Start up: Samsung Pay to win?, Apple on Siri/Photos privacy, mystery ministry mujahadeen hack, and more


Scanning the content is only half the battle. Photo by JonathanCohen on Flickr.

A selection of 12 links for you. Not valid in Montana. I’m charlesarthur on Twitter. Observations and links welcome.

Lockpickers 3D print TSA master luggage keys from leaked photos » WIRED

Andy Greenberg:

If you have sensitive keys—say, a set of master keys that can open locks you’ve asked millions of Americans to use—don’t post pictures of them on the Internet.

A group of lock-picking and security enthusiasts drove that lesson home Wednesday by publishing a set of CAD files to Github that anyone can use to 3-D print a precisely measured set of the TSA’s master keys for its “approved” locks—the ones the agency can open with its own keys during airport inspections. Within hours, at least one 3-D printer owner had already downloaded the files, printed one of the master keys, and published a video proving that it opened his TSA-approved luggage lock.

Those photos first began making the rounds online last month, after the Washington Post unwittingly published (and then quickly deleted) a photo of the master keys in an article about the “secret life” of baggage in the hands of the TSA. It was too late.

link to this extract


Samsung Pay: the mobile wallet winner? » Mobile Payments Today

Will Hernandez:

During a panel discussion about the current state of ATMs, bitcoin, and mobile wallets, ATM Industry Association CEO Mike Lee unapologetically threw his support behind Samsung Pay as the mobile wallet that will “win.”

Lee’s Samsung Pay endorsement can be boiled down to a single feature that is supposed to separate it from other mobile wallet providers: magnetic secure transmission technology support on the device itself. 

Samsung acquired the rights to the technology when it bought LoopPay earlier this year, and has since embedded it into Galaxy S6 and Galaxy S6 Edge smartphones. The devices still rely on NFC chips to enable users to conduct tap-and-pay transactions at contactless-enabled point-of-sale terminals. Should contactless be unavailable, MST can “communicate” with the magnetic stripe reader currently present on all terminals in the United States. Samsung Pay will sense which option is available and transact accordingly.

But whether MST is really that true game changer in the industry remains to be seen.

link to this extract


Apple addresses privacy questions about ‘Hey Siri’ and Live Photo features » TechCrunch

Matt Panzarino:

With ‘Hey Siri’, “In no case is the device recording what the user says or sending that information to Apple before the feature is triggered,” says Apple.

Instead, audio from the microphone is continuously compared against the model, or pattern, of your personal way of saying ‘Hey Siri’ that you recorded during setup of the feature. Hey Siri requires a match to both the ‘general’ Hey Siri model (how your iPhone thinks the words sound) and the ‘personalized’ model of how you say it. This is to prevent other people’s voices from triggering your phone’s Hey Siri feature by accident.

Until that match happens, no audio is ever sent off of your iPhone. All of that listening and processing happens locally.

Live Photos:

Because Live Photos record motion before your still image, they are continuously buffered beginning the moment you open your camera app and see the Live icon (orange circle) at the top of your screen. Apple says that this 1.5 second recording only happens when the camera is on, and this information is not permanently saved until you take a picture, period.

“Although the camera is “recording” while you’re in Live Photo mode, the device will not save the 1.5 seconds before until you press the camera button,” says Apple. “The pre-captured images are not saved to the user’s device nor are they sent off the device.”

The 1.5 seconds after the still capture are also recorded because you’ve tapped the camera button in live mode.

From what we’ve gleaned, Live Photos are a single 12-megapixel image and a paired motion format file, likely a .mov. They are presented together by iOS but are actually separate entities tied to one another.

link to this extract


With iOS 9, ‘Hey Siri’ gains a new setup process tailored to your voice » Apple Insider

“Appleinsider Staff”:

Setting up “Hey Siri” is a simple, five-step process where users must speak a number of commands. If the iPhone or iPad does not properly hear the user, they are instructed to speak again.

Users say the words “Hey Siri” three times, then “Hey Siri, how’s the weather today?” followed by “Hey Siri, it’s me.” Once this is completed, iOS 9 informs the user that “Hey Siri” is ready to use.

Previously, in iOS 8, “Hey Siri” was enabled without a setup process. On occasion, the voice-initiated function would not work properly and took multiple tries. Presumably Apple’s new setup process will address some of those issues from iOS 8.

Smart to personalise it, if that is what this is. I’ve had Siri go off while plugged in and the radio’s on: stories about Syria tend to be the cause. Not sure this will help any iPhone-owning newsreaders, though.
link to this extract


App Programming Guide for tvOS: On-Demand Resources » Apple Developer Documents

On-demand resources are app contents that are hosted on the App Store and are separate from the related app bundle that you download. They enable smaller app bundles, faster downloads, and richer app content. The app requests sets of on-demand resources, and the operating system manages downloading and storage. The app uses the resources, and then releases the request. After downloading, the resources may stay on the device through multiple launch cycles, making access even faster.

Each app stored on Apple TV is limited to a maximum of 200MB. In order to create an app greater than this amount, you must break up your app into downloadable bundles. In Xcode, create tags and attach them to the required resources. When your app requests the resources associated with a tag, the operating system downloads only the required assets. You must wait until the assets are downloaded before you can use them in your app.

So many people saw the headline that each app is limited to 200MB and thought that that is the upper limit for everything related to an app on AppleTV. As this clearly says, it isn’t – and note also that point about “After downloading, the resources may stay on the device through multiple launch cycles, making access even faster.”

But reading dev documents takes effort. Tweeting “200MB OMG” is much simpler.
link to this extract


Whatever happened to Google Books? » The New Yorker

Tim Wu on the project that has been stalled since 2011:

There are plenty of ways to attribute blame in this situation. If Google was, in truth, motivated by the highest ideals of service to the public, then it should have declared the project a non-profit from the beginning, thereby extinguishing any fears that the company wanted to somehow make a profit from other people’s work. Unfortunately, Google made the mistake it often makes, which is to assume that people will trust it just because it’s Google. For their part, authors and publishers, even if they did eventually settle, were difficult and conspiracy-minded, particularly when it came to weighing abstract and mainly worthless rights against the public’s interest in gaining access to obscure works. Finally, the outside critics and the courts were entirely too sanguine about killing, as opposed to improving, a settlement that took so many years to put together, effectively setting the project back a decade if not longer.

link to this extract


Who controls the off switch? » Light Blue Touchpaper

Ross Anderson (who leads some of the UK’s best academic security researchers:

We have a new paper on the strategic vulnerability created by the plan to replace Britain’s 47 million meters with smart meters that can be turned off remotely. The energy companies are demanding this facility so that customers who don’t pay their bills can be switched to prepayment tariffs without the hassle of getting court orders against them. If the Government buys this argument – and I’m not convinced it should – then the off switch had better be closely guarded. You don’t want the nation’s enemies to be able to turn off the lights remotely, and eliminating that risk could just conceivably be a little bit more complicated than you might at first think. (This paper follows on from our earlier paper On the security economics of electricity metering at WEIS 2010.)

Anderson doesn’t need to scare people for money. But what he points to is often worrisome.
link to this extract


Cabinet ministers’ email hacked by Isil spies » Telegraph

So this is how modern media – well, I use the word “modern” in its loosest sense – works. Writing this story took four journalists, so please stand up, Claire Newell, Edward Malnick, Lyndsey Telford and Luke Heighton, for this 22-paragraph story which begins:

Jihadists in Syria have hacked into ministerial email accounts in a sophisticated espionage operation uncovered by GCHQ, the Telegraph can disclose.

I know! Blimey, you think. Hacked in to their accounts? They must have found a ton of stuff there, right?

You then plough on through tons of paragraphs about drone strikes and various bits of handwaving, but no detail. You carry on, and eventually – in the 13th paragraph – there’s this:

The recent cyber threat first emerged in a warning to Whitehall security officials in May and it is understood that the plans to attack Britain were exposed by the GCHQ investigation.

It is unclear what information the extremists were able to access, but it is understood that no security breaches occurred. However, officials were told to tighten security procedures, including changing passwords.

And that’s it. No more detail. So what do we think actually happened? Based on this very thin gruel, my guess is that the ministerial email had two-factor authentication, and someone got phished, and it set all sorts of alarm off in Cheltenham (where GCHQ is). No breach, but someone had been very stupid.

And of course “hacked” in the headline is overplayed. “Targeted” might work. Classic Sunday journalism: no paper will be able to follow this up for a Monday story, because there aren’t any facts to it. The story falls apart in your hands.
link to this extract


Ten years later, this is how Techmeme has avoided clickbait, autoplay ads, and more » LinkedIn

Gabe Rivera, the site’s chief executive and frequent editor:

In 2015, supporting an online news operation with advertising when your page view and unique visitor numbers aren’t massive is always an uphill battle. Media sites in this predicament are often tempted to run ads units that pay more but repel and infuriate readers.

Fortunately what Techmeme does have is the attention of the people who lead the tech industry. (Ask your CEO “where do you get your tech news?”) When a news destination is a hub for industry decision-makers, companies will want to reach its readers, making it possible to sell the far more welcome form of “ads” that Techmeme does include. These include posts from sponsors’ blogs, catchy taglines from companies that want you to check out their job openings, and events that companies want you to consider attending. While not all companies are used to making these sorts of marketing buys, many are learning how, and Techmeme is here to serve them.

link to this extract


FBI says ‘Australian IS jihadist’ is actually a Jewish American troll named Joshua Ryne Goldberg » Brisbane Times

Elise Potaka and Luke McMahon:

The Australi Witness persona fooled members of the international intelligence community as well as journalists, with well-known analyst Rita Katz of SITE Intelligence Group saying the “IS supporter” held a “prestige” position in online jihadi circles and was “part of the hard core of a group of individuals who constantly look for targets for other people to attack”.

Ms Katz has previously acted as a consultant for US and foreign governments and testified before Congress on online terrorist activities.

The Australian Federal Police were unaware of Australi Witness’s real identity as Goldberg until contacted by journalists working on behalf of Fairfax Media.

On the internet, nobody knows you’re a troll.
link to this extract


Why Xbox Kinect didn’t take off » Business Insider

Matt Weinberger:

The Kinect also introduced voice commands and a gesture interface to the Xbox 360 itself. You could pause a movie with your voice, or log in to your account on the console by standing in front of the camera.

But as cool as that all sounded, the Kinect was still a new technology, and there were some glitches with those cool new interface tricks.

“It does do magic, but only 85% correctly. When you encounter the 15%, it’s frustrating,” the former Xbox insider said.

Serious gamers care about precise movements, like landing a perfect Super Combo in “Street Fighter IV” or nailing a headshot in “Call of Duty.” Similarly, if you have voice controls for a movie, it had better work the first time, or else you’re just shouting “pause” at your TV over and over.

In both cases, it wasn’t quite the totally accurate experience that people wanted.

“It’s essentially a less precise replacement for a lot of things which, once the novelty wears off, is not valued by the market. So it’s real value is for new experiences impossible before without it. There isn’t enough interest or investment in those,” the ex-insider says.

Worse, the longer people used Kinect, the more they found places and situations where it just fell short and didn’t work as well as it should have.

In my apartment, playing a Kinect game requires moving furniture around to give the sensor the field of view that it needs to work well. It’s a big problem for lots of gamers, since you need 6 to 10 feet between you and the sensor.

Try playing that in a dorm room or small apartment.

Yes, precisely.
link to this extract


iPad Pro won’t replace the PC any time soon » Teschspective

Tony Bradley:

Perhaps the biggest change that has occurred over the past few years that makes the iPad Pro viable as a potential PC replacement is Microsoft. The shift in strategy by Microsoft to embrace the cross-platform ecosystem and make Microsoft Office and other key Microsoft products available across rival devices removes one of the biggest obstacles for the iPad as a laptop replacement. Microsoft was at the Apple event this week and stood on stage to reveal that it has improved apps developed specifically for iOS 9 and the iPad Pro that will make Microsoft Office arguably better on the iPad Pro than it is on a standard Windows PC or even on the Surface Pro 3 itself.

The flip side of that, though, is that the iPad Pro still runs iOS. It is still primarily a mobile device trying to be a PC—whereas the Surface Pro tablet is a PC trying to be a mobile device. Not much has changed since my experience using the iPad as a laptop replacement for 30 days. It is still a suitable device for a limited range of tasks and applications. It still won’t work as well as a traditional PC for a number of specific functions.

More importantly—at least as it relates to the ability of the iPad Pro to compete with Windows PCs in a business environment—it can’t run the software that organizations have already invested in and rely on to get things done.

Thus you have the bear (pessimist) case on the iPad Pro. But it’s that last sentence which betrays the flaw in the argument. Lots of organisations can’t get the new things done they want to on older systems. An iPad begins as a mobile device; the Surface yearns to be a laptop (just look at its screen ratio).
link to this extract


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s