Start up: VR porn!, privacy and the FBI, Baidu’s data grab, why Trump?, and more

A Nissan Leaf charging. But you’d know that if you were to plug its VIN into a public API. Photo by Janitors on Flickr.

Don’t be late! Sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs » Troy Hunt

Someone in one of Hunt’s classes discovered how to find out the battery status of Nissan’s popular electric car – and also turn its air conditioning on or off. For any LEAF. Without authorisation. Via API. From anywhere. And Nissan didn’t listen, and four different groups have discovered it independently:

»Nissan need to fix this. It’s a different class of vulnerability to the Charlie Miller and Chris Valasek Jeep hacking shenanigans of last year, but in both good and bad ways. Good in that it doesn’t impact the driving controls of the vehicle, yet bad in that the ease of gaining access to vehicle controls in this fashion doesn’t get much easier – it’s profoundly trivial. As car manufacturers rush towards joining in on the “internet of things” craze, security cannot be an afterthought nor something we’re told they take seriously after realising that they didn’t take it seriously enough in the first place. Imagine getting it as wrong as Nissan has for something like Volvo’s “digital key” initiative where you unlock your car with your phone.

By pure coincidence, this week Nissan unveiled a revised LEAF at the GSMA Mobile World Congress. Clearly, like many car makers, their future involves a strong push for greater connectivity in their vehicles:

»

In a fully connected, fully mobile world, in-vehicle connectivity is an absolute must for today’s drivers.

«

«

Perhaps not an “absolute must”, actually.
link to this extract

 


I got hacked mid-air while writing an Apple-FBI story » USAToday

Steven Petrow works for USA Today, and was writing and sending emails via Gogo Wi-Fi on a flight to Raleigh, Virginia. On touchdown, the guy in the seat behind him explained that he had hacked him, and “most people on the flight”:

»“That’s how I know you’re interested in the Apple story,” he continued. “Imagine if you had been doing a financial transaction. What if you were making a date to see a whore?” My mind raced: What about my health records? My legal documents? My Facebook messages?

And then the kicker:

“That’s why this story is so important to everyone,” he told me. “It’s about everyone’s privacy.”

Then he headed down the escalator and I headed out the front door. I may have been wearing my jacket, but I felt as exposed as if I’d been stark naked…

…[He then called Alex Abdo, a civil rights lawyer]: who is in actual danger here? The answer, apparently, is pretty much all of us. “Anyone who relies on the security of their devices,” Abdo told me.

It should be up to each of us to decide what to make public, and what to keep private, he continued. For me, I felt as though the stranger on the plane had robbed me of my privacy — as was explicitly his intent. He took the decision of what to share out of my hands. He went in through the back door of the GoGo connection.

«

link to this extract

 


Microsoft has acquired Xamarin » Petri

Brad Sams:

»Xamarin is one of the leading platforms for mobile app development and provides a robust platform that helps developers build mobile apps using C# and deliver fully native mobile app experiences to all major devices, including iOS, Android, and Windows. Seeing as Microsoft is a productivity focused company whose Visual Studio product is used by millions around the globe, this acquisition will fit nicely into their portfolio of products.

With more than 15,000 customers in 120 countries, of which 100 are Fortune 500 firms, Xamarin has become a leader in this space. Companies like Alaska Airlines, Coca-Cola Bottling, Thermo Fisher, Honeywell and JetBlue all use the software to develop their apps.

«

Apparently MSDN devs want to know if they’ll get it for free.
link to this extract

 


Solid support for Apple in iPhone encryption fight: poll » Reuters

Jim Finkle:

»Nearly half of Americans support Apple Inc’s (AAPL.O) decision to oppose a federal court order demanding that it unlock a smartphone used by San Bernardino shooter Rizwan Farook, according to a national online Reuters/Ipsos poll.

Forty-six percent of respondents said they agreed with Apple’s position, 35 percent said they disagreed and 20 percent said they did not know, according to poll results released on Wednesday.

Other questions in the poll showed that a majority of Americans do not want the government to have access to their phone and Internet communications, even if it is done in the name of stopping terror attacks.

«

Wait, I thought half supported the FBI? Oh god I’m so confused. As are the people being asked subtly different questions about the same topic.
link to this extract

 


Apple-FBI fight asks: is code protected as free speech? » Bloomberg Business

Adam Satriano:

»There’s some precedent for arguing that code is protected legal speech. In the 1990s, a graduate student at the University of California at Berkeley wrote an encryption program for his own research that he wanted to make public. Under federal regulations, a coder must get a license to publish cryptography tools, and the government denied the student’s license. In 1999, the U.S. Court of Appeals in San Francisco ruled for the first time that source code was protected as speech, and the student, Dan Bernstein, who is now an instructor at the University of Illinois at Chicago, was allowed to share the code freely.

The case, Bernstein v. U.S. Department of Justice, has been highlighted by those who favor less regulation of the Internet. But judges have also ruled that free speech protections don’t apply to code. Courts have been especially skeptical in cases involving piracy of music and movies.
The law “is murky in this area,” said Michael Froomkin, a law professor at the University of Miami — and that’s why Apple’s case could break new ground.

«

link to this extract

 


I tried VR porn, and I liked it » Ars Technica UK

Sebastian Anthony:

»You will probably be unsurprised to hear that VR porn is awesome. It’s like porn, but better. The porn I was sampling—made by Naughty America—was essentially a standard first-person-perspective film, but with the ability to look around. Unlike some VR experiences that are just two-dimensional 360-degree panoramas, Naughty America’s porn is stereoscopic; stuff actually sticks out, or comes flying at you. You really do want to reach out and touch things.

I watched three different scenes as I sat there in the cafe. In all three of them, “I” (a male actor) was reclining on some kind of sofa, looking down at my muscular physique and giant appendage. In some scenes, other people did things to me—in other scenes, I was much more proactive.

To be honest, it was a bit weird, looking down and seeing someone else’s body. But, after a few minutes of watching, I began to feel a sense of agency; I began to feel that yes, those rippling muscles were mine; I began to feel that it was me being tended to by two other beautiful people.

And of course, just as I was starting to get into it, the demo ended and I found myself back in the real world, being grinned at by a couple of guys from Naughty America. “Pretty cool, eh?”

All I can do is nod. Why did the demo have to end so soon?

Right now Naughty America’s films only allow have a 180-degree field of view, primarily because a standard porn scene doesn’t require anything greater, but also because it’s technologically quite challenging as well. Different varieties of porn—orgies and the like—would require a 360-degree field of view, but it doesn’t seem that Naughty America is working on that just yet.

When I asked Ian Paul, the company’s CIO, about how they actually film the VR scenes, he refused to tell me anything. “I can’t give away anything right now.” Basically, according to Paul, it’s quite hard to shoot a 3D VR film from an actor’s perspective, and lots of porn studios are currently trying to find the optimal setup.

«

You think kids playing video games is a problem now? Wait until this stuff becomes easily available.
link to this extract

 


Trump shatters the Republican Party » Politico

Shane Goldmacher:

»While Cruz has tried to tap into frustrated voters via ideology, Rubio has been far more reticent to amplify the angriest voices, saying repeatedly, “It is not enough to simply nominate someone who is angry.”

In South Carolina last week, when a voter shouted out that Hillary Clinton was a “traitor,” Rubio interjected gently, “I wouldn’t go that far, sir.” And last month, in Iowa, when another voter worried about Islamic sharia law coming to America, Rubio rebutted, “Guys, that’s not going to happen.”

While Rubio dances around the electorate’s resentments, Trump revels in them. On primary night in South Carolina, he tapped into their nationalism as he whacked at Mexico and China. “They’ve taken out jobs, they’ve taken our money, they’ve taken our everything,” he declared.

The crowd cheered wildly. “I showed anger and the people of our country are very angry!” Trump later tweeted about his South Carolina victory.

Perkins, the evangelical leader, described the Trump phenomenon’s lack of ideology this way: “You can’t be fearful and thoughtful at the same time.”

«

I remain fascinated by Trump’s rise (from the relatively safe distance of a few thousand miles of ocean). What I don’t know, and nobody seems to be saying much, is: how does Trump play with the broader electorate? If it’s Trump v Clinton (as seems likely), how does that play out?
link to this extract

 


Huawei Watch: Android Wear burn-in prevention 4K lapse [N5X] » YouTube

»

Quick 4K time lapse of Android Wear burn in prevention on the Huawei Watch. Captured with Framelapse Pro using a Nexus 5X.

«

That moves around quite a bit. Which prompts the thought – how long will always-on screens survive before they’re burnt out? Something to consider with wearables.
link to this extract

 


Announcing Spotify Infrastructure’s Googley future » News

Nicholas Harteau:

»in a business growing quickly in users, markets and features, keeping pace with scaling demands requires ever increasing amounts of focus and effort. Like good, lazy engineers, we occasionally asked ourselves: do we really need to do all this stuff?

For a long time the answer was “yes.” Operating our own data-centers may be a pain, but the core cloud services were not at a level of quality, performance and cost that would make cloud a significantly better option for Spotify in the long run. As they say: better the devil you know…

Recently that balance has shifted. The storage, compute and network services available from cloud providers are as high quality, high performance and low cost as what the traditional approach provides. This makes the move to the cloud a no-brainer for us. Google, in our experience, has an edge here, but it’s a competitive space and we expect the big players to be battling it out for the foreseeable future.

«

Lots of people are interpreting this as the first step to Spotify’s entirely Googley (ie Google-owned) future, and it’s hard not to see this that way.
link to this extract

 


Thousands of apps running Baidu code collect, leak personal data: research » Reuters

Jeremy Wagstaff and Paul Carsten:

»Thousands of apps running code built by Chinese Internet giant Baidu have collected and transmitted users’ personal information to the company, much of it easily intercepted, researchers say.

The apps have been downloaded hundreds of millions of times.

The researchers at Canada-based Citizen Lab said they found the problems in an Android software development kit developed by Baidu. These affected Baidu’s mobile browser and apps developed by Baidu and other firms using the same kit. Baidu’s Windows browser was also affected, they said.

The same researchers last year highlighted similar problems with unsecured personal data in Alibaba’s UC Browser, another mobile browser widely used in the world’s biggest Internet market.

Alibaba fixed those vulnerabilities, and Baidu told Reuters it would be fixing the encryption holes in its kits, but would still collect data for commercial use, some of which it said it shares with third parties. Baidu said it “only provides what data is lawfully requested by duly constituted law enforcement agencies.”…

…”It’s either shoddy design or it’s surveillance by design,” said Citizen Lab director Ron Deibert.

«

Tricky choice.
link to this extract

 


Errata, corrigenda and ai no corrida: yesterday’s web page headline briefly said that it was Acer’s routers, not Asus’s, which had been found to be full of holes by the FTC. This was wrong.

One thought on “Start up: VR porn!, privacy and the FBI, Baidu’s data grab, why Trump?, and more

  1. I’m watching the presidential campaign from a thousand miles, having relocated to Mexico. I’m not sure how in tune I am with the body politic back home (but I can tell you what Mexicans think of Trump!).

    My sense is that no one is really sure how broad Trump’s support is, so people that say he can’t possibly win the general election might be whistling in the dark. When Trump started winning primaries, it got real. It got scary. It got really scary.

    I ask myself, “How is it even possible?” It’s not Trump’s fault. He’s the man of the hour. We’ve reached this hour after 15 years listening to a drumbeat of fear and anger. Most of that has been manufactured fear and anger for political purposes, but not all of it.

    I feel it on my return trips to the states. As homesick as I occasionally get here in Mexico, after about a week in the US, I can’t wait to get home.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s