Start up: a shorter rounder Pebble, VW v DMCA redux, Lenovo’s other spyware, IAB defends ads, and more


This bloke’s car might offer some clues about Apple’s future offering. Photo by Konabish on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Pebble debuts its first round smartwatch with the Pebble Time Round » TechCrunch

Greg Kumparak:

Pebble is thus far known for its solid battery life; in a world where most smartwatches last a day or so at best, Pebble’s lightweight OS and e-ink display traditionally let it crank on for closer to a week.

Curiously, though, the Pebble Time Round has shaved off a fair bit of that signature battery life in favor of a lighter, slimmer design — instead of five or six days of battery life, Pebble Time Round promises two days. A quick charge feature lets you add 24 hours of juice with just 15 minutes on the charger — but you won’t be taking this one for week long camping trips.

Less battery life?
link to this extract


You have the right… to reverse engineer » getwired.com

Wes Miller:

This NYTimes article about the VW diesel issue and the DMCA made me think about how, 10 years ago next month, the Digital Millennium Copyright Act (DMCA) almost kept Mark Russinovich from disclosing the Sony BMG Rootkit. While the DMCA provides exceptions for reporting security vulnerabilities, it does nothing to allow for reporting breaches of… integrity.

I believe that we need to consider an expansion of how researchers are permitted to, without question, reverse engineer certain systems. While entities need a level of protection in terms of their copyright and their ability to protect their IP, VW’s behavior highlights the risks to all of us when of commercial entities can ship black box code and ensure nobody can question it – technically or legally.

Miller advised Russinovich on whether he could publish. The VW case is surely going to lead to a lot of questions about the DMCA and engine control unit (ECU) software – as highlighted yesterday.
link to this extract


What will the Apple Car look like? Jony Ive’s taste for Bentleys and Aston Martins could influence design » IB Times

David Gilbert:

So what will Apple’s car look like? By talking to the people in the industry and those who know Ive and his work, IBT gleaned some idea.

“If you look at the Apple philosophy of less is more, then apply that to a car then you would have an Apple product,” said Chris Longmore, founder if U.K.-based automotive design consultancy Drive. Longmore, who has worked with Ford, Nissan and Rolls Royce who believes it is a huge benefit for Apple to be starting with a blank sheet of paper. “If you take the iPhone and move into different areas, because the building blocks would be common throughout that, the DNA would be common across all the products and that’s how they should be looking to do it,” he said.

That too is the view of Ive’s former boss, Martin Darbyshire, CEO and founder of London-based design company Tangerine, who worked with Ive for 18 months before he moved to Apple.

“Sometimes coming at something with a fresh perspective is fundamental to finding something new and developing a paradigm shift. Of all the design teams in the world one would expect Apple to do something interesting and different,” Darbyshire told International Business Times.

Smart move asking Darbyshire. When you look at all the fan-generated renders of the “iWatch”, you realise the gulf between what people wish for and what Apple really does.
link to this extract


Lenovo collects usage data on ThinkPad, ThinkCentre and ThinkStation PCs » Computerworld

Michael Horowitz:

The task that gave me pause is called “Lenovo Customer Feedback Program 64”. It was running daily. According to the description in the task scheduler: “This task uploads Customer Feedback Program data to Lenovo”.

I have setup my fair share of new Lenovo machines and can’t recall ever being asked about a Customer Feedback program.

The program that runs daily is Lenovo.TVT.CustomerFeedback.Agent.exe and it resides in folder C:\Program Files (x86)\Lenovo\Customer Feedback Program.

Other files in this folder are Lenovo.TVT.CustomerFeedback.Agent.exe.config, Lenovo.TVT.CustomerFeedback.InnovApps.dll and Lenovo.TVT.CustomerFeedback.OmnitureSiteCatalyst.dll.

According to Wikipedia, Omniture is an online marketing and web analytics firm, and SiteCatalyst (since renamed) is their software as a service application for client-side web analytics.

So, while there may not be extra ads on ThinkPads, there is some monitoring and tracking.

Lenovo confirms in a support note that it does this, but says it’s non-personal. It seems the purpose is to see which applications, service and offers you go for during system setup. Which says something about the parlous state of crapware on Windows PCs in its own right.
link to this extract


The Apple bias is real » The Verge

Vlad Savov, bravely:

The next time you read an iPhone review, keep all these biases in mind. The iPhone is the favored tech product of a vast swathe of our planet’s population, serving both utilitarian and aspirational purposes. It is the catalyst for and sole supporter of entire ancillary industries. It is the nexus where communication and commerce blend most easily, and it is the surest harbinger of the future that is to come. Any review that doesn’t account for all of these factors might be considered technically objective and ubiased, but it would also be frightfully uninformative. Assessing an iPhone against a blank canvas is akin to describing Notre Dame or Sagrada Família as old, large, religious buildings.

Apple bias exists in reviews because it exists in the real world. The company’s track record with the iPhone and other products like it — characterized by a great deal more right decisions than wrong ones — encourages optimism about its riskier new ventures today. The Apple Watch is credited with greater potential than the Samsung Gear S2 because of the two companies’ different histories. The Huawei Mate S has Force Touch similar to the iPhone 6S, but only Apple’s phone is expected to turn that technology into a transformative new mode of interaction.

That’s justified bias. That’s relevant context derived from history and experience. Without it, we’d be reciting facts and figures, but no meaning. Megabytes and millimeters matter only after they’ve been passed through the prism of human judgment, and we shouldn’t pretend that it can, or should, ever be unbiased.

link to this extract


Functioning ‘mechanical gears’ seen in nature for the first time » Phys.org

Each gear tooth has a rounded corner at the point it connects to the gear strip; a feature identical to man-made gears such as bike gears – essentially a shock-absorbing mechanism to stop teeth from shearing off.

The gear teeth on the opposing hind-legs lock together like those in a car gear-box, ensuring almost complete synchronicity in leg movement – the legs always move within 30 ‘microseconds’ of each other, with one microsecond equal to a millionth of a second.

This is critical for the powerful jumps that are this insect’s primary mode of transport, as even miniscule discrepancies in synchronisation between the velocities of its legs at the point of propulsion would result in “yaw rotation” – causing the Issus to spin hopelessly out of control.

“This precise synchronisation would be impossible to achieve through a nervous system, as neural impulses would take far too long for the extraordinarily tight coordination required,” said lead author Professor Malcolm Burrows, from Cambridge’s Department of Zoology.

“By developing mechanical gears, the Issus can just send nerve signals to its muscles to produce roughly the same amount of force – then if one leg starts to propel the jump the gears will interlock, creating absolute synchronicity.

link to this extract


Ad blocking: the unnecessary internet apocalypse » Advertising Age

Randall Rothenberg is president and chief executive of the Interactive Advertising Bureau:

Let’s take these challenges in order. Advertising (as everyone reading these words knows well) pays for the ability for nearly anyone around the world to type in any URL and have content of unimaginable variety appear on a screen. Advertising also subsidizes the cost of apps, which can take hundreds of thousands of dollars to produce, but are often free or low-priced.

Without advertising, digital content and services either will vanish, or the cost for their production and distribution will come directly from consumers’ wallets.

Of even greater importance is the impact on the economy itself. Advertising represents $350 billion of the U.S. gross national product, and consumers depend on it to help make $9 trillion of annual spending decisions. “Advertising helps the economy function smoothly,” said Nobel Laureate economists Kenneth Arrow and George Stigler. “It keeps prices low and facilitates the entry of new products and new firms into the market.”

Ad blocking disrupts this engine of competition. I wish I were crying wolf, but I’m not. Some websites, particularly those with millennial audiences, are already losing up to 40% of their ad revenue because of ad blocking. Our own IAB research found at least 34% of U.S. adults use ad blockers.

Good grief, where to start?
(1) Content was online long before advertising shoved its sweaty arse in front of us;
(2) Advertising doesn’t pay for smartphones, PCs or internet connectivity;
(3) advertising doesn’t subsidise the production, it subsidises the presentation of many apps – but substantial numbers are simply paid-for (think of UsTwo’s Monument Valley);
(4) the cost of content etc already comes from our wallets, because the cost of advertising is a factor in any company’s costs and so its products
(5) adblocking isn’t going to kill the whole advertising industry, just the bit that behaves unreasonably online
(6) adblocking actually intensifies competition, because it creates a new space where would-be advertisers have to figure out how to get their message across
(7) wouldn’t it have been good to notice that your members were pissing people off before desktop adblocking had been adopted by a third of one section of your audience, Mr Rothenberg?
link to this extract


Shut Up: Comment Blocker » iOS App Store

Richard Romero:

Shut Up spares you from Internet troglodytes by hiding all comment sections when browsing the web in Safari. You can even set your favorite websites to show comments by default.

This stuff is only just getting started.
link to this extract


Malware with your news? Forbes website victim of malvertising attack » FireEye Inc

From Sept. 8 to Sept. 15, 2015, the Forbes.com website was serving content from a third-party advertising service that had been manipulated to redirect viewers to the Neutrino and Angler exploit kits.  We notified Forbes, who worked quickly to correct the issue.

This type of malicious redirection is known as malvertising, where ad networks and content publishers are abused and leveraged to serve ads that redirect users to malicious sites.

I promise that FireEye is not paying for its position here or in the next links. It’s just on top of the relevant news. Also: pretty good case for desktop adblocking there.
link to this extract


Protecting our customers from XcodeGhost » FireEye Inc

Immediately after learning of XcodeGhost, FireEye Labs identified more than 4,000 infected apps on the App Store. FireEye has since updated detection rules in its NX and Mobile Threat Prevention (MTP) products to detect the malicious apps and their activity on a network.

FireEye NX customers are alerted if an employee uses an infected app while the iOS device is connected to the corporate network. It’s important to note that, although the CnC servers have been taken down, the malicious apps still try to connect to them using HTTP. This HTTP session is vulnerable to hijacking by other attackers.

FireEye MTP management customers have full visibility when a mobile device is infected in their deployment base. End users receive on-device notifications of malware detection and IT administrators receive email alerts of the infection.

Four thousand is a lot. Does Apple have any means to killswitch those apps? It can’t kill them based on the developer certificate, because there are lots of developer certificates involved – it’s not a single malicious developer, it’s a single malicious library (or set of libraries) used by many developers.
Apple also has an FAQ up about the exploit.
link to this extract


Guaranteed clicks: mobile app company takes control of Android phones » FireEye Inc

FireEye Labs mobile researchers discovered a malicious adware family quickly spreading worldwide that allows for complete takeover of an Android user’s device. This attack is created by a mobile app promotion company called NGE Mobi/Xinyinhe that claims to be valued at more than $100M with offices in China and Singapore.

The malicious adware uses novel techniques to maintain persistence and obfuscate its activity, including installing system level services, modifying the recovery script executed on boot, and even tricking the user into enabling automatic app installation. We have observed over 300 malicious, illegitimate versions of Android apps being distributed, including: Amazon, Memory Booster, Clean Master, PopBird, YTD Video Downloader, and Flashlight…

…has infected 20 different versions of Android from 2.3.4 to 5.1.1. Victims with 308 different phone models from more than 26 countries and four continents have been infected.

Another day…
link to this extract


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s