Start up: yet another UK broadband pledge, what is mobile?, hacking Samsung’s theft protection, and more


A Huawei-made Nexus 6P: no breakage of the camera visor panel here. Photo by TechStage on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Fast broadband for all by 2020 pledged by David Cameron » BBC News

All UK homes and businesses will have access to “fast broadband” [of at least 10 megabits per second] by 2020, David Cameron has pledged.

The PM is to introduce a “universal service obligation” (USO) for broadband, giving the public a legal right to request an “affordable” connection.

It would put broadband on a similar footing to other basic services such as water and electricity.
In 2010, the coalition government promised the UK would have the best superfast broadband in Europe by 2015.

Then, in 2012, a pledge was made by then-Culture Secretary Jeremy Hunt that the UK would have “the fastest broadband of any major European country” by 2015.

He defined high-speed broadband as offering a download speed of greater than 24 megabits per second (Mbps). Communications regulator Ofcom defines it as 30Mbps.

That final sentence completely shows how weak this “pledge” really is: from 30Mpbs down to 24 down to 10. I suspect BT, as the dominant operator which also now owns a 4G network, will aim to fulfil this revised USO via 4G.
link to this extract


Some Nexus 6P owners are reporting spontaneously broken rear glass panels » Android Police

Michael Crider:

The early reaction to the Nexus 6P from both critics and owners has been mostly positive, but a few new owners seem to be encountering serious problems. Specifically, the glass panel on the rear of the phone, which covers the camera, LED flash, and laser autofocus module, is reportedly cracking and breaking on its own. A user on the Android subreddit reported the rear panel cracking, and at least two others have reported similar results, with the panel splitting into multiple cracks with no particular rough handling or impact.

That subreddit is getting pretty big, and there isn’t a lot of joy for the 6P. One person has had two in a row go wrong. Problem for Huawei?
link to this extract


How uBeam transmits energy wirelessly using ultrasound » uBeam

Meredith Perry, uBeam’s founder, has a big explainer about how it works, because people have been saying that either it doesn’t work, or it’s dangerous:

The uBeam system is composed of two parts: a transmitter that emits energy, and a receiver that receives energy. The transmitter is like a sound speaker, but instead of emitting audible sound, uBeam’s transmitter emits high frequency sound. This sound can’t be heard by humans or dogs; it’s called ultrasound. The receiver, like a microphone, picks up the sound and converts it into usable energy. Sound, like light and wind, is a form of energy that can be converted into electrical energy with our proprietary energy harvesting technology. The receiver then sends this electrical power to charge or power an electronic device.

link to this extract


Mobile, ecosystems and the death of PCs » Benedict Evans

Evans wrestles with the question of “what is ‘mobile’?” in the face of competing devices like the SurfaceBook, the Surface Pro, iPad Pro and so on:

Each generation of technology goes through an S-curve of development – slow improvement of an impractical product, then explosively fast improvement once fundamental barriers are solved, and then slowing iteration and refinement as you solve every last issue and the curve flattens out. PCs are on that flattening part of the curve, just as the [fastest ever piston-powered aircraft developed at the end of WW2, soon surpassed by jets, the Republic] Rainbow was.

They get perfect because you’re debugging the big things you invented in the past, and now your innovation is in the extra little things (such as the Rainbow using exhaust for extra thrust), and there are no big new innovations to debug. But meanwhile, the new ecosystem is catching up, and the curve of development and innovation for that generation will flatten out way out of reach. The new curve is crossing the old one. This is why they look simliar – this is why a Surface Pro and an iPad Pro look similar. They both exist right at the point that those development curves cross. The iPad might still be a little below, but its curve is heading up.

That is, the point that you can start to do old ecosystem things on what look like new ecosystem devices is also the point that the new ecosystem can do those things too – but the new ecosystem has 10x the scale, and the new ecosystem is just starting down the innovation track where the old one is at its end.

The really tricky part is knowing where on the S-curve something is, and whether there’s still money to be made from it. As Evans points out,

No-one is going to found a new company to make Win32 applications (though enterprise Windows apps will be worked on for a long time, just as mainframe apps were [after the IBM PC arrived]).

link to this extract


It’s incredibly easy to bypass Factory Reset Protection on a Samsung phone [with video] » 9to5 Google

Stephen Hall:

Factory Reset Protection was introduced with Android Lollipop, and, like Apple’s iCloud Activation Lock, it’s supposed to make it really hard to resell a stolen Android phone. The gist is that when you use Android recovery menu to reset a phone to factory settings, the phone will require upon reboot that you sign in using a Google account you previously used on the device before resetting it. If someone steals your phone and wipes it, they need your Google account for it to be anything but a brick.

Well, it appears that a flaw in Samsung’s phones lets potential thieves around this security measure, and it looks like the workaround takes just about five minutes to pull off…
Obviously a thief wouldn’t be able to get around a password-secured phone, so a factory reset would require going to Android’s recovery menu after a reboot (as opposed to going into the Settings app and doing a factory reset from there).

But since Samsung’s phones automatically pull up a file manager when you plug in an external storage device (even in the set up process), all you have to do is load an app file that lets you open up the stock Settings app. Press a couple buttons to do what the phone thinks is a legitimate/authorized reset, and the phone reboots without tripping Factory Reset Protection.

D’oh.
link to this extract


Google annual search Statistics » Statistic Brain

The number of annual searches conducted by Google, according to ComScore and the “Statistic Brain Research Institute” (sounds grand).

Compare the numbers in the top two lines of the table. It suggests that in 2014 the total number of Google searches fell, for the first time ever. Even within margins of error, that suggests search growth has stopped.
link to this extract


XcodeGhost S: a new breed hits the US » FireEye Threat Research

Yong Kang, Zhaofeng Chen, and Raymond Wei:

Through continuous monitoring of our customers’ networks, FireEye researchers have found that, despite the quick response, the threat of XcodeGhost has maintained persistence and been modified.

More specifically, we found that:

• XcodeGhost has entered into U.S. enterprises and is a persistent security risk
• Its botnet is still partially active
• A variant we call XcodeGhost S reveals more advanced samples went undetected

After monitoring XcodeGhost related activity for four weeks, we observed 210 enterprises with XcodeGhost-infected applications running inside their networks, generating more than 28,000 attempts to connect to the XcodeGhost Command and Control (CnC) servers – which, while not under attacker control, are vulnerable to hijacking by threat actors.

Pretty dramatic. And it can affect apps via third-party frameworks, as Possible Mobile discovered. Meanwhile, on Android…
link to this extract


Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire » Lookout Blog

Michael Bentley of the anti-malware company:

Auto-rooting adware is a worrying development in the Android ecosystem in which malware roots the device automatically after the user installs it, embeds itself as a system application, and becomes nearly impossible to remove. Adware, which has traditionally been used to aggressively push ads, is now becoming trojanized and sophisticated. This is a new trend for adware and an alarming one at that.

Lookout has detected over 20,000 samples of this type of trojanized adware masquerading as legitimate top applications, including Candy Crush, Facebook, GoogleNow, NYTimes, Okta, Snapchat, Twitter, WhatsApp, and many others.

Malicious actors behind these families repackage and inject malicious code into thousands of popular applications found in Google Play, and then later publish them to third-party app stores. Indeed, we believe many of these apps are actually fully-functional, providing their usual services, in addition to the malicious code that roots the device.

Oh, and also: if you get infected you probably won’t be able to uninstall it; you’ll either need a pro or a trip to buy a new one. (Factory reset won’t do it.)
link to this extract


BlackBerry Priv review: good, but probably only for keyboard junkies » Android Police

David Ruddock is befuddled by those little things with letters on:

But time for some real talk about those keys, in respect to my particular tapping of them. I am awful at these tiny little keyboards. Like, your grandpa trying to use an ATM when 6 other people are in line behind him and all of them are clearly in a rush awful. It’s just not my thing, it never has been, and it never will be. To me, this is mind-bendingly unintuitive and would take me months to master in anything approaching a respectable way. I’m not going to be using the Priv for months. I cannot give you a good evaluation of the keyboard on the merits. Sorry. I can show you what it looks like, though! Also, it’s backlit.

My thoughts without getting into the related software bits are as follows: the keys are really small. They depress and feel clicky. They are keys. Again, I am sorry. I really, really, can’t get into this keyboard-for-ants thing, even as I have forced myself to use it on the Priv.

This is the reason why anyone who began using a smartphone after 2010 is going to find the Priv completely weird. It’s like introducing typewriters to schools that have used iPads.
link to this extract


HTC One A9 review » AndroidAuthority

Joshua Vergara:

Remember the Sensor Suite originally announced in the HTC One M8? It allowed for the phone to go straight into specific areas with taps and swipes after the phone knew it was brought up for usage. Now, because the fingerprint reader is there, it is the wall that prevents all of these extra unlocking methods from being used. That also doesn’t include the fact that it can be a home button, without any capacitive keys accompanying it. Soft keys are still used, so using the reader as a home button takes some getting used to – and fiddling between the two, we’ve found to be really common.

Of course, there is also the omission of BoomSound speakers due to the addition of the fingerprint reader. This is a pretty bold move for the company, as one of its most-recognized features isn’t here anymore. Sound, thus, gets a big downgrade with the bottom-mounted unit. It certainly doesn’t get very loud at all, and it’s safe to say that we miss the stereo audio found in past One devices.

Storage options with the A9 are pretty standard, with the option to choose between 16 or 32GB variants. It should be noted that the 16GB model comes with just 2GB of RAM, while the 32GB variant comes with 3GB. We’ve been testing the 32GB model with 3GB of RAM, and we’ve noticed that it gets a little slow at times.

Jeepers – it’s sometimes slow with 3GB of RAM? None of this is really a vote of confidence.
link to this extract


HTC pushes US One A9 pre-order shipments back by up to several weeks, delays Verizon compatibility indefinitely » Android Police

David Ruddock:

While the A9 is indeed a pretty good phone, there’s no doubt HTC’s bungled the launch of the device a bit. First, the whole promotional pricing thing (and the 2GB/16GB variant abroad being so damn expensive), and now? A pre-order shipment delay for those who did choose to buy one. We’re hearing from US readers that HTC has sent out the following email, pushing back shipment of the initially available colors until next Tuesday, November 10th, at the earliest. Some customers, though, will be waiting much longer than that – especially if you ordered a Sprint variant.

In addition, HTC has now delayed Verizon network compatibility for the One A9 indefinitely. They had promised compatibility shortly after the November launch, then in December, and now have no ETA for the feature.

And it gets worse; certain colour variants are going to take weeks and weeks to ship. Dead on non-arrival?
link to this extract


Who the f*** is that advertiser? » Medium

Rob Leathern on the problem of validating who is advertising (which amounts to “running random Javascript on your system); the Interactive Advertising Bureau wants to charge $10,000 per company for this. Leathern laughs:

Google Adwords probably has over 2.5 million advertisers by this estimate. The top 100 to 1,000 advertisers (likely to be cost-insensitive enough to sign up for a program like this) aren’t the problem for online and mobile advertisers. The problem area is distinguishing between tens of thousands of large but legitimate advertisers, and those with money who are not legitimate or who are fronts for malware, botnets, and schlocky affiliate offers.

The goal shouldn’t be to register the top few thousands advertisers, but make the barriers low enough that we can validate every single advertiser consistently, and then do the kinds of auditing, checks and follow-up necessary to stop problem advertisers from being banned and then popping back up right away under another name or identity. Once you can accurately identify advertisers and have every part of the value chain understand this information, both publishers and consumers should be able to decide what kinds of advertisers they want to block.

If I had to guess, it’s a $10/year fee (ten dollars) and not $10,000, that will be a better incentive to get companies to participate and to create the infrastructure needed to validate this information at enormous scale.

Even at that level, it wouldn’t happen. And malware generators would still find ways to get around it.
link to this extract


Errata, corrigenda and ai no corrida: none notified. But the week is still young.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s