple’s Safari and Mozilla’s Firefox browsers aim to prevent companies from turning “cookie” data files used to store sign-in details and preferences into broader trackers that take note of what you read, watch and research on other sites.

Lance Cottrell, creator of the privacy service Anonymizer, said Apple’s effort was particularly significant, as it takes aim at a technique developed by tracking companies to override users’ attempts to delete their cookies.

Safari makes these protections automatic in updates coming Tuesday to iPhones and iPads and a week later to Mac computers. Firefox has similar protections on Apple mobile devices and is rolling out them out to personal computers in the coming months.

To get the protections, you’ll have to break your habit of using Google’s Chrome browser, which by some estimates has more than half of the worldwide browser usage. Safari and Firefox have less than 20% combined.

Even then, Safari and Firefox can’t entirely stop tracking. For starters, they won’t block tracking when you’re using Facebook or Google itself. Nor can they help much when you use phone or tablet apps, unless the app happens to embed Safari, as Twitter’s iPhone app does.

But Will Strafach, a mobile security expert who is designing data security tools for phones, said imperfect protection is better than no protection. He notes that burglars can still break down a door, but that doesn’t mean you shouldn’t bother locking it.


By the way, iOS 12 was released on Monday evening.
link to this extract

Nasty piece of CSS code crashes and restarts iPhones • ZDNet

Catalin Cimpanu:


A security researcher has discovered a vulnerability in the WebKit rendering engine used by Safari that crashes and restarts the iOS operating system used by iPhones and iPads.

The vulnerability can be exploited by loading an HTML page that uses specially crafted CSS code. The CSS code isn’t very complex and tries to apply a CSS effect known as backdrop-filter to a series of nested page segments (DIVs).

Backdrop-filter is a relative new CSS property and works by blurring or color shifting to the area behind an element. This is a heavy processing task, and some software engineers and web developers have speculated that the rendering of this effect takes a toll on iOS’ graphics processing library, eventually leading to a crash of the mobile OS altogether.

Sabri Haddouche, a software engineer and security researcher at encrypted instant messaging app Wire, is the one who discovered the vulnerability, and published proof-of-concept code on Twitter earlier today.

This link will crash your iOS device, while this link will show the source code behind the vulnerability. Haddouche also tweeted a video of the vulnerability crashing his phone


Feels like this stuff comes around every few months or so. Plenty of people hammering on the iOS code to see what happens. This is about the nice graphic effect sucking up all your CPU.
link to this extract

Amazon investigates employees leaking data for bribes • WSJ

Jon Emont, Laura Stevens and Robert McMillan:


Employees of Amazon, primarily with the aid of intermediaries, are offering internal data and other confidential information that can give an edge to independent merchants selling their products on the site, according to sellers who have been offered and purchased the data, brokers who provide it and people familiar with internal investigations.

The practice, which violates company policy, is particularly pronounced in China, according to some of these people, because the number of sellers there is skyrocketing. As well, Amazon employees in China have relatively small salaries, which may embolden them to take risks.

In exchange for payments ranging from roughly $80 to more than $2,000, brokers for Amazon employees in Shenzhen are offering internal sales metrics and reviewers’ email addresses, as well as a service to delete negative reviews and restore banned Amazon accounts, the people said.


link to this extract

15 countries and one US state team up to fight gambling in video games • Ars Technica

Kyle Orland:


an international group of regulators from 15 European regulation bodies and Washington state in the US signed a declaration stating their increasing concern “with the risks being posed by the blurring of lines between gambling and other forms of digital entertainment such as video gaming.”

The declaration identifies four specific areas of concern:

• Skin betting—Third-party sites that allow users to wager money or in-game items for a chance at earning better items. Valve has already faced pushback from Washington State regulators for Steam’s role in “facilitating” such skin-gambling schemes.
• Loot boxes—In-game purchases that offer randomized rewards. Some loot boxes have already been ruled as illegal in the Netherlands and Belgium, and there have been some attempts to do the same from some US lawmakers.
• Social casino gambling—Apps like Big Fish Casino in which users can optionally spend money on virtual gambling chips if they don’t feel like waiting for the in-game currency to replenish. A US District court ruled Big Fish Casino constituted illegal gambling earlier this year, and there are multiple active lawsuits surrounding other such games.
• “The use of gambling themed content within video games available to children.”—In addition to the above, this would seemingly apply to games with poker or slot-machine-style minigames (or, uh, Casino Kid for the NES).


Overdue. Loot boxes in particular.
link to this extract

Altaba to settle lawsuits relating to Yahoo data breach for $47m • TechCrunch

Zack Whittaker:


Altaba, the holding company of what Verizon left behind after its acquisition of Yahoo, said it has settled three ongoing legal cases relating to Yahoo’s previously disclosed data breaches.

In a Monday filing with the Securities and Exchange Commission, the former web giant turned investment company said it has agreed to end litigation for $47m, which the company said will “mark a significant milestone” in cleaning up its remaining liabilities.

The deal is subject to court approval, which attorneys for both sides asked the court to approve the deal within 45 days, according to a filing submitted Friday.

In case you missed it, Yahoo had two data breaches — one in mid-2013, where data on all of the company’s three billion users was stolen, and another breach a year later of 500 million accounts, including email addresses and passwords. The company blamed the attack on state-sponsored hackers, without citing any evidence or pointing any fingers.

Muddying the waters, the breach was discovered during Verizon’s bid to acquire the web giant and its assets for $4.83bn. Verizon dropped its offer price by some $350m after the scope of the breach was fully realized, and created Oath. (Disclosure: TechCrunch is also owned by Oath.)


This is a desultory amount of money per user. Even on the smaller hack of 500 million, it’s just 9 cents per person. On the 3 billion, it’s 1.5 cents.
link to this extract

Amazon maintains smart speaker market share lead, Apple rises slightly to 4.5% • Voicebot

Bret Kinsella:


A national survey of 1,040 U.S. adults earlier this month commissioned by Voicebot, RAIN and PullString shows that Amazon is maintaining its lead in smart speaker installed base despite Apple and other device makers gaining some traction with users. Amazon Echo device share stands at 64.6% with Google Home products is used by 19.6% of smart speaker owners. Apple HomePod has been adopted by 4.5% of smart speaker owners, while 11.3% say they have access to a smart speaker that is not made by Amazon, Google or Apple. However, all of those “other” devices have either Amazon Alexa or Google Assistant as the resident voice assistant so Amazon and Google’s influence extends well beyond their own smart speakers…

…The latest smart speaker market share data are beginning to depict a familiar pattern. Amazon maintains a leadership position in the U.S. based on its first-to-market advantage and the strength of its marketing channel and Prime membership base. Everyone else is growing at Amazon’s expense…

The real battle is about to shape up. New hardware is expected from Amazon, Google, Samsung and others. Those new products will be the real catalyst that determines smart speaker market share after the holiday shopping season.

Keep in mind when you read these reports what they are calculating. The data here represents the installed base. CIRP data from earlier this summer also measures installed base, but it does not account for devices that are not manufactured by Amazon, Apple or Google. So, each of their market share figures are likely to be higher because the are comparing market share relative to each other as opposed to the entire market. By contrast, Canalys data attempts to be comprehensive but reflects unit sales in a given time period and not installed base. There are a number of different ways to look at the market. Regardless of which lens you consider, they all point to growth.


link to this extract

What really happened to Apple’s AirPower (exclusive details) • Sonny Dickson

The aforementioned Dickson:


Here are some of the key issues causing the most significant hurdles, as verified by multiple internal sources:

• Heat management: currently the device produces far too much heat, which causes performance setbacks, and can affect the ability of the devices to charge if they become too warm in the process. It also affects the ability of Apple’s custom charging chip, which runs a stripped down version of iOS, to function as intended.

• Buggy inter-device communication, as well as charging activation and issues with charging speed, and overall accuracy of charge levels:Apple’s engineers have been experiencing both hardware and software issues with the communication between AirPower and devices placed on the mat, -especially- the communication of Apple Watch and AirPod charging data to the iPhone, which monitors the charge level of all devices placed on the mat.

• Mechanical and interference issues: the mechanism being used for multi-device charging, which we can confirm is comprised of between 21 and 24 power coils of various sizes to accommodate the three main products to be charged (AirPods equipped with a so-far-nonexistent wireless charging accessory case, iPhone, and Apple Watch), which are broken into three identical charging groups, is proving extremely difficult to build or refine, and has been resulting in a significant amount of interference up to this point, which reduces the efficiency of the charging mat, and contributes to the heat issues that engineers are facing.

What is thought to be a significant factor in the ongoing engineering struggle is that three different sizes of coils must overlap within each coil set, which, combined with the very compact size of the device, makes managing interference and heat an extremely daunting technical challenge.

Aside from heat and interference shielding, the complexity of the circuitry in the device is also posing a significant challenge, which likely cannot be overcome unless the device is redesigned to be slightly thicker and larger – decisions which Apple is specifically unwilling to make compromises on for their overall design.


This wouldn’t be the first time that Apple has wanted to design its way past the laws of physics; a similar impasse happened (briefly) in the design of the original iPhone, which didn’t have any antenna gaps in its lovely aluminium design.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up No.910: Twitter’s inequalities, Google’s China phone plan, Grindr’s over-local, Apple goes to the movies, and more

OnePlus is killing the headphone jack. Are its habitats being wiped out? Photo by Hernán Piñera on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 13 links for you. Luckily. I’m @charlesarthur on Twitter. Observations and links welcome.

There’s a simple fix, but Grindr is still exposing the location of its users • Buzzfeed

Nicole Nguyen:


In a post published Thursday, the website Queer Europe detailed how easy it is to find any Grindr user’s location using an app called Fuckr, which employs a technique called “trilateration” to find users. Fuckr, which can be downloaded for free and is not affiliated with Grindr, is built on top of unauthorized access to Grindr’s private API, or “application programming interface,” which provides Fuckr with information in Grindr’s database.

Grindr is not deliberately revealing the locations of its users. But the “incredibl[y] high level of precision” of the distance data Grindr collects and shares allows apps like Fuckr to pinpoint users’ whereabouts, according to security researcher Patrick Wardle.

GitHub, which has hosted the Fuckr repository since it was released in 2015, disabled public access to the app shortly after the Queer Europe post published, citing Fuckr’s unauthorized access to the Grindr API. However, dozens of “forks” (modified versions) of the app are still available on GitHub. Queer Europe also confirmed to BuzzFeed News that the Fuckr application remains operational and can still make requests for up to 600 Grindr users’ locations at a time. Neither Grindr nor Github responded to request for comment about Fuckr’s takedown.


Leaky apps are so 2010.
link to this extract

Is Twitter more unequal than life, sex or happiness? • Tim Harford

Harford writes about our good friend Gini, who measures inequality:


the Gini coefficient can be applied to inequality in any set of numbers you like, from the number of storks in each country to the body weights of a family of hippos. For example: authoritative data on sexual activity in the UK are available from Natsal-3, the third National Survey of Sexual Attitudes and Lifestyles. Natsal-3 reports the number of opposite-sex partners we say we’ve had in our lives, and the number of times we say we’ve had heterosexual sex in the past four weeks. (It will surprise nobody to hear that men and women make rather different claims, so I’ve averaged their responses.)

Since I know you may be curious, I have made my own calculations, based on these data. For 35-44 year olds, the Gini coefficient of recent sexual activity is 58%. The Gini coefficient of lifetime opposite-sex partners is lower: 50%. Both are much higher than income inequality in the UK.

Nor are these figures driven by a few outliers with thousands of partners. When it comes to the bedroom, we don’t need to consider extremes to witness considerable inequality: many perfectly ordinary people have had only one sexual partner, or none, and many perfectly ordinary people have had at least 10. Bigger variations exist in income, but only at the extremes of distribution.

Of course, while one can measure income and sex using the same statistical method, that does not mean the moral or political implications are comparable. Most of us wouldn’t mind having more money, but it is far from obvious that we all want more lovers. Who has the time?


link to this extract

Thoughts and observations on Apple’s iPhone XS/XR and Series 4 Apple Watch introductory event • Daring Fireball

John Gruber:


AIRPOWER: I wrote about AirPower’s absence earlier this week. What I’ve heard, third-hand but from multiple little birdies, is that AirPower really is well and truly fucked. Something about the multi-coil design getting too hot — way too hot. There are engineers who looked at AirPower’s design and said it could never work, thermally, and now those same engineers have that “told you so” smug look on their faces. Last year Apple was apparently swayed by arguments that they could figure out a way to make it not get hot. They were, clearly, wrong. I think they’ve either had to go completely back to the drawing board and start over with an entirely different design, or they’ve decided to give up and they just don’t want to say so.


I’d love to see an analysis from someone who knows about Qi charging (which Apple uses) on why AirPower was overreaching, but I can completely believe that this has turned out to be too risky because of heat. In the meantime you could always get this wireless charging mouse mat ($39, one-week shipping) – which looks quite a lot like AirPower.
link to this extract

OnePlus ignores its own user polling, removes headphone jack on OnePlus 6T • Ars Technica

Ron Amadeo:


Seeing another company strip the headphone jack off its devices is definitely disappointing. For OnePlus, it’s another move that feels like a continuation of the OnePlus 6 strategy: removing the features that makes the phone unique. Compared to the OnePlus 5T—one of our favorite devices of last year—a lot has changed for this year’s edition. The company went from a metal device with slim bezels and a headphone jack to a fragile all-glass device, yet another notch design, and now no headphone jack.

What’s crazy is that the company knows exactly how much its customers do not want this. Before the OnePlus 6T, the company was one of the few still shipping a 3.5mm jack in its devices. And in the run up to the OnePlus 6’s launch, Pei ran a poll on Twitter asking his followers how much they valued a headphone jack. The results were overwhelming. An overwhelming 88% of the 19,000 participants said they wanted the headphone jack.

Of course, this was done to promote the OnePlus 6, which had a headphone jack, but at some point in the last six months OnePlus decided this feedback wasn’t important. The supposed tradeoff is more battery life, which is definitely something we’ll test when the OnePlus 6T comes out.

Now that using a pair of normal headphones is significantly more annoying (you’ll need to carry around a dongle), OnePlus probably hopes you’ll pick up a pair of its new Bluetooth headphones, or perhaps you’d be interested in the new wired USB-C headphones that are also on the way.

While the lack of a headphone jack is disappointing, at least the rest of the OnePlus 6T is looking interesting. OnePlus is a lessee of Oppo’s manufacturing line, and usually OnePlus devices are based on an existing Oppo design. Rumor has it the OnePlus 6T will be based on the Oppo R17, which has a unique teardrop-shaped camera cutout instead of the boring iPhone X-style notch that everyone else is using. When all you’re putting in the notch is a front-facing camera, it turns out it can be really small.


Pei has run Twitter polls since 2016 on this, and they’ve all shown support for a headphone jack at or above 85% (receiving 8,047, 9,589 and most recently 19,374 votes total). Looks like you’re getting a pair of Bluetooth headphones, everybody. (Would you honestly trust USB-C headphones? Also, ugh, wires.)
link to this extract

Google China prototype links searches to phone numbers • The Intercept

Ryan Gallagher:


Google built A prototype of a censored search engine for China that links users’ searches to their personal phone numbers, thus making it easier for the Chinese government to monitor people’s queries, The Intercept can reveal.

The search engine, codenamed Dragonfly, was designed for Android devices, and would remove content deemed sensitive by China’s ruling Communist Party regime, such as information about political dissidents, free speech, democracy, human rights, and peaceful protest.

Previously undisclosed details about the plan, obtained by The Intercept on Friday, show that Google compiled a censorship blacklist that included terms such as “human rights,” “student protest,” and “Nobel Prize” in Mandarin.

Leading human rights groups have criticized Dragonfly, saying that it could result in the company “directly contributing to, or [becoming] complicit in, human rights violations.” A central concern expressed by the groups is that, beyond the censorship, user data stored by Google on the Chinese mainland could be accessible to Chinese authorities, who routinely target political activists and journalists.


Even Apple’s much-criticised (but locally necessary) storage of iCloud data from its Chinese users doesn’t include their search history.
link to this extract

Tech’s new problem: North Korea • WSJ

Wenxin Fan, Tom Wright and Alastair Gale:


“It never crossed my mind” that North Koreans operated an IT business online, said Donald Ward, an Australian entrepreneur, when shown that a programmer he hired to redesign a website, who he thought was Japanese, was actually part of a North Korean crew operating in northeastern China, near the city of Shenyang.

The Journal discovered the Shenyang business after reviewing computers and other devices belonging to a North Korean operative arrested in Malaysia for suspected involvement in last year’s murder of North Korean leader Kim Jong Un’s half-brother. A car that ferried the alleged killers away from the Kuala Lumpur airport was registered to the North Korean operative, according to Malaysian investigators. The operative, who denied wrongdoing, was deported.

The operative’s electronic devices showed he had communicated with the Shenyang group about money-making ventures for North Korea, using vocabulary found only in the north’s dialect of the Korean language.

For North Korea, finding new business ventures has been crucial since the United Nations last year tightened sanctions and banned the country’s coal exports in a bid to curb Pyongyang’s nuclear-weapons and missile programs. The U.S. Treasury Department warned in July that North Koreans working abroad were selling IT services and hiding behind front companies and the anonymity provided by freelancing websites. The report offered few specifics. The Treasury on Thursday sanctioned two Russian and Chinese technology firms as revenue-generating fronts for North Korea.

Interviews with clients, plus records on, help detail at least tens of thousands of dollars earned by the Shenyang group. In total, North Korea may be pulling in millions from software development with numerous fake social-media profiles, say experts who track North Korean activity. The group took payment from clients and subcontracted the jobs to programmers world-wide who say they were cut out without compensation.

“It’s a big chunk of change” for North Korea, said Andrea Berger, a North Korea specialist at the James Martin Center for Nonproliferation Studies in Monterey, Calif.


Given how miniscule North Korea’s economy is (smaller than Samsung Electronics’s quarterly revenues, according to some estimates), Berger’s not exaggerating at all.
link to this extract

Chinese brands handset profit crossed US$2bn for the first time ever in Q2 2018 • Counterpoint Research

Karn Chauhan:


According to the latest research from Counterpoint Market Monitor Q2 2018 (April-June), Global handset profits grew 4% annually in Q2 2018 mainly due to Chinese brands, which were aggressive with their flagship offerings. Their combined profits crossed US$2bn for the first time, contributing to almost a fifth of the total handset profits.

Chinese brands are planning on to entering new price tiers in the premium segment. Brands like OPPO, vivo and Huawei have tweaked their design language by adding new features, at a time when overall innovation within smartphones was already reaching its peak. Examples include the vivo Nex (Ultra Full View Display with in-display fingerprint), OPPO Find X (Ultra Full View Display) and Huawei’s P20 Pro (Triple camera).

We expect the average selling price of smartphones will further increase, driven by developed markets. However, smartphone volumes are likely to be flat as consumers are now keeping smartphones for longer. This will have implications for OEMs’ revenue as OEMs are looking to maximize their profits by increasing their average selling price and entering new price tiers. Only vertical integrated companies, in such a scenario, are well poised to capture the trends.


I think that Apple, Samsung and Huawei all count as “vertically integrated” in that they all design their own chips. Counterpoint reckons 99% of profit was owned by five companies (Apple, Samsung, Huawei, OPPO+vivo [one company], Xiaomi). And then “the remaining 1% of total industry profit was distributed among more than 600+ handset brands.” Of course, quite a few of those made losses – Sony, HTC, LG…
link to this extract

No, Apple didn’t delete that guy’s movies. Here’s what really happened • CNET

Sean Hollister commits journalism in order to track down what actually happened behind a viral tweet:


“A customer bought these movies, they’re gone, and he’s only getting a couple rentals in return?”

Indeed, dig deeper into Apple’s Terms of Service, and you’ll see that it quietly warns that you may not be able to re-download content if it’s “no longer offered on our Services.” It’s not hard to see why headlines like “Apple can delete the movies you purchased without telling you” started spreading around the web. 

But take a closer look at da Silva’s tweet, and there’s something interesting going on. Apple Support thinks he’s in Canada, while da Silva’s Twitter profile and LinkedIn show he’s from Australia. That’s a rather large geographical difference.

When we reached out to da Silva, he clarified the disparity: he moved to Canada, roughly nine months ago, after purchasing the films in Australia. Not only is that two separate countries, it’s two separate iTunes Store regions. Perhaps Canada doesn’t offer those films anymore, and that left him unable to access them in his new location?

…But there’s another possibility: Perhaps da Silva still has access to the Australian versions of these movies, but not the Canadian ones?

That’s certainly what Apple seemed to be hinting when we asked the company about it this weekend. Apple said:


“Any movies you’ve already downloaded can be enjoyed at any time and will not be deleted unless you’ve chosen to do so. If you change your country setting, some movies may not be available to re-download from the movie store if the version you purchased isn’t also available in the new country. If needed, you can change your country setting back to your prior country to re-download those movies.”


Sure, Apple’s statement doesn’t say exactly what happened to da Silva’s movies, or admit that Apple Support may have made a mistake when parsing the original response. But it clearly states that the company doesn’t delete movies without your permission – and that you should even be able to re-download movies from your “prior country” if they’re not available in the new one…

…Indeed, those movies may still be stored in da Silva’s Australian account — but he can’t easily switch back to the Australian region to download them again… The reason da Silva’s missing movies got so much attention: they seemingly revealed Apple wouldn’t stand by its customers if the studios tried to pull their films. We now know it’s premature to say anything like that.


Remember how The Outline is struggling? That link is to an Outline story. They didn’t talk to Apple or da Silva, who now acknowledges he fell into a “licensing crack”.
link to this extract

This startup CEO says that Apple is using ‘alternative facts’ to market the new Apple Watch • Business Insider

Kif Leswing:


“We were watching [the announcement], and we were surprised,” Gundotra said. “It was amazing, it was like us being on stage, with the thing we’ve been doing for 7 years,” referring to AliveCor’s product for detecting atrial fibrillation (AFib), a tough-to-spot heart disorder that manifests as an irregular, often quick heart rate that can cause poor circulation.

“Although when they said they were first to go over-the-counter, we were surprised,” he continued. “Apple doesn’t like to admit they copy anyone, even in the smallest things. Their own version of alternative facts.”

The fact that a huge tech giant is entering their corner of health-tech validates AliveCor’s approach, Gundotra said. “I commend them, it’s the very mission we’ve been on,” he said, saying making ECG readings more accessible is “insanely important” and “will save lives.”

One key difference that will distinguish AliveCor from the Apple Watch is price, says Gundotra: AliveCor’s hardware starts at $99. The new Apple Watch Series 4 with ECG hardware — it won’t be enabled until later this year, through a new app, Apple said — costs $399. Many people who need at-home ECG are price sensitive, he says.

“Ours is $99, theirs is $399, our sales popped yesterday, big time,” he said.

Gundotra is also hopeful that his company’s expertise in machine learning and branching into other conditions will help it fend off trillion-dollar competitors. Earlier this week, AliveCor received “breakthrough status” at the FDA for its work detecting hyperkalemia, a potassium disorder.

“We love that Apple is validating AFib; just wait until you see what AliveCor is going to do next,” he said. “We were a great restaurant in a remote section of town, and someone just opened a giant restaurant right next to us, bringing a lot more attention.”


An embedded tweet in the story by Christina Farr explains: though AliveCor is OTC, a doctor reviews the first ECG to “unlock” it (within 24 hours). Apple’s FDA clearance means it can be used right away.

Oh, and one of AliveCor’s two consumer products is… an Apple Watch band. Too expensive, eh?
link to this extract

Drone startup AirWare crashes, will shut down after raising $118m • Techcrunch

Josh Constine:


Airware makes a cloud sofware system that helps enterprise customers like construction companies, mining operations, and insurance companies reviewing equipment for damages to use drones to collect and analyze aerial data. That allowed companies to avoid using expensive helicopters or dangerous rigs with humans on harnesses to make inspections and gauge work progress.

One ex-employee asked “How do I get my options sent to me on paper so I can burn them all in a fire?”

Founded in 2011 by Jonathan Downey, the son of two pilots, Airware first built an autopilot system for programming drones to follow certain routes to collect data. It could help businesses check rooftops for damage, see how much of a raw material was coming out of a mine, or build constantly-updated maps of construction sites. Later it tried to build its own drones before pivoting to consult clients on how to most efficiently apply unmanned aerial vehicles.

While flying high, Airware launched its own Commercial Drone Fund for investing in the market in 2015, and acquired 38-person drone analytics startup Redbird in 2016. In this pre-crypto, pre-AI boom, Airware scored a ton of hype from us and others as tried to prove drones could be more than war machines. But over time, the software that shipped with commercial drone hardware from other manufacturers was good enough to make Airware irrelevant, and a downward spiral of layoffs began over the past two years, culminating in today’s shutdown. Demonstating how sudden the shut down is, Airware opened a Tokyo headquarters alongside an investment and partnership from Mitsubishi just four days ago.


You’d think that focussing on the software would be enough, but clearly not.
link to this extract

Bring back the shadows: the case against HDR • Dan Bailey Photos

Dan Bailey:


Call this “ode to the shadow”, my attempt to rescue that wonderful, often elusive species, which has been pushed aside lately with such increasing and ruthless neglect by slider-happy photographers who banish it from existence in their images.

You know what I’m talking about. You see it every day. On Twitter, on Facebook, and especially on Instagram. Photos with such incredible, brilliant and dynamic colors that look like they’ve been cooked. Pictures with drippy, over saturated hues; like cotton candy that’s been slathered with an entire bottle of maple syrup. Google “Fantasy Art” and you’ll see the exact same tonal blueprint.

It took me awhile to figure out why I can’t stand that stuff. No, it’s not that weird alien-like edge glow that floats around the subject, or even cosmic tones that peg the gamut meter full tilt. It’s the fact that you can see everything. Nothing is hidden.

Yes, there’s some well executed HDR out there, but to me, most HDR photography, whether it’s done with a plug-in or by slamming the software sliders all the way to the right, is nothing more than sugar. Spoon fed sugar that’s shoveled right into your mouth.

It delivers calories with no work. A payoff with no effort. In every way, it’s just like that godawful, heavily compressed, crossover pop garbage that pours forth from the country stations. Noone really like that stuff, but the radio keeps playing it.

Whatever happened to subtlety? To innuendo? To suggestion?

Whatever happened to shadows…?

Whether it’s bad HDR or bad country music, if you give the viewer or listener EVERYTHING in the same level of volume, color, tone and brightness, you leave nothing to the imagination.


Some lovely photos here. And he has a point.
link to this extract

It only took 37 seconds for two bitcoin ‘celebs’ to start fighting on a cruise ship • Mashable

Jack Morse:


The CoinsBank Blockchain Cruise, chartered to take cryptocurrency die-hards from Barcelona, to Monaco, to Ibiza, and then back, was in its fourth day, and a highly billed event had managed to drag a few likely hung over attendees out from their below-deck cabins. Jimmy Song, a venture partner at Blockchain Capital LLC, was to argue the relative merits of Bitcoin (BTC). Early Bitcoin adoptee and Bitcoin Cash evangelist, Rover Ver, was to speak on behalf of Bitcoin Cash (BCH). 

Bitcoin Cash was born following a 2017 Bitcoin hard fork, and despite BTC’s and BCH’s shared history, the two cryptocurrencies and their respective boosters have become the blockchain’s very own Montagues and Capulets — each disparaging the other at every conceivable opportunity, with both sides lobbing accusations of fraud and deception. 

It was perhaps to be expected that the debate wouldn’t go smoothly, but just how quickly it went off the rails surprised even those in attendance. 

Song, cowboy hat atop his head and microphone in hand, attempted to introduce the format of the event — a “Lincoln-Douglas style debate” — but was soon interrupted by Ver. 

Shouts of “no Roger” emanated from the crowd, as Ver told the audience to “calm down.”

It quickly spun out from there, with Song repeatedly telling Ver to “sit down” as Ver angled for the microphone. 

“Do you want to debate me or not,” Song demanded. “OK then sit down,” he repeated as he stood behind the podium.


Also on the cruise was the writer Laurie Penney, who I’m pretty sure doesn’t know anything about bitcoin, but will have no doubt been mansplained to within an inch of her life. I’m very much looking forward to her writeup.
link to this extract

Twitter CEO Jack Dorsey in conversation with Professor Jay Rosen • Recode

Peter Kafka with the transcript, which has many notable elements; this is useful for seeing Dorsey’s viewpoint on how he sees Twitter being used:


“we are being used more like what you would find in Washington Square Park. You walk into Washington Square Park and there’s a bunch of people who, when I walk in, there’s a bunch of people there who are not expecting me to walk in and aren’t expecting me to do the things that I intend to do and might see it out of the corner of their eye and might come over and listen or interact or whatnot. In that public square, there’s all these things that happen and some are amazing, and some are stupid, and some are silly, and some are really terrible. There’s a guy in the corner with a megaphone broadcasting his thoughts and then he recognizes you and he says, “Jay, get the hell over here. You’re a terrible person and I hate you,” and all these other things. And it’s completely directed at you.

“And at that point, people recognize it and they tell him to stop, or the park stewards or police come over and say, “Here’s a warning and if you keep attacking this one person who doesn’t want it and is not even paying attention to you, then you’re out.” So that action right there was not neutrality, it was being impartial to the conduct and with an eye towards more of the collective, with an eye towards like, “We need to make Washington Square Park something that people actually want to be at and recognize that there’s going to be people who choose unhealthy behaviors and we’re going to at least demonstrate what is not healthy and what could be healthier.”

“I do believe health is a value that we’ve chosen to make a singular objective, and we value health in public conversation, but in order to do it correctly, we need to do it with a principle of impartiality, which means that we’re not going to do on the basis of bias or prejudice or favoring one account over another for improper reasons. Where we have failed in that is to be transparent around how we write our rules and how we enforce them.”


He then goes on to describe how they’re trying to measure that “health”. One can’t help but think that zapping tweets coming from Russian IP addresses would make a big contribution.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Start Up No.909: making heavy weather, game apps under fire, the everlasting iPhone?, Outlining the problem, and more

Larry Page in 2006. His public appearances are increasingly rare. So what’s he doing? Photo by Herkko Hietanen on Flickr

»You can sign up to receive each day’s Start Up post by email (arriving at about 0700GMT each weekday). You’ll need to click a confirmation link, so no spam.«

A selection of 9 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

New iPhones, new Galaxies: who’s the bigger copycat? • Yahoo News

David Pogue is a brave, brave man:


First, I made up a list of every major feature that’s standard on smartphones today. Pinch-to-zoom. Auto-rotating screen. Slow-mo video. Word suggestions above the keyboard. A quick settings panel. Voice assistant. Voice calling. Private browsing. And on and on.

Second, I hunted down the first appearance of every feature by poring through old user manuals, Wikipedia, tech reviews, and how-to books. With help from my assistant Jan Carpenter, we eventually filled in a spreadsheet, which you can see here.

I turned the data over to David Foster, infographics lead for Oath Studios, who designed the timelines you see below. Each one shows clearly not just which company wins each horse race, but how long it took its rivals to copy each feature. The timeline bars also provide a fascinating look at how smartphones have evolved since the iPhone’s debut in 2007.

Now, a few notes on this project’s limitations:

• I’ve restricted the game to three players: Apple, Samsung, and Google. Some features may have appeared first in phones by smaller companies, but most of the “you stole that!” accusations involve the Big Three. Especially when it comes to software features (Apple’s iOS vs. Google’s Android) and hardware features (Apple’s iPhone vs. Samsung’s Galaxy S series).
• Not all features get stolen. Nobody ever copied Apple’s Force Touch screen idea (detects how hard you’re pressing) or its Emergency SOS siren (to use when you’re being mugged). Similarly, to this day, only Android offers desktop widgets and multiple user accounts on the phone. And Samsung, through the years, has introduced dozens of features that nobody chose to imitate (built-in heart-rate sensor, auto-scrolling based on your head tilt). This story is about features that have become universal, so those features don’t appear here.
• Also not included: Features that existed before the smartphone era, like downloadable ringtones. They weren’t Apple’s, Samsung’s, or Google’s ideas in the first place.
Even with all of this research and documentation, I’m sure there will be much to argue about. Does Samsung’s easily fooled face recognition get credit for being first, when Apple’s later implementation, which uses depth cameras that can’t be fooled by a photo, is far better? Should a company get credit for being the leader, when the feature it introduced seems obvious and inevitable (say, an on-screen keyboard)? Should a feature be listed if two companies introduced it more or less simultaneously?

In all three cases, I’ve answered “yes” as I built this study.


RIP your mentions, dude.
link to this extract

How The Weather Channel made that insane storm animation • Wired

Brian Barrett:


If you haven’t seen the graphic yet, take a moment to watch the segment below. It starts normally enough, with a top-side view of the Eastern seaboard, showing the “reasonable worst-case scenario” of water levels. (The data comes from the National Hurricane Center.) But about 45 seconds in, a shift occurs. Meteorologist Erika Navarro stands not in a studio, but on a neighborhood street corner. And then the waters around her start to rise.

On one level, yes, the visualization literally just shows what three, six, and nine feet of water looks like. But it’s showing that in a context most people have never experienced. It fills in the gaps of your imagination, and hopefully underscores for anyone in a flood zone all the reasons they should not be.

A year ago, this wouldn’t have been possible. In fact, this specific demonstration wouldn’t have been possible a month ago. The Weather Channel only finished the new “green screen immersive studio” at its Atlanta headquarters this week. With peak hurricane season coming, it wanted to be prepared. “It was all hands on deck,” says Michael Potts, TWC’s vice president of design.

Fortunately, they’ve already had some practice with this sort of thing. About 18 months ago, Potts says, the broadcast industry at large started getting serious about the quality of graphics it could offer, thanks in part to the rising popularity of esports. Seeing potential for weather coverage, TWC invested in the use of Unreal Engine, the same suite of tools that powers countless video games (yes, including Fortnite.


The video is indeed amazing. This is “augmented reality” being used to its best capacity.
link to this extract

Amazon is stuffing its search results pages with ads • Recode

Rani Molla:


Sponsored ads allow vendors to bid auction-style to have their products show up when consumers type in a related search term. If you’re Duracell, for example, you can pay to have your product show up above or among search results when someone types in “batteries” — or “Energizer.”

When searching for a specific product — “Kellogg’s Corn Flakes,” for example — ads for Kellogg’s own Frosted Flakes and competitor Nature’s Path Corn Flakes both show up as sponsored results first.

And in an unscientific Recode test, these types of ads showed up for every search term, from the vague to the hyperspecific:

“Nobody is scrolling beyond the first page when they do a search,” Jason Goldberg, SVP of commerce at SapientRazorfish, a digital marketing agency, told Recode. “If you want to be discoverable, you have to find a way to show up in search results.”

To get that prime visibility, brands are responding with more cash. Spending on sponsored products in Amazon’s search increased 165% in the second quarter of 2018 compared with a year earlier, according to data from marketing agency Merkle.

The competition for brands to bid on their own or others’ keywords is fierce, and is leading toward what Goldberg called a “perfectly escalating arms race where all the trends are to spend more money to buy more ads to have better visibility on Amazon.”


I’ve noticed this; Amazon isn’t bound, as far as I can tell, by the requirements on other search engines to label ads “prominently”. The only positive thing is that if you’re actually determined to buy product A, then an ad for product B probably won’t do it. The annoyance comes when you accidentally click on the ad product thinking it’s part of the organic listings. Which can happen on Google too, of course.
link to this extract

“Where’s Larry?” • Bloomberg BusinessWeek



For several months he maintained a weekly meeting with leaders at Google Fiber, a project to develop ultrahigh-speed internet access, to brainstorm technical solutions for implementing the service, such as newfangled ways to drill fiber-optic cables into sidewalks, says a former manager there.

Another skunkworks project that consumed Page, started in 2015 and previously unreported, was a Disney-esque idea to reimagine transportation, code-named Heliox. According to three people familiar with the effort, a team operating out of a former NASA hangar in the Bay Area built a tube of plastic the width of a subway car, snaked around a circular track, designed to propel bicyclists at rapid speeds through a swirl of oxygen and helium pumped into the tunnel at their backs. Heliox was pure Page, a space-age concept both preposterously imaginative and mechanically marvelous: The vision was to stretch this tube system, arced hundreds of feet in the air, from a ground-level entry point on Google’s Mountain View campus to an exit 35 miles north, in San Francisco, so Google’s rainbow-colored beach cruisers might one day be seen flying over U.S. Highway 101. Yes, it sounds like a Hyperloop for bikes.

Many of these projects, including Heliox, have since fizzled or died. As Alphabet’s CEO, Page had to placate investors anxious about his investments beyond Google’s core business. Now almost all of Alphabet’s spending goes to Google. Several people familiar with the dynamic say Page’s involvement with Alphabet’s subsidiaries has become more sporadic in recent years as the L Team has shrunk to a smaller coterie known as “AlphaFun,” and it’s difficult to pinpoint a fresh project inside the company with his clear imprint. One former manager who worked at X says the rare office check-in from Page is akin to a royal visit, replete with assistants, hangers-on, and advance fretting. Doctoroff, the Sidewalk Labs CEO, disputes this characterization and says Page is “intensely involved,” citing their weekly video chats and a surprise Page visit to Sidewalk’s Toronto project in July. Although Page hasn’t visited Sidewalk’s New York headquarters in months, Doctoroff says he’s constantly discussing ideas as varied as “dynamic pavement” and “cross-laminated timber.”

These days, there’s a sense within Google that futurism has taken a back seat to more pressing concerns.


This is such a contrast with the Zuckerberg profile from the New Yorker. Fascinating detail: Page is younger than Google’s Sundar Pichai.
link to this extract

How game apps that captivate kids have been collecting their data • NY Times

Jennifer Valentino-DeVries, Natasha Singer, Aaron Krolik and Michael Keller:


Before Kim Slingerland downloaded the Fun Kid Racing app for her then-5-year-old son, Shane, she checked to make sure it was in the family section of the Google Play store and rated as age-appropriate. The game, which lets children race cartoon cars with animal drivers, has been downloaded millions of times.

Until last month, the app also shared users’ data, sometimes including the precise location of devices, with more than a half-dozen advertising and online tracking companies. On Tuesday evening, New Mexico’s attorney general filed a lawsuit claiming that the maker of Fun Kid Racing had violated a federal children’s privacy law through dozens of Android apps that shared children’s data.

“I don’t think it’s right,” said Ms. Slingerland, a mother of three in Alberta, Canada. “I don’t think that’s any of their business, location or anything like that.”

The suit accuses the app maker, Tiny Lab Productions, along with online ad businesses run by Google, Twitter and three other companies, of flouting a law intended to prevent the personal data of children under 13 from falling into the hands of predators, hackers and manipulative marketers. The suit also contends that Google misled consumers by including the apps in the family section of its store.

An analysis by The New York Times found that children’s apps by other developers were also collecting data. The review of 20 children’s apps — 10 each on Google Android and Apple iOS — found examples on both platforms that sent data to tracking companies, potentially violating children’s privacy law; the iOS apps sent less data over all.

These findings are consistent with those published this spring by academic researchers who analyzed nearly 6,000 free children’s Android apps. They reported that more than half of the apps, including those by Tiny Lab, shared details with outside companies in ways that may have violated the law.


link to this extract

Youtube Kids adds a whitelisting parental control feature, plus a new experience for tweens • Techcrunch

Sarah Perez:


YouTube is adding another feature that will give parents the ability to explicitly whitelist every channel or video they want to be available to their children through the app.

Additionally, YouTube Kids is launching an updated experience to serve the needs of a slightly older demographic: tween viewers ages 8 through 12. This mode adds new content, like popular music and gaming videos.

The company had promised in April these changes were in the works, but didn’t note when they’d be going live.

With the manual whitelisting feature, parents can visit the app’s Settings, go to their child’s profile, and toggle on an “Approved Content Only” option. They can then handpick the videos they want their kids to have access to watch through the YouTube Kids app.

Parents can opt to add any video, channel, or collection of channels they like by tapping the “ ” button, or they can search for a specific creator or video through this interface.

Once this mode is enabled, kids will no longer be able to search for content on their own.

While this is a lot of manual labor on parents’ part, it does serve the needs of those with very young children who aren’t comfortable with YouTube Kids’ newer “human-reviewed channels” filtering option, as mistakes could still slip through.


Yup, that’s a lot of effort. Bet that few parents go to the trouble. Allows Google to say it has tried and that it offers what people have demanded. Except what people want is for Google to do the filtering.
link to this extract

The iPhone franchise • Stratechery

Ben Thompson:


probably the biggest surprise from these announcements (well, other than the name “XS Max”) is just how good of a smartphone the XR is.

• The XR has Apple’s industry-leading A12 chip, which is so far ahead of the industry that it will still be competitive with the best Android smartphones in two years, and massively more powerful than lower-end phones.
• The XR has the same wide-angle camera as the XS, and the same iteration of Face ID. Both, again, are industry-leading and will be more than competitive two years from now.
• The biggest differences from the XS are the aforementioned case materials, an LCD screen, and the lack of 3D Touch. Again, though, aluminum is still a premium material, Apple’s LCD screens are — and yes there is a theme here — the best in the industry, and 3D Touch is a feature that is so fiddly and undiscoverable that one could make the case XR owners are actually better off.

There really is no other way to put it: the XR is a fantastic phone, one that would be more than sufficient to maintain Apple’s position atop the industry were it the flagship. And yet, in the context of Apple’s strategy, it is best thought of as being quite literally ahead of its time.


Reading this – in which he points out that smartphone strategies are worked out years in advance – I began to suspect that Apple’s long-term strategy for India and other countries which have big markets but where it has negligible share is to let the XR age, and keep offering it more and more cheaply in those markets. The SE tried, but simply wasn’t big enough; those markets demand big screens.
link to this extract

Lasts longer • Asymco

Horace Dediu:


What is the logic of this durability focus as a business model? It may be good for the environment but is it good for the bottom line?

Of course, there would be not much business without an environment and we should all strive for sustainability.  But this is an existential observation, and it’s defensive. The important call to make is that Apple is making a bet that sustainability is a growth business.

Fundamentally, Apple is betting on having customers, not selling them products.

The purpose of Apple as a firm is to create and preserve customers and to create and preserve products. This is fundamental and not fully recognized.

To understand how this works, if you look at the pricing graph below, you can read it as a story of increasing prices for a decreasing market share. But if you understand that each advance in products increases absorbable[1] utility then the cost per use remains steady or declines.

An iPhone at $1200 may be less expensive than an iPhone at $600 if the $1200 version lasts twice as long as is used twice as much each day. The $1200 phone delivers 4x the utility at twice the price, making it half the price. By making more durable products, both in terms of hardware and software, the customer base is satisfied and preserved.

Practically, the initial buyer may resell the iPhone and that 2nd hand devices may be sold yet again. This means an iPhone could have three users over its life and thus it could end up expanding the audience for Apple by a factor of 2 or even 3.

The expanded audience is offered accessories, additional products such as wearables and, of course, services. These residual business models are certainly profitable, perhaps even more so than the iPhone.


Dediu always has a different way of looking at things.
link to this extract

The Outline and the curse of media venture capital • Columbia Journalism Review

Mathew Ingram:


When The Outline launched, it had about 10 full-time staff, including veteran writers and editors like Aaron Edwards from BuzzFeed, Adrianne Jeffries from Vice Media’s Motherboard site, and Amanda Hale from Talking Points Memo. The site soon had a four-person video team, and added a number of high-profile writers who worked out of its office on the Lower East Side of Manhattan. Its website, which often looked and functioned more like a mobile app, got largely positive reviews, and there were high hopes for its customized approach to advertising.

A source close to the company say the board encouraged Topolsky to spend more and expand quickly, assuring him there would be no problem in finding more financing. By late last year, however, the media environment had soured. Vice Media and BuzzFeed were said to have missed their revenue targets for the year by as much as 20 percent, and Mashable—a former digital media superstar—was forced to sell itself for a fraction of its previous valuation, to Ziff Davis, which immediately laid off 50 people. A tight advertising market and the increasing dominance of Facebook, as well as the lackluster performance of video, meant sharply lower traffic and revenue numbers for just about everyone in the business.

At first, The Outline seemed to have figured out a way to make it work. In April, Topolsky said his ad strategy was working so well that clickthrough rates were 25 times the industry average. Then he announced a new round of funding in May, another $5 million from existing investors and several new funds. In a Wall Street Journal interview, Topolsky said the site (which then had more than 30 staff and 3 million unique visitors a month, according to internal analytics), had kept its funding round small because it didn’t want to suffer from inflated expectations.

According to several sources, however, this wasn’t entirely true. The site very badly wanted to raise more than $5 million—and in fact needed to do so to keep up with its burn rate—but had failed to find enough investors willing to sign up. Also, the announcement didn’t mention that most of the funding had come in months earlier, and had already been spent.


I can’t see The Outline lasting much longer as an independent organisation. Apart from anything, what’s it for? What’s its niche? The internet rewards niches. It penalises generalism unless you’re gigantic.
link to this extract

Errata, corrigenda and ai no corrida: none notified.

Start Up No.908: Watch that iPhone!, glasses for tea pickers, the Russian health tweeters, celeb mag secrets, Fortnite’s Android quest, and more

Apple’s AirPower: is this all we’ll get? Photo by The Trendy Startups on Flickr

»You can sign up to receive each day’s Start Up post by email (arriving at about 0700GMT each weekday). You’ll need to click a confirmation link, so no spam.«

A selection of 12 links for you. Close enough. I’m @charlesarthur on Twitter. Observations and links welcome.

Apple Watch Series 4 debuts with larger screens and new 64-bit S4 chip • Venturebeat

Jeremy Horwitz:


Heavily rumored since shortly after the release of its predecessor, and accidentally revealed in pre-event leaks of images and basic specs, the Apple Watch Series 4 finally became official today. The company’s next-generation smartwatch features the first major redesign since 2015’s original (“Series 0”) model, including larger bodies, over 30% bigger screens, and new internals.

Introducing the new model, Apple COO Jeff Williams described the Apple Watch as an “intelligent guardian for your health,” and said that it was adding new dynamic watch faces that show off the larger display, including fire, vapor, water, and breathe effects. Despite a 35% larger screen on the smaller version and 32% larger screen on the larger model, it’s thinner than the Series 3, with less total physical volume.

As a result of the new screens, the new Apple Watches have higher resolutions than their predecessors. Extra pixels enable each model to fit more on the screen than before, such that the Watch can now display a watch face with eight simultaneous “complications” — separately tappable icon or text information displays.

Apple has made a number of tweaks to the Series 4’s body. The microphone hole now sits between the side button and Digital Crown, enabling clearer voice sensing, while the speaker has been improved for greater volume. At the same time, the Digital Crown has been modestly redesigned to turn the LTE model’s solid red circle into a thin red circular line and to include haptic feedback with each motion. The side button no longer protrudes as much as it did from the Watch’s body.

The new S4 chip inside is a dual-core 64-bit processor with a new GPU, delivering up to twice the performance of its predecessor. Updated accelerometer and gyroscope functionality enable all-day activity tracking, twice the dynamic range of sensing, and up to 32g of force. New types of workouts are also tracked with the new model. It can also detect falls, and give you an easy route to access the Emergency SOS feature.


I like the eight-complication screen, and the way it represents “heat” with colour ranges. Altogether, it looks like the Watch is really hitting its stride, becoming all the things it can. It’s at about the point the iPhone was with the iPhone 4 in 2010: ready to really take off.
link to this extract

IPhone XS and XS Max: hands-on with Apple’s giant new phone • The Verge

Dieter Bohn:


The iPhone XS Max is bigger, yes, but as you can see in the photos, it is almost hard to distinguish the two when you’re looking at photos. It feels much better than any “Plus” iPhone ever has. I always found the Plus-sized iPhones to be ungainly, but the Max seems to be a little more ergonomic in subtle ways. If you’ve wanted a Plus before but were put off by the size, I’d at least try to hold the new Max size before making your decision.

Both phones have identical specs aside from their screens. They use Apple’s new A12 Bionic processor, which is supposed to be 15% faster than the A11, have improved water resistance that’s supposed to let them stay submerged in two meters of water for up to 30 minutes, and have support for two SIMs and gigabit LTE. The rear cameras have each seen improvements to make them faster (larger pixels on the wide-angle lens, a wider aperture on the telephoto lens), and the selfie camera is supposed to be faster as well (though not for any immediate spec-related reason).

More than anything else, the most impressive tech demo this year is the new portrait mode feature, which allows you to adjust the bokeh after the shoot. It’s just fun to slide the dial left and right to get the exact right amount of blur.

The real difference comes down to both phones’ displays, though that’s just in terms of size and resolution. The XS has the same 5.8-inch size, OLED tech, and 2436 x 1125 resolution as the iPhone X, though it’s also supposed to have 60% greater dynamic range for more vibrant images. The XS Max takes the OLED screen and dynamic range gains and brings them to a 6.5-inch size, with a 2688 x 1242 resolution. Both have the same 458 ppi pixel density, so you don’t lose out on sharpness by going larger.


Note how the processor speed improvement isn’t as large. We’re hitting a wall there (see later link). However, analysts are expecting the LCD-screened iPhone XR (naming 😱) to be the best-seller around the world.
link to this extract

Nearly 600 Russia-linked accounts tweeted about the US’s health law • WSJ

Paul Overberg:


On the March 23 anniversary of the Affordable Care Act becoming law, Democrats attacked Republicans for trying to sabotage the health law and praised the embattled legislation.

So did Russian trolls.

“8 years ago today, President Obama signed the Affordable Care Act into law. Millions of Americans have gained access to health care. Thank you, Mr. President!” said a tweet linked to the Internet Research Agency, a Russian company engaged in an online influence campaign that typically seeks to pit one side against the other on controversial issues.

A newly identified group of nearly 10,000 tweets shows that while Russian trolls often focus on such hot-button issues as Hillary Clinton’s email or athletes kneeling during the national anthem, they also target substantive and divisive policy areas like health care.

Nearly 600 IRA-linked accounts posted to Twitter about the ACA and health policy from 2014 through this past May, with the most prolific ones tweeting hundreds of times, the new data show. One account, called TEN_GOP, rocketed from fewer than 1,000 followers to more than 138,000 in two years, sending 60 tweets that potentially reached followers more than four million times.

Researchers at Clemson University provided The Wall Street Journal with the set of about 9,800 tweets involving health policy and the ACA that the IRA posted over that period. An analysis by the Journal found that 80% of the tweets had conservative-leaning political messages, often disparaging the health law.

The accounts have been shut down by Twitter as congressional investigators unearthed their origin, but intelligence experts say the assault is continuing through similar accounts and channels.


link to this extract

The secrets you learn working at celebrity gossip magazines • Vice

Jessica Evans:


Being on the sausage-making side of the ever-grinding fame machine, you see a different side to the world of celebrity and the glimmer of being famous: the constant hustle, the fake friendships and the even faker smiles, the fact that you have to post one Instagram selfie a day (one a day! Think how many good pictures you have ever taken of you in your lifetime. One a day!): plus, you’re constantly drinking lukewarm prosecco next to a showbiz editor at a Wednesday night sponsored party, deciding what pound of flesh you’re willing to cut out of your life and sell to the highest bidder.

If you fancy being famous: hey, go for it, I’m sure your Soundcloud page will take off any day now. But consider this behind-the-scenes peek at the world of gossip mags to be a warning: as soon as you get an Instagram blue tick, it’s fair game to say pretty much anything about you. And once it starts, you get into a weird place where you never want it to stop, to the point you start making up shit about yourself just to extend your 15 minutes of fame up to 16, 17, maybe 18 minutes. Think about it like this: do you want to be Antony Costa? Because you’re probably going to end up being Antony Costa.

And here’s how showbiz journalists like (formerly) myself are going to make that happen.


I don’t know who Antony Costa is, but anyway, you’re probably going to click through to read the full article, and if you don’t, you’ve really missed out. Essential knowledge.
link to this extract

What the GlobalFoundries’ retreat really means: Moore’s Law is dead • IEEE Spectrum

Steve Blank:


Each shrinkage of chip line widths requires more complexity. Features have to be precisely placed at exact locations with each lithographic printing step. At 7 nanometers, this requires up to 80 such steps.

The other limitation to packing more transistors onto to a chip is called Dennard scaling: As transistors get smaller, their power density stays constant, so that the power use stays in proportion with area. But basic physics has stopped Dennard scaling, creating a “Power Wall”—a barrier to clock speed—that has limited microprocessor frequency to around 4 gigahertz since 2005.  It’s also why memory density is not going to increase at the rate we saw a decade ago.

The problem of continuing to shrink transistors in a post-Dennard era is so hard that even Intel, the leader in microprocessors and for decades the gold standard in leading fab technology, has stumbled. Industry observers have suggested that Intel has hit several speed bumps on the way to its next generation push to 10- and 7-nanometer designs, and now is trailing TSMC and Samsung.

The combination of spiraling fab cost, technology barriers, power density limits, and diminishing returns is the reason GlobalFoundries threw in the towel. It also means the future direction of innovation on silicon is no longer predictable.

The end of putting more transistors on a single chip doesn’t mean the end of innovation in computers or mobile devices. (To be clear, the bleeding edge will advance, but almost imperceptibly year-to-year; and GlobalFoundaries isn’t shutting down, they’re just no longer going to be the ones pushing the edge.)

But what it does mean is that we’re at the end of guaranteed year-to-year growth in computing power. The result is the end of the type of innovation we’ve been used to for the last 60 years. Instead of just faster versions of what we’ve been used to seeing, device designers now need to get more creative with the 10 billion transistors they already have to work with.


link to this extract

How spectacles transform the lives of tea-pickers • FT

Amy Kazmin:


In India’s tea-growing Assam state, a recent randomised control trial highlighted the dramatic economic benefits of reading glasses for ageing tea-pickers suffering from presbyopia — the decline in near-vision that comes with age.

The research took place last year at the peak of the harvest season, when tea-leaves are abundant. The only constraint is how fast the workers can pluck. Before the trial, not one of the 751 enlisted tea-pickers, all over the age of 40, had glasses. For the study, half got simple reading glasses — like those sold over-the-counter in many western countries — and half did not.

Professor Nathan Congdon, of Queen’s University Belfast, says the results — published recently in the Lancet — were unequivocal, if unsurprising. Workers with glasses plucked around 5kg more tea each day than those without — a 21% increase in productivity. Tea-pickers over the age of 50 recorded even bigger gains, at 31%.

“For picking tea, that ability to see things up close is very important — to determine whether a bud of tea is ready to be picked or not,” Prof Congdon told me.

Presbyopia is the most common global cause of sight impairment, and people living in rural areas are no less susceptible to it than city dwellers. For tea-pickers, who are paid by how much they pluck — and pruned from the labour force if they cannot meet minimum targets — correcting the problem is a major boost.


On a day when we’ve been hearing about amazing technological efforts, it’s good to remember that sometimes, the big wins are in simple technology.
link to this extract

Fortnite on Android launch • Epic Games technical blog


In the first 21 days since the Fortnite’s launch on Android, interest has been extremely high, with over 23 million players entering our Android beta and over 15 million players installing our APK.  While we are in an invite-only phase for Android, our conversion from players being invited to playing is similar to that of the iOS beta.

Shipping the same game across all platforms while supporting cross-play presented a unique challenge. Usually, when trying to scale a game down for mobile devices, you simplify the content and even design, in order to fit within the performance constraints of the platform. For instance, you might cull objects closer to the camera to reduce draw calls. In Fortnite, Android players can be in the same match with their friends on PC and console, so we must render everything that affects gameplay.

Since January 2018 we have been hard at work with a significant team on the Android version of FNBR. While much of our work to make this possible was spent on rendering performance, stability and memory, the sheer number and variety of Android hardware, OS versions, and driver versions was the major hurdle we had to overcome.

Working with partners has been crucial to bringing Fortnite to Android. Without their knowledge, expertise, and hard work it would not have been possible…

…When we first shipped Fortnite on Android, our internal testing indicated that we were fitting within the memory constraints of our target devices. We ran tests where we turned on navigation in Google maps, streamed music, and made sure we could play Fortnite without any problems. Yet once we launched we found that many players were either crashing or experiencing poor performance due to running out of memory.

When an Android phone is running low on memory, it will try to free up resources by closing applications not in use. However, it turns out that there are a number of poor behaving background applications and services out there that simply restart when the OS closes them. This actually makes the situation worse! Android closed the application to regain memory but it restarts and begins consuming just as much memory as before. Even worse, starting and stopping applications consumes CPU time so not only have we not freed up any memory, we are using a lot of unnecessary CPU resources.


And that’s one of tons of problems. Fragmentation really bites when you’re trying to build a game that millions of people want to play, but the hardware for the platform is hugely variable – as is the case on Android.
link to this extract

Apple tries to wipe AirPower from history • ZDNet

Adrian Kingsley-Hughes:


A year ago during the iPhone X unveiling Apple announced AirPower – an all-in-one wireless charger for the iPhone, Apple Watch and AirPods. The product never shipped, and today it seems that Apple has scrubbed almost all traces of it off its website.

At the time of writing this is the only reference to AirPower I can find on Apple’s website:

So what happened to AirPower?

Well, while only Apple really knows (and at the time of writing Apple hasn’t responded to a request for information), it seems like the product was vaporware and that the promise of an all-in-one charger has died.

I can’t think off the top of my head of another product that Apple has announced at a major event and then failed to deliver, which suggests that some things are beyond the reach of even a company as powerful as Apple.

Over the past few weeks I’ve spoken to a number of sources in the accessories and charging business, and they all claim that not only was AirPower too ambitious, Apple had made the job of developing an all-in-one charger all the more difficult by using differing wireless charging protocols for the iPhone and the Apple Watch.


Many people asked Apple about AirPower on Wednesday, and all were rebuffed with “nothing to say at this time”, formally, and nothing off the record.

Three options:
– it’s too difficult (different wireless charging methods between phone, Watch and AirPods);
– it’s too dangerous: lithium batteries are prone to do odd things, and wireless charging heats them up a lot;
– it’s too energy-inefficient, and Apple was burnishing its green credentials on Wednesday with talk about its renewable energy and so on.

There’s a faint chance it will appear in October, but I’m increasingly convinced that something Really Bad about risk turned up in testing.
link to this extract

‘Crypto tourists’ flee as bitcoin slump drags on • WSJ

Paul Vigna:


Many “crypto tourists” who bought bitcoin and other tokens in 2017 when prices were soaring lost faith in the transformative potential of digital currency, said Dan McArdle, co-founder of cryptocurrency research firm Messari.

“We’re just in one of those periods where the hype has died down,” he said.

Take ether, the in-house currency for the Ethereum network. The project took bitcoin’s core concepts and adapted them to a platform built to support apps, similar to Alphabet Inc.’s Android operating system.

The value of ether soared from $8 in January 2017 to $1,400 by January 2018 as investors sought to profit on Ethereum’s potential. Yet there is still little commercial activity two years after its launch.

There are about 900 live “dapps” – or, decentralized apps – on the Ethereum network with several hundred more in development, according to data from the website State of the Dapps. But there are only 9,000 daily active users.


All this noise about NINE THOUSAND people? I’d love to know what the figure is for bitcoin – as in, how many daily (or monthly) active users it has.
link to this extract

New 2018 iphones support background NFC tag reading, no app required • 9to5 Mac

Juli Clover:


Background tag reading is designed to work only when a user’s iPhone is in use in order to avoid unintentional tag reading. It also will not work if a device has not been unlocked, a core NFC reader is in session, Apple Pay Wallet is in use, the camera is in use, or Airplane mode is enabled.

The new background tagging function will allow an iPhone user to scan any NFC tag at a museum, store, or other location without first having to open up an app. Scanning an NFC tag will present a notification on the display, which can be tapped to launch an app.

Launching an app using this method requires a tap from the user, so it will not allow NFC-based methods to automatically launch apps sans user permission.

According to Apple, background NFC tag reading is a feature that’s limited to the iPhone XS, XS Max, and XR. It is not supported on iPhone X and earlier models.


Not sure how immediately useful this is – does it get you into hotel rooms that have NFC keys? – but any extra with NFC is good.
link to this extract

A trail of ‘bread crumbs,’ leading conspiracy theorists into the wilderness • New York Times

Mattathias Schwartz:


For months now, one such anonymous source — an internet user called “Q Clearance Patriot” or “Q,” posting on anarchic, underbelly-of-the-internet message boards like 4chan and 8chan — has been spreading its “crumbs” across the web, offering up a running commentary on the state of the nation in a gnomic and paranoid style. To call the result a mere “conspiracy theory” doesn’t quite do it justice, shortchanging both its utterly absurd wrongness and its vast pseudo-explanatory power. Q’s prophecies are something closer to a grand unifying conspiracy theory, one that incorporates older absurd theories (stretching back to the Kennedy administration) and continuously spins off new tendrils, glomming itself onto news events as they unfold. Good and evil, it claims, have mustered two warring teams; the fate of humanity hangs in the balance. The heroes are the military (especially the Marines) and President Trump, who is secretly cooperating with Robert Mueller to, some disciples imagine, uncover a global ring of sex-trafficking pedophiles. And even this risks making it sound more realistic than it is…

…“Your President needs your help,” writes Q in one “Q drop” — that’s what Q’s followers, or “bakers,” call each bread crumb. Q engages the bakers as collaborators who “research” lines of inquiry and offer possible answers to Q’s hypnotic flurries of leading questions. (“Las Vegas. What hotel did the ‘reported’ gunfire occur from? What floors specifically? Who owns the top floors?”) But Q balances fear-mongering with notes of reassurance: The bakers are, by poring over each nonsensical hint, supposedly aiding their fellow “patriots” on the inside. Bad news is merely a “distraction.” The president’s behavior is merely a ruse. The good guys are secretly in control, and they are going to win.


I do like “utterly absurd wrongness”. It must be nice, if you’re a conspiracy theory sort of person, to have one where the Good Guys (and Gals) are going to win. So much happier than conspiracies about 9/11 and banks.
link to this extract

Say goodbye to Inbox by Gmail • Techcrunch

Frederic Lardinois:


I would have loved to see Google continue to experiment with Inbox instead. That, after all, was one of the reasons the company started the Inbox project to begin with. It’s hard to try radical experiments with a service that has a billion users, after all. Today, however, Google now seems to be willing to try new things right in Gmail, too. Smart Compose, for example, made its debut in the new Gmail (and many pundits correctly read that as a sign that Inbox was on the chopping block).

While the new Gmail now has most of Inbox’s features, one that is sorely missing is trip bundles. This useful feature, which automatically groups all of your flight, hotel, event and car reservations into a single bundle, is one of Inbox’s best features. Our understanding is that Google plans to bring this to Gmail early next year — hopefully well before Inbox shuts down.


Google bought Inbox in May 2015, when it bought Timeful. This news came out just while the tech press was busy talking about Apple’s new Watch and iPhone. Accident? Doubtful.
link to this extract

Errata, corrigenda and ai no corrida: none notified.

Start Up No.908: Zuckerberg in profile, the crypto gap, how BA was hacked, why we use big phones, and more

Photo by Ryo FUKAsawa on Flickr

»You can sign up to receive each day’s Start Up post by email (arriving at about 0700GMT each weekday). You’ll need to click a confirmation link, so no spam.«

A selection of 10 links for you. Anything on today? I’m @charlesarthur on Twitter. Observations and links welcome.

Can Mark Zuckerberg fix Facebook before it breaks democracy? • New Yorker

Evan Osnos in a long profile of Zuckerberg’s Facebook:


Facebook was loath to ban [Infowars’s Alex] Jones. When people complained that his rants violated rules against harassment and fake news, Facebook experimented with punishments. At first, it “reduced” him, tweaking the algorithm so that his messages would be shown to fewer people, while feeding his fans articles that fact-checked his assertions.
Then, in late July, Leonard Pozner and Veronique De La Rosa, the parents of Noah Pozner, a child killed at Sandy Hook, published an open letter addressed “Dear Mr Zuckerberg,” in which they described “living in hiding” because of death threats from conspiracy theorists, after “an almost inconceivable battle with Facebook to provide us with the most basic of protections.” In their view, Zuckerberg had “deemed that the attacks on us are immaterial, that providing assistance in removing threats is too cumbersome, and that our lives are less important than providing a safe haven for hate.”
Facebook relented, somewhat. On July 27th, it took down four of Jones’s videos and suspended him for a month. But public pressure did not let up. On August 5th, the dam broke after Apple, saying that the company “does not tolerate hate speech,” stopped distributing five podcasts associated with Jones. Facebook shut down four of Jones’s pages for “repeatedly” violating rules against hate speech and bullying. I asked Zuckerberg why Facebook had wavered in its handling of the situation. He was prickly about the suggestion: “I don’t believe that it is the right thing to ban a person for saying something that is factually incorrect.”
Jones seemed a lot more than factually incorrect, I said.
“O.K., but I think the facts here are pretty clear,” he said, homing in. “The initial questions were around misinformation.” He added, “We don’t take it down and ban people unless it’s directly inciting violence.” He told me that, after Jones was reduced, more complaints about him flooded in, alerting Facebook to older posts, and that the company was debating what to do when Apple announced its ban. Zuckerberg said, “When they moved, it was, like, O.K., we shouldn’t just be sitting on this content and these enforcement decisions. We should move on what we know violates the policy. We need to make a decision now.”
It will hardly be the last quandary of this sort.


Long, but well worth your time; especially for Bill Gates’s Greek chorus-style interjections, and observations such as “Facebook has more adherents than Christianity”.
link to this extract

IMF advises against crypto as legal tender in Marshall Islands report • Coinbase

Wolfie Zhao:


The International Monetary Fund (IMF) has advised against the Republic of the Marshall Islands’ plan to introduce a digital currency as a second legal tender alongside the U.S. dollar.
The Marshall Islands – a remote chain of islands in the central Pacific – passed a law on the issue in February, aiming for the planned “Sovereign” cryptocurrency to boost the local economy and counter the increasing risks of the nation becoming disconnected from the global financial system.
However, following a period of consultation with officials from the islands, the IMF published a paper on Monday advising against the move. According to the paper, the Marshall Islands economy is now “highly dependent” on external aid, as the country faces constant climate change and natural disasters.
The only domestic commercial bank in the country is now “at risk of losing its last US dollar correspondent banking relationship (CBR) with a US-based bank,” due to tightened due diligence across financial institutions in the US.
The IMF argued that the introduction of a cryptocurrency as legal tender may backfire, if a lack of comprehensive anti-money laundering measures eventually leads to the US bank cutting ties with the country.


link to this extract

Google’s location privacy practices are under investigation in Arizona • Washington Post

Tony Romm:


Google’s alleged practice of recording location data about Android device owners even when they believe they have opted out of such tracking has sparked an investigation in Arizona, where the state’s attorney general could potentially levy a hefty fine against the search giant.
The probe, initiated by Republican Attorney General Mark Brnovich and confirmed by a person familiar with his thinking but not authorized to speak on the record, could put pressure on other states and the federal government to follow suit, consumer advocates say — although Google previously insisted it did not deceive consumers about the way it collects and taps data on their whereabouts.
The attorney general signaled his interest in the matter in a public filing that indicated the office had retained an outside law firm to assist in an investigation. The document, dated Aug. 21, said the hired lawyers would help probe an unnamed tech company and its “storage of consumer location data, tracking of consumer location, and other consumer tracking through . . . smartphone operating systems, even when consumers turn off ‘location services’ and take other steps to stop such tracking,” according to the heavily redacted public notice.


Ooh, a fine. That’ll so hurt.
link to this extract

Benchmarking crypto valuations • Medium

Sameer Singh tries three different valuations of crypto, to see how realistic they are (NVM relies on Metcalfe’s Law, for networks):


Facebook and Snap’s pre-IPO NVM was set between 3.5 x 10^-7 and 19.8 x 10^-7. Based on these benchmarks, token adoption would need to increase by a factor of 3000x to justify today’s prices. Again, the fact that social media is well ahead of crypto in the technology adoption curve can justify a higher valuation multiple, but not by an order of magnitude when discussing assets valued at billions.
Even after applying appropriate handicaps, token adoption and usage would need to increase between 100x to 1000x to justify today’s market cap. This provides a striking contrast with the following comment from Ethereum co-founder, Vitalik Buterin:
”The blockchain space is getting to the point where there’s a ceiling in sight. If you talk to the average educated person at this point, they probably have heard of blockchain at least once. There isn’t an opportunity for yet another 1,000-times growth in anything in the space anymore.”
Given the gap between current valuations and the level of utilitarian adoption, I politely disagree.


Singh was a very reliable predictor in the smartphone space. So I’d lean on him being right here.
link to this extract

410 gone • Medium

Ian Betteridge on why, after being on Twitter for 11 of its 12 years, he has deactivated his account:


The excuse that Twitter holds up a mirror to wider society is hogwash: it has consistently and with an outstanding level of ill-judgement given a platform to and cultivated people with utterly reprehensible views.
If you’re an out and out vile individual, like Alex Jones, Twitter gives you a free pass. If you’re a conspiracy theorist who wants to get traction for your lies, Twitter is your friend. If you’re a racist, Twitter will defend your “free speech rights”.
But if you’re a woman getting vile, violent and consistent abuse, Twitter will do precisely nothing to stop it.
Without Twitter, the insanity that is QAnon couldn’t have gained the traction it has. Confined to 4chan, it would have been yet another crackpot piece of tomfoolery. Amplified unchallenged by Twitter, it becomes a series of signs held up at Trump’s rallies, and a truck parked across a highway. It won’t be too long before it becomes a death.
In the end, I decided that Twitter doesn’t deserve my attention. I couldn’t, in good faith, support a service which cares so little about the culture around it, that does nothing to be a positive influence on society, which which sees the rights of little lost boys to abuse women as more important than the rights of women not to be abused.


”410″ is web code for “not here” (but also not “moved”). I’ll miss him: he first pointed me to Horace Dediu’s work, among others.
link to this extract

How Apple Watch saved my life • ZDNet

Jason Perlow:


Like many other Apple Watch users, I got an email from the company asking if I would be willing to participate in the Apple Heart Study, a large data-gathering exercise they and Stanford University were partnered in.
Sounded right up my alley. I installed the iPhone app and then promptly forgot about it.
Then, a few days later, this happened. [The app said he had abnormal heart rhythms.]
Needless to say, I felt rather alarmed by this.
I followed the app’s instructions. When I clicked on “Call a Doctor” I was immediately patched through, via FaceTime video call, to one of Stanford’s cardiologists. We discussed the results.
While they could not be absolutely certain, there were indications I might have Atrial Fibrillation or “Afib”, which is a common form of heart arrhythmia that affects tens of millions of people.
It often goes undiagnosed, because in many cases, it is paroxysmal in nature — it comes and goes, often set off by “triggers” such as by the use of stimulants, alcohol and other substances. But sometimes it just plain happens.
It’s not the kind of thing that comes up in an EKG unless it is actually happening when the test is occurring. I’ve had EKGs a number of times, and there was never any indication anything was wrong.


Unsurprisingly, he’s now wedded to it: the warning was correct. He lost 160lb (72kg). For most people, to lose that much weight would mean there wasn’t anything left. American diets, eh.
link to this extract

The Apple Watch is getting a new feature that can monitor heart health — here’s why that matters • CNBC

Christina Farr:


That’s according to Apple analyst Ming-Chi Kuo, who issued a research note seen by CNBC on Monday. The note said that the ECG “will attract more users.” Kuo is known for having a particularly strong track record for predicting updates for Apple products.
Assuming Kuo is correct, Apple releasing an ECG is a big deal for people with certain diseases. But it’s also complicated because the company would need to figure out how to communicate sensitive medical information to consumers without freaking them out. The last thing Apple would want to do with its device is send tens of thousands of anxious users into the emergency room thinking they’re having a life-threatening medical problem when they’re not.
So after talking to a series of health experts, including cardiologists and technologists, here are some questions we’re asking on the eve of the event:
1) Will Apple need approval from federal regulators?
It depends. If Apple shows the ECG reading to a consumer, then yes. That would make the Apple Watch a regulated medical device. But Vic Gundotra, CEO of AliveCor, a start-up making big waves in the space, sees another path. He suggests that the company could use the ECG to get more accurate heart rate data, which wouldn’t necessarily require an approval process. That’s because Apple might not want to take on the risk of providing erroneous information back to a user.
”Is Apple ready to take on that kind of liability? I doubt it,” he said.
If Apple decides to go down the regulatory route, the company faces another decision. It might need to the green light for its ECG sensor as well as the algorithms that sit on top of it that provide feedback to users (“abnormal” or “normal”, for instance). AliveCor did that, so we know it’s possible. As Gundotra recalls, the FDA approved both the algorithms and the hardware at the same time.


Gundotra, of course, is the ex-Microsoft, ex-Google guy (famous for tweeting about Windows Phone tying up with Nokia that “two turkeys don’t make an eagle”).
Farr seems awfully confident about the ECG facility.
link to this extract

IOS 12: plenty of potential for mobile journalists, but it may take time • BBC Academy

Marc Settle reviews the upcoming software, with specific application to people using iOS as a mobile workhorse:


The best users of Shortcuts could end up doing more with their phones without being on their phones as much – leaving them with more time for the actual reporting.
One very handy Workflow I’ve been using extracts the audio from a YouTube video as an MP3 and saves it to Dropbox, which would normally be quite a cumbersome and time-consuming procedure.
All I needed to do was save it to my Workflow app (as I don’t have access to Shortcuts yet), open a YouTube video in Safari and tap to run the Workflow extension. Within seconds, the audio was sitting in my Dropbox folder ready for me to use.
And with the help of Nick Garnett, the éminence grise of mojo at the BBC, we adapted this flow so the final destination of the audio was as an M4A into the BBC’s own PNG app. Always being aware of the copyright aspects of extracting the audio from someone else’s video on YouTube, this could be fantastically useful for any mobile journalist.
You can even make your own flow of actions using the drag and drop interface but that may well be the domain of the adventurous. Some of my colleagues in the mobile journalism world are already doing this, which means that the more collaborative among us will soon be sharing our own Shortcuts to help everyone work more efficiently.
Apple’s integration of Workflow into iOS opens up possibilities which would previously have been off-limits even to the most experienced user of the app. This is because iOS can gain access to system-level processes, such as Find My iPhone, Apple Pay or Low Power Mode. With the last one, for example, there can be an action to toggle on and off.
So expect to see your apps going big on Shortcuts by offering suggestions to get the best out of the app as well as an “Add to Siri” option. It’s likely too that before long there’ll be individual apps that collect the best Shortcuts more generally.


He’s also keen on the changes to Voice Memos, because of their applicability to journalism and recording.
link to this extract

British Airways: suspect code that hacked fliers ‘found’ • BBC News


A RiskIQ researcher analysed code from BA’s website and app around the time when the breach began, in late August.
He claimed to have discovered evidence of a “skimming” script designed to steal financial data from online payment forms.
BA said it was unable to comment.
A very similar attack, by a group dubbed Magecart, affected the Ticketmaster website recently, which RiskIQ said it also analysed in depth.
The company said the code found on the BA site was very similar, but appeared to have been modified to suit the way the airline’s site had been designed.
”This particular skimmer is very much attuned to how British Airway’s payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer,” the researcher wrote in a report on the findings.
”The infrastructure used in this attack was set up with British Airways in mind and purposely targeted scripts that would blend in with normal payment processing to avoid detection.”
Hacks like this make use of an increasingly common phenomenon, in which large websites embed multiple pieces of code from other sources or third-party suppliers.


The RiskIQ report (linked above) is well worth reading, and quite scary: this is a professional group dubbed “Magecart” that has been operating for the past three years and pulling off increasingly subtle hacks. This one injected Javascript code into BA’s system. RiskIQ says it sees similar attacks every day; just not as big.
link to this extract

Apple banks on bigger screens to drive iPhone growth • WSJ

Tripp Mickle:


At a time when people are buying fewer new phones, bigger size brings two advantages. It helps Apple buoy prices and profit margins because it can sell larger phones at a greater markup than it pays suppliers for the larger screens. And it encourages people to use their phones more, helping momentum of Apple’s services business, which includes app-store sales and subscriptions to video services like Netflix and HBO.
Users with smartphone screens 6 in or larger, like Apple plans to launch this year, typically use twice as many apps as those with 5.5in screens, such as those on the largest versions of the iPhone 6 or 7, said Kantar Worldpanel, a market research firm. Users of the larger devices also are 62% more likely to play games, and twice as likely to watch video daily as people with smaller screens.
“The bigger the device, the more people are getting out of it, and the more opportunity there is for Apple to generate money from them,” said Jennifer Chan, analyst with Kantar Worldpanel. She added that the larger phones typically carry faster processors, more memory and better graphics than smaller devices, which also contribute to usage…
…Some 6.5in OLED devices also will be able to use two SIMs, a microchip that allows smartphone users to connect to a wireless network, allowing travelers to access overseas wireless networks more easily. The feature will allow Apple to keep pace with competitors in China, where dual-SIM phones are popular.


The dual-SIM element is in many ways the most interesting: how will it be implemented? Physically or virtually? Also, the 6.5in screen will have more area than the Galaxy Note 9. Quite a bragging point.
link to this extract

Errata, corrigenda and ai no corrida: none notified.

Start Up No.907: YouTubers’ burnout, local papers’ web curse, Mac and iOS apps caught data-siphoning, the real Goldfinger, and more

Online poker: a cause of myopia? Photo by John Barber on Flickr

»You can sign up to receive each day’s Start Up post by email (arriving at about 0700GMT each weekday). You’ll need to click a confirmation link, so no spam.«

A selection of 9 links for you. Travelling hopefully, hopefully. I’m @charlesarthur on Twitter. Observations and links welcome.

Why Google Fiber is high-speed internet’s most successful failure • Harvard Business Review

Blair Levin and Larry Downes:


In 2010, Google rocked the $60bn broadband industry by announcing plans to deploy fiber-based home internet service, offering connections up to a gigabit per second — 100 times faster than average speeds at the time. Google Fiber, as the effort was named, entered the access market intending to prove the business case for ultra-high-speed internet. After deploying to six metro areas in six years, however, company management announced in late 2016 that it was “pausing” future deployments.

In the Big Bang Disruption model, where innovations take off suddenly when markets are ready for them, Google Fiber could be seen as a failed early market experiment in gigabit internet access. But what if the company’s goal was never to unleash the disrupter itself so much as to encourage incumbent broadband providers to do so, helping Google’s expansion in adjacent markets such as video and emerging markets including smart homes?

Seen through that lens, Google Fiber succeeded wildly. It stimulated the incumbents to accelerate their own infrastructure investments by several years. New applications and new industries emerged, including virtual reality and the Internet of Things, proving the viability of an “if you build it, they will come” strategy for gigabit services. And in the process, local governments were mobilized to rethink restrictive and inefficient approaches to overseeing network installations.


This seems like somewhat post-hoc reasoning, doesn’t it? Although one can see Page and Brin seeing this as a one-way bet. If GFiber takes off and is wildly successful, they have a potentially profitable business which is All Google. If it doesn’t? N’importe – it has shocked the local monopolies into trying to compete.

The only flaw is if the local monopolies waited for Google to give up, and went back to what they previously did. And that’s pretty much what happened.
link to this extract

Macron push to drop CIA code quickens as Trump calls EU foe

Helen Fouquet, Marie Mawad and Ania Nussbaum:


Just weeks after Emmanuel Macron took office last year, his team went over the French state’s most sensitive activities. What it found provided a wake-up call.

The team learned that the country’s intelligence agency — which, among other things, tracks French citizens for homegrown terrorism or anarchist activities — uses software from a CIA-backed startup. Its code is provided by Palantir Technologies Inc., a data-mining company that started out working for the Pentagon and the Central Intelligence Agency.

The use of U.S. technology deep inside the French state isn’t unusual, but for the tech-savvy team of the 40-year-old president, it was a sign that the country needs to make technological independence a top priority — a sentiment that’s become even more urgent after President Donald Trump called the European Union a “foe.”

“No French company was able to provide the work,” Laurent Nunez, the new chief of France’s domestic intelligence agency, told Bloomberg News in July on the sidelines of a conference to present a new anti-terrorism system. “Now we are working to foster a French or European offering. We’re looking toward an objective of launching a tool for all intelligence agencies. And many companies have stepped in.”

The push to find local solutions for mission-critical or sensitive operations is yet another departure from the assumption that the US and its technology would remain a constant ally to Europe.


In a roundabout and painful way, Trump might actually be a help for European technology companies.
link to this extract

The YouTube stars heading for burnout: ‘the most fun job imaginable became deeply bleak’ • The Guardian

Simon Parkin:


For years, YouTubers have believed that they are loved most by their audience when they project a chirpy, grateful image. But what happens when the mask slips? This year there has been a wave of videos by prominent YouTubers talking about their burnout, chronic fatigue and depression. “This is all I ever wanted,” said Elle Mills, a 20-year-old Filipino-Canadian YouTuber in a (monetised) video entitled Burnt Out At 19, posted in May. “And why the fuck am I so unfucking unhappy? It doesn’t make any sense. You know what I mean? Because, like, this is literally my fucking dream. And I’m fucking so un-fucking-happy.”

Mills had gained a lot of attention (and 3.6m views) for a slick and cleverly edited five-minute video she posted last November in which she came out as bisexual to her friends, family and followers (many of whom had been asking about her sexuality in the comments). She went on to be featured on the cover of Diva magazine, and won a Shorty award for “breakout YouTuber”. But six months later she posted the Burnt Out video, explaining how her schoolgirl ambition of becoming a YouTuber had led her to bigger and bigger audiences, but that “it’s not what I expected. I’m always stressed. My anxiety and depression keep getting worse. I’m waiting to hit my breaking point.”

The same month Rubén “El Rubius” Gundersen, a 28-year-old Spaniard who is currently the world’s third most popular YouTuber, with more than 30 million subscribers, talked about how he felt as if he was heading for a breakdown, and had, as a result, decided to take a break. They are the latest in a string of high-profile YouTubers, including Erik Phillips (better known as M3RKMUS1C, with 4 million subscribers) and Benjamin Vestergaard (Crainer, with 2.8 million), to have announced hiatuses from the channel, or described their struggles with exhaustion.


If your schtick is posting something upbeat every day, you’re going to need a support network to keep that going – something which the “YouTube replaces TV!” idea easily misses. It’s a grind, and needs multiple people, as TV shows do.
link to this extract

Why local newspaper websites are so terrible • CityLab

Andrew Zaleski:


When Emily Goligoski’s parents want to read their local newspaper, the two Ohioans load up the PDF version of the print newspaper on their iPad and scroll through, “turning” digitally pixelated pages instead of reading the stories from the paper’s website.

“My parents refuse to access the website because it’s just so painful to look at,” says Goligoski, a veteran of Mozilla and former user experience research lead for The New York Times.

These are criticisms Goligoski has heard before. As research director of the Membership Puzzle Project—a Knight Foundation-funded collaboration between New York University and Dutch newspaper De Correspondent that’s currently investigating the efficacy of membership models to sustain online news—she has heard time and again from news readers about how they’re increasingly turned off by the presentation they’re offered by local newspapers’ websites.

The torments of these sites are well known: clunky navigation, slow page-loading times, browser-freezing autoplaying videos, a siege of annoying pop-up ads, and especially those grids of bottom-of-the-page “related content” ads hawking belly fat cures and fake headlines (what’s known as Internet chum).

Put another way: Why must newspaper websites suck so damn much?


Because they’re desperate for ad money? But the precise mechanics of how and why are worth reading. Related: the link below.
link to this extract

Dozens of popular iPhone apps caught sending user location data to monetization firms • TechCrunch

Zack Whittaker:


A group of security researchers say dozens of popular iPhone apps are quietly sharing the location data of “tens of millions of mobile devices” with third-party data monetization firms.

Almost all require access to a user’s location data to work properly, like weather and fitness apps, but share that data often as a way to generate revenue for free-to-download apps.

In many cases, the apps send precise locations and other sensitive, identifiable data “at all times, constantly,” and often with “little to no mention” that location data will be shared with third-parties, say security researchers at the GuardianApp project.

“I believe people should be able to use any app they wish on their phone without fear that granting access to sensitive data may mean that this data will be quietly sent off to some entity who they do not know and do not have any desire to do business with,” said Will Strafach, one of the researchers.


Named: ASKfm, C25 5K Trainer, Gas Buddy,, Moco, MyRadar NOAA Weather Radar, PayByPhone Parking, Photobucket, and plenty more. The assumption that your data doesn’t really belong to you is so commonplace among these companies; the GDPR makes more and more sense.
link to this extract

Apple supplier shares slide after Trump tells tech giant to make products in US • Reuters

Loh Liang-sa, Yimou Lee and Anne Marie Roantree:


Shares of Apple suppliers fell across Asia on Monday after U.S. President Donald Trump tweeted that the tech giant should make products in the United States if it wanted to avoid tariffs on Chinese imports.

Trump’s comment came after Apple told U.S. trade officials on Friday that proposed tariffs by Washington in an escalating trade war with China would affect prices for a “wide range” of Apple items, including the Apple Watch. It did not mention the iPhone…

…Chien Bor-yi, an analyst at Taipei-based Cathay Futures Consultant, said Apple’s component supply chain in Taiwan would take a major hit if the United States increased tariffs on Chinese imported products.

“People have concerns about the stock market. It’s not a seller’s market, but it’s also not a buyer’s market. No one knows how deep the well is,” he said.

The technology sector is one of the biggest potential losers in the $200bn tariff list proposed by Washington on Chinese imports because the tariffs would make imported computer parts more expensive.


I’ve heard Tim Cook explain in person that Apple simply can’t make its products in the US: there isn’t the capacity and the closely-tied ecosystem of suppliers, workers and factories at the scale Apple needs. These tariffs are going to put up prices, and Apple’s going to be the loser – and then the US economy, and then the US citizenry. China isn’t going anywhere.
link to this extract

Tencent shuts poker platform amid widening gaming crackdown • Reuters

Pei Li and Adam Jourdan:


Tencent Holdings will shut a popular Texas Hold’Em poker video game, the Chinese tech giant said to its users on Monday, in a further step to comply with intensifying government scrutiny hitting the country’s gaming industry.

Tencent said it would formally begin to shutter “Everyday Texas Hold’Em” from Monday and would closer the game’s server from Sept 25. Tencent would compensate users in accordance with regulations of Ministry of Culture.

The Shenzhen-based company, which draws a huge amount of its profit from gaming, is facing mounting challenges this year from stringent regulation and government censorship. It has had to pull one blockbuster game and seen others censured.

The company’s market value slumped by around $20 billion in one day last month over concerns that China would limit gaming after a crackdown on online games citing rising levels of myopia.


Myopia? Seriously? I don’t mind crackdowns on poker – I think the online games are evil, in that they are pure roach motels for peoples’ money, and can’t imagine they take sufficient care over preventing addicts from spending too much time and money on them – but “rising levels of myopia” must count as one of the most inventive official excuses ever for a crackdown on anything.
link to this extract

The real Goldfinger: the London banker who broke the world • The Guardian

Oliver Bullough:


when Britain and France attempted to regain control of the Suez canal in 1956, a disapproving Washington froze their access to dollars and doomed the venture. These were not the actions of a neutral arbiter. Britain at the time was staggering from one crisis to another. In 1957, it raised interest rates and stopped banks using sterling to finance trade in an attempt to keep the pound strong (this was the “currency crisis and the high bank rate” that Smithers told Bond about).

City banks, which could no longer use sterling in the way they were accustomed, began to use dollars instead, and they obtained those dollars from the Soviet Union, which was keeping them in London and Paris so as to avoid becoming vulnerable to American pressure. This turned out to be a profitable thing to do. In the US, there were limits on how much interest banks could charge on dollar loans – but not so in London.

This market – the bankers called the dollars “eurodollars” – gave a bit of life to the City of London in the late 1950s, but not much. The big bond issues were still taking place in New York, a fact which annoyed many bankers in London. After all, many of the companies borrowing the money were European, yet it was American banks that were earning the fat commissions.

One banker in particular was not prepared to tolerate this: Siegmund Warburg. Warburg was an outsider in the cosy world of the City. For one thing, he was German. For another, he hadn’t given up on the idea that a City banker’s job was to hustle for business. In 1962, Warburg learned from a friend at the World Bank that some $3bn was circulating outside the US – sloshing around and ready to be put to use. Warburg had been a banker in Germany in the 1920s and remembered arranging bond deals in foreign currencies. Why couldn’t his bankers do something similar again?


An absorbing long read about how we’ve got into this fine mess.
link to this extract

Many major airports are near sea level. A disaster in Japan shows what can go wrong • The New York Times

Hiroko Tabuchi:


Kansai airport, which serves the bustling cities of Osaka, Kyoto and Kobe and handled almost 28 million travelers last year, faces an additional predicament. A feat of modern engineering, Kansai sits on an island three miles offshore that was built over the course of a decade from two mountains’ worth of gravel and sand. The airport, which opened in 1994, was built in Osaka Bay partly to minimize noise problems but also to avoid the violent protests over land rights that are the legacy of older airports in Japan, like Narita, which serves Tokyo.

Signs of trouble came early. Engineers had expected the island to sink, on average, less than a foot a year over 50 years after the start of construction as the seabed settled under the airport’s weight. But the island sank more than 30 feet in its first seven years and has continued to descend, now losing 43 feet in elevation at the last measurement.

At that rate, at least one of the airport’s two runways will slip under the waves completely by 2058, according to dire predictions made in a 2015 paper by Gholamreza Mesri, a civil engineering professor at the University of Illinois at Urbana-Champaign, and J.R. Funk, a geotechnical engineer. And with sea levels rising because of climate change, Professor Mesri added, the airport could be underwater even sooner. “You won’t have an airport, you’ll have a lake,” he said.


The pictures of the inundated Kansai airport – with sea walls built to withstand record storm surges, which were then overwhelmed by a new record surge – is stunning. Climate change fights back.
link to this extract

Errata, corrigenda and ai no corrida: none notified.

Start Up No.906: “iPhone XC” and “XS Plus”?, Facebook’s fake problem, are we post-PC?, ride-hailing grows… traffic, and more

Tesla’s touchscreen: distraction never looked so appealing, or potentially dangerous. Photo by harry_nl on Flickr.

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Because it’s Monday, or soon will be. I’m @charlesarthur on Twitter. Observations and links welcome.

Opinion: why Facebook will never be free of fakes • The New York Times

Siva Vaidhyanathan:


“As of this morning, the Facebook community is now officially two billion people!” Facebook’s chief executive, Mark Zuckerberg, wrote on his Facebook page in July 2017. “We’re making progress connecting the world, and now let’s bring the world closer together.”

It was a monumental achievement. But on Wednesday, Sheryl Sandberg, Facebook’s chief operating officer, revealed a number that was almost as startling. She told the Senate Intelligence Committee that from October to last March, Facebook deleted 1.3 billion fake accounts. In other words, an alarming portion of those more than two billion users — more than the company had publicly acknowledged — were fake.

That number should prompt tough questions from Facebook users and advertisers. How many fake accounts were there before Facebook instituted this aggressive defense in 2017? What sort of sites are these — political propaganda or attempted advertising fraud? What countries do these accounts come from? How can anyone — advertisers, investors or Facebook users concerned about its role in our culture and democracy — trust the integrity of the Facebook experience?

Facebook’s latest “transparency report” states that fake pages account for only 3% to 4% of monthly active users at any given time. How can 1.3 billion accounts account for only 3% to 4% of 2.2 billion users? The answer is that such pages are going up faster than Facebook can swat them down.


Vaidhyanathan is a professor of media studies at the University of Virginia and the author of “Antisocial Media: How Facebook Disconnects Us and Undermines Democracy.” His general point: no matter how small the percentage seems, Facebook is always going to have a lot of fakes at any time.
link to this extract

Tesla touchscreens to offer minimalist ‘fade mode’ • Engadget

Nick Summers:


Screens can be distracting and, therefore, dangerous if you’re driving an expensive car down the freeway. If you own a Tesla, though, fear not: the company is adding a software feature that will make its giant touchscreens less intrusive. Tesla CEO Elon Musk, replying to a tweet by EV owner Andrew Gold, confirmed that a “fade mode” will soon be added that hides all but “essential info.” It sounds like a neat option, and heck — if the display isn’t working so hard, maybe it will save some battery life too?

Fade Mode will form part of version 9, a highly anticipated firmware update for Tesla’s electric fleet. The update will change the UI in the Model S and crossover Model X to be closer to the Model 3. It should also include some “significant advancements in autonomy,” Musk hinted on a conference call in August. The company’s autopilot software could be patched with a long-anticipated “on-ramp to off-ramp solution” that will move into faster lanes on the freeway, identify your exit, move into the correct lane for the exit and then hand back control at a suitable time.


Can’t think that having a stonking big tablet just by the steering wheel is anything but a massive distraction. Physical controls on the dashboard might be old-fashioned but they have terrific affordance: you know what the controls can do just by feeling them, in general.
link to this extract

The ‘post-PC era’ never really happened…and likely won’t • Tech.pinions

Mark Lowenstein:


the growing number of portable PCs that feature touch screens and other tablet-like capabilities are eating a bit into tablet sales, particularly among the student set. The other personification of some aspect of the ‘post-PC’ area, I suppose, is the successful Chromebook line, which is more a reflection of the Cloud and near-pervasiveness of broadband connectivity.

It even appears that Apple doesn’t believe in the ‘post-PC’ mantra in the same way, given the steadily narrowing delta between the largest iPhone and the smallest iPad. Mainly, this is an effort to convince more users to have both an iPhone and an iPad, since I doubt that most users who have both would have a big phone and a small tablet.

So, the question is, what will change in 3 to 5 years? There will be tons of innovation of course, but I’m not expecting the average consumer or business professional to be carrying with them a dramatically different mix of device types or # of devices in the medium term. Even with pens that recognize and convert handwriting better and continual improvements in voice input, there’s still nothing that really beats the good ‘ol keyboard for productivity. And we’re still very locked into the Big Three of word processing, spreadsheets, and presentation software. The main difference has been the move to the cloud, improved collaboration, and competitive products from Google.


This is slightly disingenuous. Since 2013, iPads have outsold Macs by an average of nearly 3x every quarter. Sure, the replacement rate for Macs is probably lower than for iPads. However, we are in the post-PC world. Ask yourself when the last world-roiling program was launched first on a PC. The answer: 2010. (Dropbox and Spotify.) Since then, every important innovation has been on mobile.

We’re in the post-music hall age, but not quite the post-radio age, or the post-TV age. But they’ve all being superseded in turn by more modern methods.
link to this extract

A new study says ride-hailing services like Uber and Lyft are causing urban traffic woes • Axios

Steve LeVine and Henrietta Reily:


Bruce Schaller, a former New York deputy commissioner of transportation and author of the report, tells Axios that when people use a ride-hailing company, they are opting to do so rather than take public transportation, walk or bike. They generally are not choosing between hailing and driving themselves.

U.S. ridership is surging, he said — up 37% last year, to 2.6bn passengers, from 2016. And hailing added 5.7bn miles of driving a year to the nine cities in the study compared with six years ago — Boston, Chicago, Los Angeles, Miami, New York, Philadelphia, San Francisco, Seattle and Washington.

Uber and other ride-hailing services may not have exacerbated traffic initially. “But now they are clearly a source of congestion, and to deal with congestion you have to deal with them,” he said. Schaller’s report aligns with an October study released by UC Davis. It found that, in U.S. cities, 49% to 61% of ride-hailing trips would have not been made at all — or by walking, biking, or public transit.

Regina Clewlow, a transportation research scientist and an author of the UC Davis study, told Axios that no one expected such consumer demand for the rides.

“Cities were blindsided by the dramatic growth of ride-sharing companies,” she said. Clewlow urged continued investment in public transportation. “There’s no way that ride hailing could move people around as efficiently as mass transit.”

This outcome also repeats history.


That history is: providing more traffic methods increases traffic.
link to this extract

Verizon’s internet boss Tim Armstrong in talks to leave • WSJ

Sarah Krouse:


Mr. Armstrong, who came to Verizon in 2015 when it acquired AOL and helped steer its purchase of Yahoo two years later, had tried to combine the two internet companies to challenge Google and Facebook Inc. in digital advertising. But those efforts so far have failed to generate much growth or make the unit, called Oath, more than a side note in the wireless giant’s earnings.

There were recent discussions about whether to spin off the Oath business, the people said, but Verizon has decided instead to integrate some of its operations more closely with the rest of the company. Mr. Armstrong, 47 years old, is in discussions to depart as soon as next month, they said, as are other members of his leadership team.

Verizon and Oath executives have disagreed over what some employees within the digital ad unit see as an overly conservative approach to using wireless subscriber data to boost Oath’s advertising revenue, people familiar with those discussions say.

Senior executives within Verizon are wary of potentially alienating lucrative wireless customers in the name of adding incremental advertising revenue, these people said. Oath contributed less than $4bn in revenue during the first half of the year, compared with the wireless business’s $44bn.


Just in case you’d forgotten, this is the rump of Yahoo. Sic transit gloria mundi.
link to this extract

Alleged China Mobile leak names ‘iPhone XC’ and ‘iPhone XS Plus’ in Apple’s 2018 iPhone lineup • Mac Rumors

Tim Hardwick:


First spotted by Japanese tech blog MacOtakara, the China Mobile slide refers to the larger 6.5-inch OLED iPhone as “iPhone XS Plus”, casting doubt on earlier claims that the larger OLED iPhone will take the moniker “iPhone XS Max”. Meanwhile, the lower-spec 6.1-inch LCD iPhone is referred to as “iPhone XC”.

The last time Apple used “C” nomenclature in its smartphones was for 2013’s iPhone 5c, which was priced below the flagship iPhone 5 series and featured a plastic rear case available in blue, green, yellow, white, and pink colors.

Respected Apple analyst Ming-Chi Kuo expects the 6.1-inch iPhone to be available in red, blue, orange, gray, and white, while the 5.8 and 6.5-inch iPhone models will be available in just three colors – presumably silver, space gray, and gold.

As for the slide’s pricing, which includes 17% Chinese sales tax, the “iPhone XS” is 7388 yuan ($1079), the “iPhone XS Plus” is 8388 yuan ($1225), and the lower-spec “iPhone XC” is 5888 yuan ($860). Minus tax, the “iPhone XS”, “iPhone XS Plus”, and “iPhone XC” prices approximately convert to $900, $1015, and $700, respectively.


I think that the celebrated discovery last week by 9to5Mac of marketing visuals for the new OLED iPhones and the new Watch design came from a carrier, not Apple. This close to the launch, they need to have the materials in place so that they can do a coordinated launch with Apple. They need to brief their staff – as demonstrated here.

The naming is starting to go all over the place. Like others, I’d expected iPhone 9 for the LCD phone. Assuming it’s right, where does the naming go next year? iPhone Y? iPhone 😀
link to this extract

For second time in three years, mobile spyware maker mSpy leaks millions of sensitive records • Krebs on Security

Brian Krebs:


mSpy, the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware.

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy’s site and for mobile phone data collected by mSpy’s software. The database required no authentication.

A list of data points that can be slurped from a mobile device that is secretly running mSpy’s software.
Before it was taken offline sometime in the past 12 hours, the database contained millions of records, including the username, password and private encryption key of each mSpy customer who logged in to the mSpy site or purchased an mSpy license over the past six months. The private key would allow anyone to track and view details of a mobile device running the software, Shah said.


It’s like rain on your wedding day, isn’t it.
link to this extract

Things you probably don’t want to do on your [airline] website’s payment pages • KristoferA’s blog


What’s the problem?
TL/DR: Some airline websites make excessive use of third party scripts/CSS/html hosted on third party sites/hosts not controlled by the website owner, which in turn make them exposed to potential vulnerabilities at those third party sites. In other words: they expose a larger than necessary attack surface. When this is done on payment pages, it increases the chance that they may leak their customers’ credit card details to unauthorized third parties.

I’m responsible for an airline website that does this – what is the worst that could happen?
Someone: either an authorized rogue user at a third party organization, or an unauthorized person who have found a weakness or backdoor that can be used to make modifications to one of the third party hosted scripts (or CSS files) can modify one of the scripts in order to make it capture credit card data and funnel it elsewhere. When discovered, the credit card companies will invite you to pay stiff penalties for the breach if you want to continue processing credit card payments, and depending on where in the world you are located/based you may also be legally required to issue a breach notification. This will inevitably lead to negative publicity for your organization.

Has this ever caused a problem in the real world?
Yes, it has. Not too long ago, Delta had customer credit card data exposed by a third party script loaded on their site as part of a chat help tool:


It feels increasingly likely to me that this is how the British Airways hack happened.
link to this extract

The servers are burning • Logic Mag

Dale Markowitz was working as a developer at OKCupid, and made a few changes that… knocked it offline. He thinks that’s OK:


For most businesses, however, a software crash is not a death knell. If you’re not building self-driving cars, storing sensitive information, or supporting the data backbone of the internet, it may not matter if an error interrupts your service. It’s okay, for example, if a free online dating site goes down for an hour or half a day. In fact, it might even be better for business to trade off bugginess for forward momentum—the ethos behind Facebook’s old mantra “move fast and break things.”

When you allow yourself to build imperfect systems, you start to work differently—faster, more ambitiously. You know that sometimes your system will go down and you’ll have to repair it, but that’s okay. “The fact that it’s easy to fix things means you end up with this methodology where you think, ‘Let’s get a broken thing out there as fast as possible that does sort of what we want, and then we’ll just fix it up,’” says David. That’s not necessarily a bad thing, since preventing errors is inherently difficult. “Even if you spend a whole bunch of time trying to make something that’s perfect, you won’t necessarily succeed,” he explains.

OkCupid was a complex site. Had we tried to make it perfect, it might not have come to exist in the first place.


His CEO at the time used to say “We can’t sacrifice forward momentum for technical debt” – that is, just build it, don’t mind about the problems building up.

I can see how this attitude comes to become dominant. But it also seems wrong, in the grand sense: debt has to be repaid. You can try to fix things. So did the people who sold collateralised debt obligations. (Via ex-Facebook dev Alec Muffett.)
link to this extract

A top-tier app in Apple’s Mac App Store stole your browser history • TechCrunch

Zack Whittaker:


Thanks in part to a video posted last month on YouTube and with help from security firm Malwarebytes, it’s now clear what the app [Adware Doctor] is up to.

Security researcher Patrick Wardle, a former NSA hacker and now chief research officer at cybersecurity startup Digita Security, dug in and shared his findings with TechCrunch.

Wardle found that the downloaded app jumped through hoops to bypass Apple’s Mac sandboxing features, which prevents apps from grabbing data on the hard drive, and upload a user’s browser history on Chrome, Firefox and Safari browsers.

Wardle found that the app, thanks to Apple’s own flawed vetting, could request access to the user’s home directory and its files. That isn’t out of the ordinary, Wardle says, because tools that market themselves as anti-malware or anti-adware expect access to the user’s files to scan for problems. When a user allows that access, the app can detect and clean adware — but if found to be malicious, it can “collect and exfiltrate any user file,” said Wardle.

Once the data is collected, it’s zipped into an archive file and sent to a domain based in China.

Wardle said that for some reason in the last few days the China-based domain went offline. At the time of writing, TechCrunch confirmed that the domain wouldn’t resolve — in other words, it was still down.

“Let’s face it, your browsing history provides a glimpse into almost every aspect of your life,” said Wardle’s post. “And people have even been convicted based largely on their internet searches!”

He said that the app’s access to such data “is clearly based on deceiving the user.”


I’d suggest that anything which claims to be helping you with adware is going to be a scam, unless it comes from a recognised cybersecurity company. The solution to adware is not running vulnerable products such as Flash and Java, and to be wary about what you download. At least Apple makes it hard to run apps from outside the Mac App Store.

This won’t, of course, help anyone’s trust in Huawei, ZTE and other Chinese companies with their own high-profile problems. And there are strong suggestions that the app maker got a lot of fake reviews on the Mac App Store.
link to this extract

Errata, corrigenda and ai no corrida: none notified