Start up: Android root attacks, Silicon Valley doesn’t click ads, Wikimedia tries search, videogames v culture, and more

Is Twitter a polluted pool? Stephen Fry thinks so. Photo by Dee West on Flickr.

»You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.«

A selection of 8 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Android malware spread via porn websites to generate fake ad revenue » Grahamcluley.com

David Bisson:

»Researchers have spotted a new type of mobile malware that roots Android devices with the purpose of generating fraudulent ad revenue for its operator.

Earlier this month, Andrey Polkovnichenko and Oren Koriat, two members of the Check Point Research Team, wrote in a blog post about how they detected the malware, which they have named “HummingBad,” as part of a drive-by download attack served by porn websites against two customers’ Android devices.

Curious, they decided to dig into the malware and figure out what makes it tick.

As it turns out, HummingBad is a complex rootkit whose components are encrypted, in an attempt to avoid being flagged by security solutions as malicious.«

link to this extract

 


Knowledge Engine: Wikimedia Foundation takes aim at Google with $3.5m search project » ABC News

»Online encyclopedia Wikipedia is preparing to tackle Google’s dominance of internet search with the launch of a $3.5 million program to build a “Search Engine by Wikipedia”.

Wikipedia’s parent organisation, the Wikimedia Foundation, had in September been awarded a $US250,000 ($A350,000) grant from the John S. and James L. Knight Foundation, but only publicised the grant in the past week.

The grant is to be used “To advance new models for finding information by supporting stage one development of the Knowledge Engine by Wikipedia,” the Knight Foundation’s grant letter to the Wikimedia Foundation read.«

Table stakes for a search engine back in 2003 were $100m (that’s what Microsoft put into it), though maybe they’ve come down a little since then.

Come back in a year or two and see the wreckage.
link to this extract

 


Too many people have peed in the pool » Stephen Fry

Fry made a sarcastic quip at the Baftas about someone (who turned out to be a friend of his); he then got hell on Twitter; he then deleted his account:

»let us grieve at what twitter has become. A stalking ground for the sanctimoniously self-righteous who love to second-guess, to leap to conclusions and be offended – worse, to be offended on behalf of others they do not even know. It’s as nasty and unwholesome a characteristic as can be imagined. It doesn’t matter whether they think they’re defending women, men, transgender people, Muslims, humanists … the ghastliness is absolutely the same. It makes sensible people want to take an absolutely opposite point of view. I’ve heard people shriek their secularism in such a way as to make me want instantly to become an evangelical Christian.

But Stephen, these foul people are a minority! Indeed they are. But I would contend that just one turd in a reservoir is enough to persuade one not to drink from it. 99.9% of the water may be excrement free, but that doesn’t help. With Twitter, for me at least, the tipping point has been reached and the pollution of the service is now just too much.

But you’ve let the trolls and nasties win! If everyone did what you did, Stephen, the slab-faced dictators of tone and humour would have the place to themselves. Well, yes and they’re welcome to it. Perhaps then they’ll have nothing to smell but their own smell.«

link to this extract

 


People in Silicon Valley don’t click on ads » Medium

Rob Leathern:

»Using Facebook’s Audience Insights tool (free to anyone who buys Facebook ads), I compared people from San Francisco and Palo Alto/Mountain View to those in New York City, Boulder/Denver and the nation as a whole.
In short, San Francisco / Silicon Valley people don’t click on ads…

San Francisco, California Activity Profile (Source: Facebook)

The average user in the United States has a value of 12 for “Ads Clicked” whereas a San Francisco user has only clicked 1 ad. Similarly, they appear not to be commenting or liking posts as frequently as the median national user. The story is very similar for the Mountain View / Palo Alto audience.«

This is like those people who work at junk food companies who would never eat their own output – they know what goes into it. (Leathern is working on a new approach to web advertising at optimal.com.)
link to this extract

 


Take video games seriously! Yes, they’re fun, but they matter culturally too » The Guardian

Naomi Alderman:

»Why do video games receive so little coverage in mainstream cultural media? It’s a question that’s troubled me for years – I even made a programme about it for Radio 4. Games are the largest entertainment medium in the world. And yet newspaper culture pages tend not to cover them (pace Observer Tech Monthly). Cultural programmes on TV and radio do a fun segment about games once a quarter at best while reserving discussion and analysis for interpretive dance or experimental opera.

It’s very weird for me: my novels, which sell tens of thousands of copies, are shortlisted for prizes that appear on the news. My games, which have sold millions of copies, don’t make the news. Film and TV Baftas are a news story. Games Baftas are an industry event.

I think this is a shame. It affects the way people think about the medium.«

OK, I’ll bite: a reason games aren’t treated as mattering culturally is because they have very little to tell us about our culture. Take a film like The Big Short or The Revenant or The Martian (the latter perhaps closest, in plot, to a video game).

Besides the mechanics of plot, each takes us into another person’s, or other peoples’, experiences: Steve Carrell’s character in Big Short is consumed by loathing of the vile business, yet unable to withstand the desire to profit from the dumb money. Leonardo Di Caprio’s holds onto life to avenge a death; Matt Damon’s goes through the emotions of loss, resignation, elation, and near-resignation. And like life, each film surprises us but tells us about the human experience.

And where’s the game that could evoke the same emotional reaction as ET – made in 1982 (that’s 34 years ago)?

Just because games sell in large numbers and generate lots of money doesn’t mean they have equivalent status as cultural artefacts as films. Fishing is the most popular (as in “has the most participants”) sport in the UK. Yet you don’t see it reported in newspapers (Fishing Times apart), whereas tennis is.
link to this extract

 


Why Xiaomi, Lenovo, and Huawei can’t compete with Apple » Tech in Asia

Charlie Custer:

»Chinese handset makers did quite well in 2015. But can they climb that cliff? Could they actually beat out Apple?

No. At least not in the sense of eating into Apple’s specific chunk of the market.

Why? For one, they don’t share a clear target market with Apple. Say what you will about Apple – and I’ve said some bad things in the very recent past – but it knows its market. And so do you, probably. Quick, picture an iPhone user. You’re probably picturing somebody young-ish, urban. Somebody who likes a simple user experience that doesn’t change much from model to model. Somebody who admires good industrial design, and who has the money to fit a $600-$800 phone into their budget.

Now, picture a Huawei user. It’s much harder because they’re all over the place. The prices range quite a bit, and the company offers dozens of different handset models. Lenovo is pretty similar. Even once-simple Xiaomi now offers three different major product lines with a confusing assortment of models in each line (do I want the Mi 4 or the Mi 4i or the Mi 4c?).

That’s not to say that none of these devices have clear target markets, of course, but none of them really overlap with the iPhone market. All three companies offer lower-priced devices, and because of their split focus they really can’t hope to compete with Apple’s single-minded focus when it comes to the iPhone market. They may be able to boost their numbers by picking up more users in developing regions, but none of the three is likely poaching any of Apple’s market anytime soon.

Plus, they’re not competing in the same ecosystem. Technologically speaking, there’s nothing on the iPhone that you can’t get on a dozen Android handsets except for one thing: iOS. And while I’ve argued that a lot of the native iOS apps are getting worse, there’s still no doubt that once a user buys into an ecosystem, it’s difficult to get them out of it.«

link to this extract

 


2017 to be the year of dual-lens cameras, says Sony » Android Authority

John Dye, noting that Sony has started a separate platform to support dual-lens cameras on phones:

»This seems to line up with some recent rumors trickling through the grapevine that the iPhone 7 Plus will be using a dual-lens camera module. However, Sony was quick to point out that they don’t believe this new form of camera will be anything close to mainstream for at least a year. The high-end smartphone market is slowing down globally. As a result, the demand for smartphone components is slackening, so Sony is banking on this new technology getting a start a little later than we may prefer. Chief financial officer Kenichiro Yoshida put it this way:

»Well, for next year, our so-called dual lens – dual camera platform will be launched by, we believe, from major smartphone players. However, as I said previously, recently, our smartphone market is growing and particularly, our high-end smartphone market is now slowing down. So, that may impact the demand or production schedule of dual camera smartphones by the major smartphone manufacturers. So, we believe the real start, the takeoff of smartphone with dual lens camera will be in the year of 2017.«

«

I read that “takeoff” as meaning “phones that aren’t iPhones”. Fingerprint sensors weren’t mainstream in 2013, but the iPhone 5S had one. And so on. (Though ZTE has a dual-lens camera on its top-end Axon phone, released last year.)
link to this extract

 


Verizon will now let users kill previously indestructible tracking code » ProPublica

Julia Angwin:

»Verizon says it will soon offer customers a way to opt out from having their smartphone and tablet browsing tracked via a hidden un-killable tracking identifier.

The decision came after a ProPublica article revealed that an online advertiser, Turn, was exploiting the Verizon identifier to respawn tracking cookies that users had deleted.

Two days after the article appeared, Turn said it would suspend the practice of creating so-called “zombie cookies” that couldn’t be deleted. But Verizon couldn’t assure users that other companies might not also exploit the number – which was transmitted automatically to any website or app a user visited from a Verizon-enabled device – to build dossiers about people’s behavior on their mobile devices.

Verizon subsequently updated its website to note Turn’s decision and declared that it would “work with other partners to ensure that their use of [the undeletable tracking number] is consistent with the purposes we intended.” Previously, its website had stated: “It is unlikely that sites and ad entities will attempt to build customer profiles.”«

Not quite a commitment not to track the hell out of you, though.
link to this extract

 


Errata, corrigenda and ai no corrida: none supplied.

Start up: Apple on software, 1970 reporting, Microsoft leaves ICOMP?, cycling’s new doping scandal, and more

Voters at the Iowa caucus were profiled and tracked via their phones – perhaps without knowing. Photo by ellenmac11 on Flickr.

»You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.«

A selection of 13 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

(To help formatting on the email, I’ve added » and « on the blockquotes to make it clearer what is quoted, and what is my commentary.)

The Talk Show ✪: Ep. 146, with very special guests Eddy Cue and Craig Federighi » Daring Fireball

John Gruber:

»
Very special guests Eddy Cue and Craig Federighi join the show. Topics include: the new features in Apple’s upcoming OS releases (iOS 9.3 and tvOS 9.2); why Apple is expanding its public beta program for OS releases; iTunes’s monolithic design; how personally involved Eddy and Craig are in using, testing, and installing beta software; the sad decline of Duke’s men’s basketball team; and more.
«

This is, what, the second or third time I’ve recommended a podcast? This is an hour, and fascinating (with data points: iMessage peaked at 200,000 per second, there are 782m iCloud users – v 1bn devices in use, so do the maths – and 11m Apple Music subscribers, up from 10m in December).

Federighi’s point about how they tracked Bluetooth keyboard use for the Apple TV, and which calendar week it dwindled to zero, made me laugh aloud.

You can consider *why* Apple made Cue and Federighi available to Gruber, and it’s pretty obvious: they’re aiming to get their message out about Apple’s software and services quality, after all sorts of criticism lately. And that performance turns out to be pretty impressive – hundreds of millions of users who turn them on straight away that it goes live, such as iOS 9.0, iCloud Drive, and so on. Are they perfect? No. But they iterate to improvement pretty fast, given their scale.
link to this extract

 


Cycling’s mechanical-doping scandal » Business Insider

Daniel McMahon:

»
In the days that followed, the UCI said it had tested more than a hundred bikes at the world championships — and that it would be testing a lot more going forward:

»
The Union Cycliste Internationale (UCI) has taken the issue of technological fraud extremely seriously for many years. It has been clear for some time that the equipment exists to enable people determined to cheat to do so by installing devices hidden in bikes. That is why we’ve invested considerable time and financial resources in organising unannounced tests at races and have recently been trialing new methods of detection. We’ve also been using intelligence gathered from the industry and other information given to us. We tested over 100 bikes at the 2016 UCI Cyclo-cross World Championships in Heusden-Zolder and will continue to test large numbers of bikes at races throughout the season.
«

And sure enough, on Friday, February 12, the UCI announced it had tested another 90 bikes for motors, but this time at a road race in France.
«

This is weird. Motors in bicycles is A Thing. A Doping Thing.
link to this extract

 


64-bit iPhones and iPads get stuck in a loop when set to January 1, 1970 » Ars Technica

Peter Bright:

»
Take a 64-bit iOS device—iPhone 5S or newer, iPad Air or newer, iPad Mini 2 or newer, sixth generation iPod touch or newer—laboriously set its date to January 1, 1970, and reboot. Congratulations: you now have a shiny piece of high-tech hardware that’s stuck at the boot screen, showing nothing more than the Apple logo… forever.
«

From the highest-rated comment on the comments below the story:

»
It appears to solve itself when the internal clock is allowed to advance normally to a point when «current time» minus time zone is greater than zero.

(This may be why people are seeing a battery drain fix it or see it fixed when inserting a SIM card that supports carrier time information)
«

Versions of Bright’s story, all written from the same YouTube video, are all over the web. More informed (and stupider) comments can be found beneath them (where they allow comments). The more informed ones point out the errors.

It’s quite the problem for journalists: news editors clamour for the story now, but it’s hard to check all the details, and especially the causes. This isn’t a “forever” bug. But you need to get the story written. That lack of time to research and check erodes trust in outlets which have been quick to follow a YouTube video. It’s not “permanent”, it’s not “bricked”, it’s not “forever”.

Though they then get a second bite of the cherry with “how to fix” articles. (Answer: let the battery run down.)
link to this extract

 


This company tracked Iowa caucusgoers through their phones » Fusion

Kashmir Hill:

»
What really happened is that Dstillery gets information from people’s phones via ad networks. When you open an app or look at a browser page, there’s a very fast auction that happens where different advertisers bid to get to show you an ad. Their bid is based on how valuable they think you are, and to decide that, your phone sends them information about you, including, in many cases, an identifying code (that they’ve built a profile around) and your location information, down to your latitude and longitude.

Yes, for the vast majority of people, ad networks are doing far more information collection about them than the NSA–but they don’t explicitly link it to their names.

So on the night of the Iowa caucus, Dstillery flagged all the auctions that took place on phones in latitudes and longitudes near caucus locations. It wound up spotting 16,000 devices on caucus night, as those people had granted location privileges to the apps or devices that served them ads. It captured those mobile ID’s and then looked up the characteristics associated with those IDs in order to make observations about the kind of people that went to Republican caucus locations (young parents) versus Democrat caucus locations. It drilled down farther (e.g., ‘people who like NASCAR voted for Trump and Clinton’) by looking at which candidate won at a particular caucus location.
«

Deeply disturbing. You can bet that tons of those people had no idea that they were being profiled, or that their data was even being shared in that way.
link to this extract

 


Douglas Rushkoff: ‘I’m thinking it may be good to be off social media altogether’ » The Guardian

»
Ian Tucker: What do you find most objectionable about the kind of economy that technology appears to create?

Douglas Rushkoff: What’s most pernicious about it is that we are developing companies that are designed to do little more than take money out of the system – they are all extractive. There’s this universal assumption that we have to turn working currency into share price.
«

link to this extract

 


Microsoft looks to be retreating from EU antitrust fight against Google » Ars Technica

Quite a scoop from Kelly Fiveash:

»
Ars has learned that members including UK-based price comparison site Foundem—the original complainant in the antitrust case against Google—resigned from ICOMP after Microsoft backed away from what had been a dogged campaign against its search rival in Europe. ICOMP was founded in 2008 to fight for an “online competitive marketplace.”

One source told us that Microsoft had agreed to prop up ICOMP’s food, travel, and accommodation expenses without having any active involvement in the group.

In a letter from Foundem to ICOMP—seen by Ars—the company said: “In our view, an ICOMP that is prohibited from commenting on Google’s immensely damaging business practices is an ICOMP working against, rather than for, the interests of a fair, competitive online marketplace.”

Foundem added in its December 2 missive: “As a leading complainant in the European Commission’s ongoing competition investigation into Google’s search manipulation practices, Foundem cannot be a member of an organisation that has turned its back on such an important issue.”

Ars asked Microsoft to comment on this issue to confirm claims that its fight against Google on search in the EU was effectively over. It did not respond directly to that question, however. Instead we were told that Microsoft’s complaint against Google in the European Commission had not been withdrawn.
«

Fiveash has been covering the Google/Microsoft proxy battle for years since she was at The Register. But it sounds as though Satya Nadella, having gotten rid of the vicious ex-political lobbyist Mark Penn, is dialing down the quiet lobbying.
link to this extract

 


How to gain unauthorized fingerprint access to an LG V10 » AndroidAuthority

John Dye:

»
If this person isn’t running Nova Launcher, the game’s up here. This vulnerability is only known to work on this particular launcher so far, so if your quarry is operating Google Now then they are safe from your malicious intent. However, if they are running Nova Launcher, you can tap the Home button while on the main home screen, then tap the Widgets option. Add a Nova Action widget to the home screen, and then choose the activity “com.lge.fingerprintsettings.”

Pause here for a second, because this is where the vulnerability exists. Through the normal Settings menu, it’s impossible to access this particular activity before going through a security checkpoint and confirming either a fingerprint or PIN. However, since Nova is able to ignore the normal menu flow that leads to this screen, it creates a situation where a user can add their own fingerprint to the list of allowed fingerprints without ever proving that they have authorized access to the device.

The widget on the homescreen will now lead directly to fingerprint settings, and you can add your own fingerprint before deleting the widget, leaving little trace of your actions.
«

Nova Launcher presently has more than 10m downloads, so it’s possible you’d find it on a high-end phone. Commenters suggest it can be done on a Samsung Galaxy S5 and S6 too.

Sure that this will be all over news sites in a day or so of course with hundreds of comments. No?
link to this extract

 


Researcher illegally shares millions of science papers free online to spread knowledge » ScienceAlert

»
A researcher in Russia has made more than 48 million journal articles – almost every single peer-reviewed paper every published – freely available online. And she’s now refusing to shut the site down, despite a court injunction and a lawsuit from Elsevier, one of the world’s biggest publishers.

For those of you who aren’t already using it, the site in question is Sci-Hub, and it’s sort of like a Pirate Bay of the science world. It was established in 2011 by neuroscientist Alexandra Elbakyan, who was frustrated that she couldn’t afford to access the articles needed for her research, and it’s since gone viral, with hundreds of thousands of papers being downloaded daily. But at the end of last year, the site was ordered to be taken down by a New York district court – a ruling that Elbakyan has decided to fight, triggering a debate over who really owns science.

“Payment of $32 is just insane when you need to skim or read tens or hundreds of these papers to do research. I obtained these papers by pirating them,” Elbakyan told Torrent Freak last year. “Everyone should have access to knowledge regardless of their income or affiliation. And that’s absolutely legal.”…

… She also explains that the academic publishing situation is different to the music or film industry, where pirating is ripping off creators. “All papers on their website are written by researchers, and researchers do not receive money from what Elsevier collects. That is very different from the music or movie industry, where creators receive money from each copy sold,” she said.
«

The journals’ argument is that they add value by getting papers peer-reviewed, and edited, and choosing the important ones to publish. The existence of free unpeered sites such as Arxiv hasn’t noticeably dented their business.

But it always feels wrong when publicly funded research in particular ends up behind giant paywalls. If the public pays for the research, the public should be able to see its fruits.
link to this extract

 


Evidence suggests the Sony hackers are alive and well and still hacking » WIRED

Kim Zetter:

»
According to new data released this week by Juan Andrés Guerrero-Saade, senior security researcher with Kaspersky Lab’s Global Research and Analysis Team, and Jaime Blasco who heads the Lab Intelligence and Research team at AlienVault Labs, the hackers behind the Sony breach are alive and well…and still hacking. Or at least evidence uncovered from hacks of various entities after the Sony breach, including South Korea’s nuclear power plant operator, suggests this later activity has ties to the Sony case.

“[T]hey didn’t disappear…not at all,” Guerrero-Saade said during a presentation with Blasco this week at the Kaspersky Security Analyst Summit in Spain.

If true, it would mean the hackers who demonstrated an “extremely high” level of sophistication in the Sony attack have been dropping digital breadcrumbs for at least the last year, crumbs that researchers can now use to map their activity and see where they’ve been. The clues include—to name a few—re-used code, passwords, and obfuscation methods, as well as a hardcoded user agent list that showed up repeatedly in attacks, always with Mozilla consistently misspelled as “Mozillar.”
«

link to this extract

 


So who’s going to buy Pandora? » Music Business Worldwide

Tim Ingham:

»
the US public company has reportedly begun talking to Morgan Stanley about finding a potential buyer.

As we stand, Pandora, for all its historical global licensing issues and growing annual net losses, looks a little like a bargain.

The company has lost $7bn in market cap valuation over the past two years. It’s currently sitting at $1.9bn – less than a quarter of Spotify’s latest private valuation.

However, there are other reasons why possible acquirers may cool their jets on Pandora – not least the fact that its active listener base is dropping, down year-on-year in Q4 2015 to 81.1m.

In addition, the firm’s acquisition of Rdio’s assets means an entry into the hugely competitive space of interactive music streaming is an inevitability, while it paid a scary $450m to buy Ticketfly last year – a sister operation that contributed just $10m to the bottom line in Q4.

So who might cough up and buy Pandora if (and it’s a big if) its shareholders agree to push for a sale?
«

Suggestions: Google, Apple, IHeartMedia, Samsung. Can’t honestly see any of them wanting it, rather than just waiting for it to vanish.
link to this extract

 


Why mobile is different » The Economist

Anonymous, as ever with The Economist:

»
the combination of personalisation, location and a willingness to pay makes all kinds of new business models possible. Tomi Ahonen, head of 3G Business Consulting at Nokia, gives the example of someone waiting at a bus stop who pulls out his Internet-capable phone to find out when the next bus will arrive. The information sent to the phone can be personalised, reflecting the fact that the user’s location is known, and perhaps his home address too; so bus routes that run from one to the other can appear at the top of the list, saving the user from having to scroll and click through lots of pages and menus. A very similar service, which allows users to find out when the next bus is due by sending a text message from a bus stop, is already available in Italy.

Would-be providers of mobile Internet services cannot simply set up their servers and wait for the money to roll in, however, because the network operators—who know who and where the users are, and control the billing system—hold all the cards. This has changed the balance of power between users, network operators and content providers. On the fixed Internet, the network access provider acts as a “dumb pipe” between the user’s PC and, say, an online bookstore or travel agent. The access provider will not know how the connection has been used, and there is no question of claiming a commission. Mobile network operators, on the other hand, are in a far more powerful position. “Wireless is a smarter pipe,” says Chris Matthiasson of BT Cellnet. This means that operators are much less likely to be disintermediated.
«

The sharp-eyed will have started in the second sentence; others, in the second paragraph. That’s because this piece is from October 2001. It took a while, but the operators are pretty thoroughly disintermediated now.
link to this extract

 


TfL social media: adapting to Twitter’s changes » TfL Digital blog

Steven Gutierrez of Transport for London, which runs London’s buses and underground services:

»
in the last few years, Twitter has introduced various changes to the way it serves content to its users, and these have impacted upon our ability to reliably deliver these real-time status updates to our followers.

Now selected content on Twitter is shown out of sequence, we will reduce the amount of minor alerts and focus on providing up-to-the-minute alerts for major issues, as well as a renewed focus on customer service across our various accounts.

Our teams will continue to work day and night to support customers including First Contact who take care of the Tube line Twitter feeds as well as CentreComm and LSTCC who have access to everything from iBus (our system for tracking London Buses) to police helicopters monitoring London from above.
«

Wow: you think Twitter is a static thing, but these changes really do affect what happens. The point about image search shows it’s not trivial either.
link to this extract

 


Artificial intelligence offers a better way to diagnose malaria » Technology Review

Anna Nowogrodzki:

»
For all our efforts to control malaria, diagnosing it in many parts of the world still requires counting malaria parasites under the microscope on a glass slide smeared with blood. Now an artificial intelligence program can do it more reliably than most humans.

That AI comes inside an automated microscope called the Autoscope, which is 90 percent accurate and specific at detecting malaria parasites. Charles Delahunt and colleagues at Intellectual Ventures Laboratory—the research arm of Nathan Myhrvold’s patent licensing company Intellectual Ventures in Seattle—built the system with support from Bill and Melinda Gates through the Global Good Fund. The Autoscope was tested in the field at the Shoklo Malaria Research Unit on the Thailand-Myanmar border during malaria season in December 2014 and January 2015. The results were published in December.
«

If I’m reading the results correctly, it got about 95% accuracy. (Correct me if I’m wrong.)

My own forecast is that “an [AI] algorithm for..” will be the “listen to this!” phrase of 2016, and utterly commonplace in 2017.
link to this extract

 


Errata, corrigenda and ai no corrida: None noted.

Start up: Twitter’s falling tweet count, Google forgets more, cops v iPhone, how gravity waved, and more

The new essential tool for Indian farmers. Photo by Desiree Catani on Flickr.

It’s Friday! Save yourself a click on Monday – sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

(Someone told me the other day that they’d been reading the site for weeks and hadn’t noticed the signup in the above paragraph. Web design, eh?)

A selection of 8 links for you. Friday! I’m charlesarthur on Twitter. Observations and links welcome.

Twitter API data show the number of tweets is in serious decline » Business Insider

Jim Edwards:

The number of tweets per day created by Twitter’s users has fallen by more than half since a peak in August 2014, according to a sampling of data from Twitter’s API. (An API — application programming interface — is the portal through which other apps access Twitter so their software can function together.) The data was given to Business Insider by an app developer who has tracked Twitter users since 2013.

Tweets per day reached a peak in August 2014 of 661m, our source says. That 30-day sampling period included the World Cup final. In January 2016, there were only 303m tweets per day, on average, during the 30-day period.

This story came out before Twitter’s results, which showed the number of users was flat at best. Twitter responded at the time that “This data is not correct”; but it begins to feel correct. My only suspicion though is that Twitter now doesn’t use sequential tweet IDs, so the sampling method might be sensitive to that. More detail on how the sampling is done would be useful.
link to this extract

 


WhatsApp is changing the way people in India grow and buy food » TakePart

Sarah McColl:

Farmers Santhosh Kittur and Abhijit Kamath wanted to grow pesticide-free vegetables between the rows of banana plots each separately owned. Their shared interest in old-fashioned agricultural practices brought them together to grow bitter gourd, cucumbers, beans, cabbage, tomatoes, green chiles, red peppers, onions, and garlic—staples of the Indian customers and kitchens they planned to serve. But their modern approach to marketing has put them in direct contact with customers in a high-tech manner.

Across India, WhatsApp groups are not only connecting farmers to their customers in the virtual market—they’re creating a network of resources and support for the country’s farmers who need it most.

In Kittur and Kamath’s WhatsApp group, created last August, the two farmers post updates from their farms, including photographs, as well as what produce is available to the group’s 80 members. Vegetables are sold on Thursdays and Sundays. Members can place dibs on the quantity of specific vegetables they want and can pick up their order or have it delivered.

There’s a famous piece of research by Upsalla University from 2006 about how mobile phones benefited Tanzanian fishermen. It would be good to see a comparable piece of research around smartphone apps in emerging economies.

(And it’s always amusing to hear Americans’ amazement that people use Whatsapp. Like SMS in the early part of this century, it’s huge outside the US, small inside it.)
link to this extract

 


Apple entrusts TSMC with all application processor orders for iPhone 7 » ETNews Korea

Han Juyeop:

Taiwan’s TSMC has won a battle against Samsung Electronics and is going to produce 10-nano application processors (AP) that will be installed in Apple’s upcoming iPhone7. Samsung Electronics has entered a state of emergency system to prevent declination of rate of operation of factories.

Samsung Electronics is aiming for an all-out-war in 14-nano foundry business by going after middle-rank chip businesses in China and Taiwan instead and it is also going to focus its capabilities on maintaining supplies of Qualcomm’s 10-nano. It is also important for Samsung Electronics to plan out high-intensity innovations so that it can take back Apple’s supplies in 7-nano.

According to semiconductor IP and EDA industries on the 10th, Apple has entrusted TSMC with all production of next 10-nano AP called ‘A10’. A10 is so called a brain of iPhone7, which is expected to be released in this fall. TSMC is planning to enter a state of mass-production system of 10-nano chips starting from June.

Recall that Apple dual-sourced from both TSMC and Samsung for the iPhone 6S/Plus, though the TSMC ones seemed to do slightly worse on battery than the Samsung ones.

If true, this is going to hurt Samsung: Apple is a big customer, and the semiconductor division is now the most profitable one, well ahead of smartphones.
link to this extract

 


Gravitational waves exist: the inside story of how scientists finally found them » The New Yorker

Nicola Twilley:

It took years to make the most sensitive instrument in history insensitive to everything that is not a gravitational wave. Emptying the tubes of air demanded forty days of pumping. The result was one of the purest vacuums ever created on Earth, a trillionth as dense as the atmosphere at sea level. Still, the sources of interference were almost beyond reckoning—the motion of the wind in Hanford, or of the ocean in Livingston; imperfections in the laser light as a result of fluctuations in the power grid; the jittering of individual atoms within the mirrors; distant lightning storms. All can obscure or be mistaken for a gravitational wave, and each source had to be eliminated or controlled for. One of LIGO’s systems responds to minuscule seismic tremors by activating a damping system that pushes on the mirrors with exactly the right counterforce to keep them steady; another monitors for disruptive sounds from passing cars, airplanes, or wolves.

“There are ten thousand other tiny things, and I really mean ten thousand,” Weiss said. “And every single one needs to be working correctly so that nothing interferes with the signal.” When his colleagues make adjustments to the observatory’s interior components, they must set up a portable clean room, sterilize their tools, and don what they call bunny suits—full-body protective gear—lest a skin cell or a particle of dust accidentally settle on the sparkling optical hardware.

This is the one story to read today about this amazing finding. Detail and insight.
link to this extract

 


Nextbit’s cloud-savvy Robin phone is set to fly. Good luck catching one – CNET

Roger Cheng:

Chief Design Officer Scott Croyle warns that the early supply will be limited.

“There will be maybe 3,000 to 6,000 phones available,” he said in an interview Wednesday. In comparison, Apple sold 13m iPhone 6S and iPhone 6S Pluses in their first three days.

The launch of the online store and the Robin marks the culmination of an unorthodox journey for a phone maker. Rather than go through a carrier, which is how most people shop for handsets, or even set up an online store, Nextbit tested the waters by asking for commitments through Kickstarter and nearly tripled its goal of raising $500,000.

Nextbit isn’t the typical unknown startup. Co-founders Tom Moss and Mike Chan were part of Google’s original Android team. Croyle was behind the critically acclaimed HTC One phone.

But this is part of the future for smartphones – niche players offering a quirk (in this case, tons of cloud storage) which don’t need huge capitalisation because they sell online with low inventory.
link to this extract

 


What Everyone’s Got Wrong About Twitter (Including Twitter) » Re/code

Ian Schafer is founder and chairman of Deep Focus:

Twitter is a platform unlike any other, in that it has enough real-time data and intelligence that can be mapped against over 300 million active users. These users are more likely to be more influential and use other media concurrently (especially TV).

Therefore, a compelling argument can be made that, if used properly, Twitter’s real-time user behavior and media-consumption data can be among the most valuable consumer data. In most cases, advertisers will be willing to pay a premium for that. But because so many scrutinize Twitter’s ad experience, doubts abound.

There’s a lot of talk from people who want Twitter to open up its APIs again. I think they’re half-right.

If Twitter wants to realize its full potential, it will make its data completely portable for advertisers, becoming the primary source for real-time business and consumer intelligence. It will use its (and its users’) media savviness to feed a global dataset that ad exchanges, app developers, advertisers and corporations will pay increasingly large amounts of money to access, making it a media-led data company. It has already displayed success in this area; the Twitter Audience Platform and MoPub have gained traction, and with Facebook’s Parse shutting down, Twitter’s Fabric toolkit should gain traction with third-party app developers, as well.

Can you guess that Deep Focus is an ad agency?
link to this extract

 


Google to scrub web search results more widely to soothe EU objections » Reuters

Julia Fioretti:

The French data protection authority in September threatened to fine Google if it did not scrub search results globally across all versions of its website, such as Google.com.

But the company has stuck to its position that it should clean up search results only on European domains such as Google.fr or Google.de because to do otherwise would have a chilling effect on the free flow of information.

To address the concerns of European authorities, the Internet giant will soon start polishing search results across all its websites when someone conducts a search from the country where the removal request originated, a person close to the company said.

That means that if a German resident asks Google to de-list a link popping up under searches for his or her name, the link will not be visible on any version of Google’s website, including Google.com, when the search engine is accessed from Germany.

The company will filter search results according to a user’s IP address, meaning people accessing Google from outside Europe will not be affected, the person added.

Since the ruling in 2014, Google has received 386,038 requests for removal, according to its transparency website. It has accepted about 42% of them.

The lesson one tends to draw from this is “the threat of a fine makes Google act”.
link to this extract

 


Police destroy evidence with 10 failed passcode attempts on iPhone » Naked Security

Lisa Vaas:

In January 2014, a Massachusetts cop was swearing into his mobile phone while working a traffic detail at a construction site.

The F bombs appeared to upset an elderly lady walking by, so a man on a nearby front porch asked the officer, Thomas Barboza, to stop swearing.

The cop’s response: “Shut the f–k up and mind your own business.”

George Thompson’s response: he started recording Barboza on his iPhone.

According to court documents, Barboza shoved 53-year-old Thompson to the ground, arrested him, handcuffed him, and put him in jail for a night.

Police in the city of Fall River also tried to get into Thompson’s iPhone, where the footage of Barboza was stored.

But all the police managed to do was to destroy the evidence, wiping the phone clean after entering the wrong password 10 times.

Really clear that the cops wanted to get into the phone to wipe the evidence. (They accused Thompson of wiping it remotely; a forensics report showed that was a lie.) Yet another instance where security of the phones is potentially a good thing for the citizenry.
link to this extract

 


Errata, corrigenda and ai no corrida:

Start up: Watson seeks a use, what not to do with Android, TalkTalk insider on (in)security, and more

Moore’s Law is about to break completely. What then? Photo by sirexkat on Flickr.

If you’re reading this on email, there’s no need sign up to receive each day’s Start Up post by email. The rest of you…

A selection of 8 links for you. Ah-hah! I’m charlesarthur on Twitter. Observations and links welcome.

Artificial intelligence: can Watson save IBM? » FT.com

Richard Waters:

IBM’s initial plan was to apply Watson to extremely hard problems, announcing in early press releases “moonshot” projects to “end cancer” and accelerate the development of Africa. Some of the promises evaporated almost as soon as the ink on the press releases had dried. For instance, a far-reaching partnership with Citibank to explore using Watson across a wide range of the bank’s activities, quickly came to nothing.

Since adapting in 2014, IBM now sells some services under the Watson brand. Available through APIs, or programming “hooks” that make them available as individual computing components, they include sentiment analysis — trawling information like a collection of tweets to assess mood — and personality tracking, which measures a person’s online output using 52 different characteristics to come up with a verdict.

At the back of their minds, most customers still have some ambitious “moonshot” project they hope that the full power of Watson will one day be able to solve, says Mr Kelly; but they are motivated in the short term by making improvements to their business, which he says can still be significant.

This more pragmatic formula, which puts off solving the really big problems to another day, is starting to pay dividends for IBM. Companies like Australian energy group Woodside are using Watson’s language capabilities as a form of advanced search engine to trawl their internal “knowledge bases”. After feeding more than 20,000 documents from 30 years of projects into the system, the company’s engineers can now use it to draw on past expertise, like calculating the maximum pressure that can be used in a particular pipeline.

link to this extract

 


Opera gets $1.2bn buyout offer from mix of Chinese firms, board recommends deal » ZDNet

Jake Smith:

The $1.2bn offer is a 53% premium on Opera’s close as of February 4 on the Oslo stock exchange. Trading of the company has been suspended for two days following buyout rumors.

“There is strong strategic and industrial logic to the acquisition of Opera by the Consortium,” Opera CEO Lars Boilesen said on Wednesday. “The Consortium’s ownership will strengthen Opera’s position to serve our users and partners with even greater innovation, and to accelerate our plans of expansion and growth.”

Opera began looking for a buyer in August 2015, following slumping earnings after a steady loss of browser marketshare and slowing advertising sales.

Missed the “fat lady sings” headline.
link to this extract

 


FBI director says investigators unable to unlock San Bernardino shooter’s phone content » Reuters

Dustin Volz and Mark Hosenball:

FBI Director James Comey said on Tuesday that federal investigators have still been unable to access the contents of a cellphone belonging to one of the killers in the Dec. 2 shootings in San Bernardino, California, due to encryption technology.

Comey told the Senate Intelligence Committee that the phenomenon of communications “going dark” due to more sophisticated technology and wider use of encryption is “overwhelmingly affecting” law enforcement operations, including investigations into murder, car accidents, drug trafficking and the proliferation of child pornography.

“We still have one of those killer’s phones that we have not been able to open,” Comey said in reference to the San Bernardino attack.

Syed Rizwan Farook, 28, launched the Islamic State-inspired attack with his wife, Tashfeen Malik, 29, at a social services agency in the California city, leaving 14 dead.

So they’re not actually trying to figure out who the culprits are. So, crypto works?
link to this extract

 


What NOT to do with your Android device » AndroidAuthority

John Dye:

About a month ago now, Reddit user 19683dw pointed out the fact that there aren’t really many guides out there that attempt to tackle this issue. He and fellow redditors put together a great list of points, and it inspired us to run with his idea and dig a bit deeper. Not every point made in the Reddit thread is mentioned here, and we also added several different points of our own, but we do recommend checking out the original post and wanted to give a big thanks to 19683dw for putting this idea on our radar.

Among them: “don’t install the official Facebook app” (rapidly becoming this year’s meme on both iOS and Android); “don’t expect an Apple-like experience”; and “don’t install apps with unnecessary permissions”.
link to this extract

 


When the US Air Force discovered the flaw of averages » Toronto Star

Todd Rose:

In the late 1940s, the United States air force had a serious problem: its pilots could not keep control of their planes. Although this was the dawn of jet-powered aviation and the planes were faster and more complicated to fly, the problems were so frequent and involved so many different aircraft that the air force had an alarming, life-or-death mystery on its hands. “It was a difficult time to be flying,” one retired airman told me. “You never knew if you were going to end up in the dirt.” At its worst point, 17 pilots crashed in a single day.

The two government designations for these noncombat mishaps were incidents and accidents, and they ranged from unintended dives and bungled landings to aircraft-obliterating fatalities. At first, the military brass pinned the blame on the men in the cockpits, citing “pilot error” as the most common reason in crash reports. This judgment certainly seemed reasonable, since the planes themselves seldom malfunctioned. Engineers confirmed this time and again, testing the mechanics and electronics of the planes and finding no defects. Pilots, too, were baffled. The only thing they knew for sure was that their piloting skills were not the cause of the problem. If it wasn’t human or mechanical error, what was it?

A very subtle story, well told. Applicable to lots of things today too.
link to this extract

 


Apple demands widow get court order to access dead husband’s password » CBC News

Rosa Marchitelli:

[Donna] Bush [aged 72] lost her husband David to lung cancer in August. The couple owned an iPad and an Apple computer. Bush knew the iPad’s log-in code, but didn’t know the Apple ID password.

“I just had the iPad. I didn’t touch his computer, it was too confusing to me … I didn’t realize he had a specific password I should have known about … it just never crossed my mind,” Bush said. So when her card game app stopped working, the family tried to reload it and realized it couldn’t be done without the password.

That’s when her daughter, Donna Bush, called Apple to ask if it could help retrieve the password or reset the account. The Bushes could get a new Apple ID account and start from scratch, but that would mean repurchasing everything they had already paid for.

“I just called Apple thinking it would be a fairly simple thing to take care of, and the person on the phone said, ‘Sure, no problem. We just need the will and the death certificate and to talk to Mom.'”

But when Donna called back along with her mother and the requested information, she said, customer service had never heard of her.

After many phone calls and two months of what she describes as the “runaround,” Donna provided Apple with the serial numbers for the items, her father’s will that left everything to his wife, Peggy, and a notarized death certificate — but was told it wasn’t enough.

“I finally got someone who said, ‘You need a court order,'” she said.

Clearly Apple needs to figure out if a death certificate is enough, or not. A lot of these stories – about all sorts of companies – boil down to “but we called customer service again and got a different story..” The procedures are there, but not applied.
link to this extract

 


The chips are down for Moore’s law » Nature News & Comment

M. Mitchell Wardrop:

The industry road map released next month will for the first time lay out a research and development plan that is not centred on Moore’s law. Instead, it will follow what might be called the More than Moore strategy: rather than making the chips better and letting the applications follow, it will start with applications — from smartphones and supercomputers to data centres in the cloud — and work downwards to see what chips are needed to support them. Among those chips will be new generations of sensors, power-management circuits and other silicon devices required by a world in which computing is increasingly mobile.

The changing landscape, in turn, could splinter the industry’s long tradition of unity in pursuit of Moore’s law. “Everybody is struggling with what the road map actually means,” says Daniel Reed, a computer scientist and vice-president for research at the University of Iowa in Iowa City. The Semiconductor Industry Association (SIA) in Washington DC, which represents all the major US firms, has already said that it will cease its participation in the road-mapping effort once the report is out, and will instead pursue its own research and development agenda.

Everyone agrees that the twilight of Moore’s law will not mean the end of progress. “Think about what happened to airplanes,” says Reed. “A Boeing 787 doesn’t go any faster than a 707 did in the 1950s — but they are very different airplanes”, with innovations ranging from fully electronic controls to a carbon-fibre fuselage. That’s what will happen with computers, he says: “Innovation will absolutely continue — but it will be more nuanced and complicated.”

For more context, note that Intel is going to do three, rather than two, generations of 14-nanometre chips before going for 10nm.

This is an inflexion point whose importance we might only realise some years from now.
link to this extract

 


Ex-TalkTalker TalkTalks: records portal had shared password; it was 4 years old » The Register

Neat exclusive by Kat Hall:

Fraudsters who attempted to scam TalkTalk customers by using records of their maintenance engineer visits are thought to have bought that info from current or former staff.

According to one ex-TalkTalk employee, who asked not to be named, the company uses a third-party system called Qube Portal to book visits and record information. The platform is also used by EE and BT for booking third-party engineer appointments. Our source speculated that criminals may have gained access to TalkTalk information via the portal.

The system is thought to log the customer’s name, account number, landline number, mobile contact number given, address, and date of birth.

Our insider said: “Some of these reports can be somewhat humorous. For example: ‘Customer answered door wearing an adult nappy*’.”

Approximately 1,000 agents based in India, where TalkTalk’s technical support team operates, have access to that information. Our source said only about 100 agents in the UK are familiar with the system.

The source also claimed that the system was accessed by a shared login and password that hadn’t changed for the last four years.

He said: “My educated guess is that the details were leaked by offshore Indian agents.”

The latter not a surprise, but the details of the poor security are eye-opening. It’s increasingly evident that large organisations can’t do effective security. Not even the NSA, of course.
link to this extract

 


Errata, corrigenda and ai no corrida:

Start up: Samsung’s adblocker’s back, cement – solved!, #error53 redux, the Useless Hackathon, and more

Your plumber remembers one version of a call from Yelp, but the recordings show another. Who’s right? Photo by eldeeem on Flickr.

Oh, go on- sign up to receive each day’s Start Up post by email. Who knows, it might make your inbox happy.

A selection of 9 links for you. Smoosh them into mush. I’m charlesarthur on Twitter. Observations and links welcome.

Pirate group suspends new cracks to measure impact on sales » TorrentFreak

“Andy”:

One of the hottest topics in the game piracy scene in late 2015 surrounded the Avalanche Studios/Square Enix title Just Cause 3.

Released on December 1, 2015, pirates were eager to get their hands on the game for free. However, JC3 is protected by the latest iteration of Denuvo, an anti-tamper technology developed by Denuvo Software Solutions GmbH. Denuvo is not DRM per se, but acts as a secondary encryption system protecting underlying DRM products.

All eyes had been on notorious Chinese game cracking group/forum 3DM to come up with the goods but last month the group delivered a killer blow to its fans.

According to the leader of the group, the very public ‘Bird Sister’ (also known as Phoenix), the game was proving extremely difficult to crack. In fact, Bird Sister said that current anti-piracy technology is becoming so good that in two years there might not be pirated games anymore.

And now the group isn’t going to crack any single-player games. Won’t stop all the other cracking groups, of course.
link to this extract

 


Sky Q now available in the UK » Ars Technica UK

Sebastian Anthony:

Sky Q, the next iteration of Sky’s subscription TV service, is now available to buy in the UK. Prices start at £42 per month, climbing to £88.50 per month, and there’s a £250 setup fee that you have to swallow as well.

The headline feature of Sky Q is that you’re able to record three shows simultaneously while watching a fourth channel. If you stump up £54 per month for the upgraded Sky Q Silver box, you can record four channels and watch a fifth. Of course, whether there are actually five channels worth watching is a slightly more complicated question.

Other interesting features include a new touchpad-equipped remote control, downloading content for offline viewing, watching Sky TV on a tablet, and the possibility of streaming Sky TV to other rooms in the house via Sky Q Mini boxes.

Sky Q is a really smart response by Sky to the incursion of the web into TV; it folds it in (at a price). I’ve seen a demo, and it really is very slick, and the integration into tablet apps is terrific. Plus because it uses the satellite signal it’s fast – a big advantage in rural areas where broadband is slow.

(Here’s a piece I wrote on Sky Q before its details were fully known.)
link to this extract

 


Google restores ad blocker for Samsung browser to the Play Store » The Verge

Dan Seifert:

Following a little bit of drama last week, Google has restored an ad blocking plugin for Samsung’s Android browser to the Play Store today, according to a blog post from the developer of the app. The plugin, Adblock Fast, was removed from the Play Store last Tuesday after only being available for a day, with Google citing that the plugin violated a section of the Store’s developer agreements. The specific rule that was violated relates to plugins modifying other third-party applications, which is prohibited by Google.

Now things start to get interesting.
link to this extract

 


How WIRED is going to handle adblocking » WIRED

“Wired Staff”:

So, in the coming weeks, we will restrict access to articles on WIRED.com if you are using an ad blocker. There will be two easy options to access that content.

You can simply add WIRED.com to your ad blocker’s whitelist, so you view ads. When you do, we will keep the ads as “polite” as we can, and you will only see standard display advertising.
You can subscribe to a brand-new Ad-Free version of WIRED.com. For $1 a week, you will get complete access to our content, with no display advertising or ad tracking.

This presumes that adblocking readers will accept that they are worth $1/week to Wired, and that Wired is worth the same amount to adblocking readers. Is that proven? Given how small the amounts earned from ads per person are, this seems to be herding people who don’t know their true value towards a funnel. Premium ad display costs $10 per CPM – that is, per thousand showings. That’s 1c per premium ad you view. Multiply by the number of ads on a page – perhaps 10, for 10c? So if adblocking readers pay up but view fewer than 10 articles per week, Wired is making a solid profit from them, minus credit card costs.

Discussion on Hacker News suggests that people would rather go for a “bid to show me ads” model – which, to be fair, is how Google Contribute works. If you set your per-page view at, say, $0.35, then you’ll only see ads where an advertiser has bidded more. But of course that means you get all the tracking malarkey that goes with it (and of course if you truly don’t like tracking, why are you using Google?)

And as is also pointed out, you can subscribe to the physical magazine for a lot less than the $50 per year this implies – in fact you can get it for about a tenth of that.

Another point, finally – the page is 3.3MB, of which only half is content. The rest is ads. Still sure you want them?
link to this extract

 


Exclusive: Top cybercrime ring disrupted as authorities raid Moscow offices – sources » Reuters

Joseph Menn:

Russian authorities in November raided offices associated with a Moscow film distribution and production company as part of a crackdown on one of the world’s most notorious financial hacking operations, according to three sources with knowledge of the matter.

Cybersecurity experts said a password-stealing software program known as Dyre — believed to be responsible for at least tens of millions of dollars in losses at financial institutions including Bank of America Corp and JPMorgan Chase & Co — has not been deployed since the time of the raid. Experts familiar with the situation said the case represents Russia’s biggest effort to date to crack down on cyber-crime.

A spokesman for the Russian Interior Ministry’s cybercrime unit said his department was not involved in the case. The FSB, Russia’s main intelligence service, said it had no immediate comment.

Menn is a terrific journalist on this topic. I highly recommend his book Fatal System Error. (He’s written others too.)(Thanks Richard Burte for the pointer.)
link to this extract

 


Inside the Stupid Shit No One Needs & Terrible Ideas Hackathon » Motherboard

Cecilia D’Anastasio:

Featuring hacks like 3Cheese Printer, a 3D printer using Cheez-Whiz as ink, and NonAd Block, a Chrome extension that blocks all non-ad content, the New York-based Stupid Hackathon is disrupting hackathon culture. While other hackathons churn out useless projects in earnest, the Stupid Hackathon strips pretension away from tech developers’ money-backed scramble to satisfy every human need. Satirizing the hackathon community’s naive goals for techno-utopianism, co-organizers Sam Lavigne and Amelia Winger-Bearskin solicit projects that use tech to critique tech culture.

“Is a need being filled or is the need manufactured and then constantly reinforced?” Lavigne asked. “The Stupid Hackathon is the perfect framework for satirizing the whole tech community.”

Three Stupid Hackathon teams set out to create wearables that detect boners. Categories for hacks included “edible electronics,” “commodities to end climate change” and “Ayn Rand.” Participants, in general, ignored them.

Lavigne and Winger-Bearskin, who met at the Interactive Telecommunications Program (ITP) at NYU, became disenchanted with hackathons when they noticed that many aimed to “hack” world hunger or income inequality in one weekend. As a student at ITP, Winger-Bearskin, now director of the DBRS Innovation Lab, applied to participate in a hackathon on the theme of love hosted at ITP but was rejected.

“I couldn’t even eat the food that was on the table next to me,” she said, referring to the free food often provided for hackathon participants. “And I couldn’t hack about love!” Lavigne has never attended another hackathon.

There used to be an Apple Mac hacking contest – called MacHack – in the 1990s where hacks that could actually be thought helpful were derided as “useful!”. Seems the idea is back, in a bigger way.
link to this extract

 


Riddle of cement’s structure is finally solved » MIT News

Concrete forms through the solidification of a mixture of water, gravel, sand, and cement powder. Is the resulting glue material (known as cement hydrate, CSH) a continuous solid, like metal or stone, or is it an aggregate of small particles?

As basic as that question is, it had never been definitively answered. In a paper published this week in the Proceedings of the National Academy of Sciences, a team of researchers at MIT, Georgetown University, and France’s CNRS (together with other universities in the U.S., France, and U.K.) say they have solved that riddle and identified key factors in the structure of CSH that could help researchers work out better formulations for producing more durable concrete.

What a time to be alive, eh? That solid/particle question had been bugging me for ages. Seriously, though, it’s an important topic: this stuff is everywhere.
link to this extract

 


Apple are right and wrong » Consult Hyperion

Dave Birch:

Bricking people’s phones when they detect an “incorrect” touch ID device in the phone is the wrong response though. All Apple has done is make people like me wonder if they should really stick with Apple for their next phone because I do not want to run the risk of my phone being rendered useless because I drop it when I’m on holiday need to get it fixed right away by someone who is not some sort of official repairer.

What Apple should have done is to flag the problem to the parties who are relying on the risk analysis (including themselves). These are the people who need to know if there is a potential change in the vulnerability model. So, for example, it would seem to me to be entirely reasonable in the circumstances to flag the Simple app and tell it that the integrity of the touch ID system can no longer be guaranteed and then let the Simple app make its own choice as to whether to continue using touch ID (which I find very convenient) or make me type in my PIN, or use some other kind of strong authentication, instead. Apple’s own software could also pick up the flag and stop using touch ID. After all… so what?

Touch ID, remember, isn’t a security technology. It’s a convenience technology. If Apple software decides that it won’t use Touch ID because it may have been compromised, that’s fine. I can live with entering my PIN instead of using my thumbprint. The same is true for all other applications. I don’t see why apps can’t make their own decision.

Birch’s point that this could put people off buying Apple phones is surely one that has already occurred to its management, and will be – like the prospect of being shot in the morning – concentrating their minds.
link to this extract

 


Reviews Rashomon: plumber remembers Yelp threat that never actually occurred » Screenwerk

Greg Sterling:

I had a plumber replace my kitchen faucet. As I do with all service professionals I engaged him in discussion about how he marketed himself and where his leads were coming from. Yelp was one of the primary sources.

He then told me that he had been solicited to advertise on the site and that he declined but was told by the telephone sales rep that his reviews could potentially be affected if he didn’t. This was the first time I’d directly heard this from a business owner.

In my mind this was the first real “evidence” that some sort of sales manipulation might be going on. I informed Yelp of my exchange with the plumber and it was immediately disputed: “That didn’t happen,” I was told.

To make a longer story short, Yelp invited me in to listen to the sales calls with this plumber, whom I identified to the company. Yelp records its end of sales calls but not the business owner’s conversation.

I sat in Yelps offices and listened to what must have been 25 – 30 calls to this plumber. Most of them were trying to set up appointments to discuss Yelp advertising. And there were at least two Yelp sales reps who were trying to close the account; a second one took over after the first one was unsuccessful.

There was nothing that sounded like a threat or any suggestion that reviews would be removed or otherwise altered by Yelp if the guy didn’t advertise. There wasn’t anything that could be construed as even implying that.

Sterling concludes that this is a “Rashomon” – a scene where every recounting differs subtly. One possibility: the calls with the threats actually come from scammers. Or plumbers just misinterpret what they hear.
link to this extract

 


Errata, corrigenda and ai no corrida: Yesterday’s link to VTech’s horrendous security came via Chris Ratcliff. Thanks, Chris.

Start up: broadband targets, Wired’s adblock plans, Facebook app v iOS, Ted Cruz v reality, and more


VTech got hacked – but was it open to hacking in any case? Photo by remediate.this on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 8 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

UK within 0.8% of the original BDUK phase 1 superfast broadband goal » thinkbroadband

Andrew Ferguson:

The UK is edging closer to its original BDUK target of 90% superfast broadband across the UK every week and it is looking like the 24 Mbps or faster target will be crossed in March and the EU figure of 30 Mbps another couple of months later. Given the political ambition is 95% superfast coverage by the end of 2017 and as individual projects push on and they are getting to ever more sparsely populated areas in the main the 95% figure may look easy but we are seeing roll-outs slowing in some areas as the premises per cabinet ratio gets worse.

What is interesting is observing the complaints about broadband which are not diminishing even though more people can get superfast broadband but are actually increasing, and this is even allowing for the lobbying that is underway over what Ofcom should and will do with Openreach. We believe that complaints are going to get worse as coverage levels improve, this is because those missed out will be increasingly worried they are in the final 5% which has no firm delivery promises yet.

I’m in the 5%.
link to this extract

 


As Flint fought to be heard, Virginia Tech team sounded alarm » The New York Times

Mitch Smith:

as government officials were ignoring and ridiculing residents’ concerns about the safety of their tap water, a small circle of people was setting off alarms. Among them was the team from Virginia Tech.

The team began looking into Flint’s water after its professor, Marc Edwards, spoke with LeeAnne Walters, a resident whose tap water contained alarming amounts of lead. Dr. Edwards, who years earlier had helped expose lead contamination in Washington, D.C., had his students send testing kits to homes in Flint to find out if the problem was widespread. Lead exposure can lead to health and developmental problems, particularly in children, and its toxic effects can be irreversible.

Their persistence helped force official to acknowledge the crisis and prompted warnings to residents not to drink or cook with tap water.

link to this extract

 


The utter nastiness of Ted Cruz » The Washington Post

Dana Milbank:

I followed both Cruz and Trump this week at multiple campaign events across New Hampshire. It was, in a sense, a pleasure to see them use their prodigious skills of character assassination against each other. It was demagogue against demagogue: lie vs. lie. Both men riled their supporters with fantasies and straw men.

But there were discernible differences. Trump owned anger. Cruz, by contrast, had a lock on nastiness. Trump is belligerent and hyperbolic, with an authoritarian style. But while Trump fires up the masses with his nonstop epithets, Cruz has Joe McCarthy’s knack for false insinuation and underhandedness. What sets Cruz apart is the malice he exudes.

Cruz jokes that “the whole point of the campaign” is that “the Washington elites despise” him. But Cruz’s problem is that going back to his college days at Princeton, those who know him best seem to despise him most.

Read on for the most amazing lies spread by Cruz’s team during the Iowa primaries; expect more through the next few months, until and unless Marco Rubio takes the lead. Or maybe it will get even worse then.
link to this extract

 


Russian group accused of online ad fraud through Twitter service » FT.com

Robert Cookson:

[Online security company] Sentrant has claimed to have identified more than 200 apps in the Google Play store that, after being installed on a mobile device, loaded “invisible” ads in the background. Its researchers estimated that these rogue apps generated at least $250,000 in advertising revenues each day — from companies paying for views — even though the ad placements could not actually be seen by people.

“This is as bad as any financial crime going on worldwide,” said Allen Dillon, chief executive of Sentrant. “It’s going to cost the consumer at the end of the day, because someone has to pay for the losses.”

Sentrant said that apps containing “fraud code” linked to Academ Media included Frozen Flame, a free game for children that has been downloaded more than 100,000 times.

Academ Media said that the allegations were unfounded. It claimed that, a year ago, its systems were hacked by an unknown attacker, who stole data and modified the company’s apps to commit advertising fraud.

ಠ_ಠ
link to this extract

 


India’s regulator effectively bans Facebook’s free basics service » WSJ

Sean McLain, Joanna Sugden and Deepa Seetharaman:

Facebook’s efforts to expand Internet access in the developing world suffered a blow Monday when India’s telecommunications regulator ruled that the social-media company’s plan to offer free access to a limited number of websites undercut the purpose of the Internet.

The regulator said Facebook’s Free Basics service violated the principles of net neutrality, which call for equal treatment of all traffic on the Internet. The new regulations ban all programs in India that offer free access to a limited set of online services.

This means Reliance Communications Ltd., the mobile-phone service provider that is Facebook’s partner in India, can’t offer Free Basics or free access to Facebook’s social-media site.

Net neutrality wins, connectivity loses?
link to this extract

 


Uninstalling Facebook app saves up to 15% of iPhone battery life » The Guardian

Samuel Gibbs:

concerns about Facebook’s Android app led to the discovery that deleting the app saves up to 20% of a phone’s battery. After that revelation, I set about seeing if the same was true for iPhone users. I discovered that uninstalling Facebook’s iOS app and switching to Safari can save up to 15% of iPhone battery life.

Using an iPhone 6S Plus for a week without the main Facebook app installed, I recorded the battery life at 10.30pm each day for a week comparing it to a daily average taken from a week with the app. I charged the phone overnight, taking it off the charger at 7.30am, and used it normally. I accessed Facebook for the same amount of time, and for the same purposes, using the social network’s excellent mobile site within Safari, as I had done using the app. I also left the Facebook Messenger app installed.

On average I had 15% more battery left by 10.30pm each day. I had also saved space, because at the point I had deleted the Facebook app it had consumed around 500MB in total combining the 111MB of the app itself and its cache on the iPhone.

His iPhone 6S review in October 2015:

Battery life is the iPhone 6S’s biggest problem. During the week the phone failed to make it past 11pm after leaving the charger at 7.30am in the morning.

I used the iPhone as my primary device, receiving hundreds of emails and push notifications, conducting 2.5 hours of browsing, three hours of music playback via Bluetooth headphones, taking a couple of pictures and playing the odd game of Angry Birds 2 on the train home.

At the weekend it spent most of the day sitting on a table untouched, but I still went to bed with only 30% charge left. Apple’s new Low Power Mode made little appreciable difference in real-world use.

The photo on the review shows Facebook installed, though that for battery life doesn’t show Facebook figuring. And yet… could there be a connection?
link to this extract

 


Wired Is Launching an Ad-Free Website to Appease Ad Blockers – Bloomberg Business

Joshua Brustein:

More than 1 in 5 people who visit Wired Magazine’s website use ad-blocking software. Starting in the next few weeks, the magazine will give those readers a choice: stop blocking ads, pay to look at a version of the site that is unsullied by advertisements, or go away. It’s the kind of move that was widely predicted last fall after Apple allowed ad-blocking in the new version of its mobile software, but most publishers have shied away from it so far.

Wired plans to charge $3.99 for four weeks of ad-free access to its website. In many places where ads appear, the site will simply feature more articles, said Mark McClusky, the magazine’s head of product and business development. The portion of his readership that uses ad blockers are likely to be receptive to a discussion about their  responsibility to support the businesses they rely on for  information online, McClusky said.

I’d like to see McClusky’s spreadsheet where it shows that every user who accesses the Wired site is worth $1 per week. Then we can talk. I’d guess the real number is perhaps one-fiftieth that size.
link to this extract

 


No, VTech cannot simply absolve itself of security responsibility » Troy Hunt

A few months ago, the Hong Kong based toy maker VTech allowed itself to be hacked and millions of accounts exposed including hundreds of thousands of kids complete with names, ages, genders, photos and their relationships to their parents replete with where they (and assumedly their children) could be located.

I chose this term deliberately – “allowed itself to be hacked” – because that’s precisely what happened. In an era where major incidents such as Ashley Madison and TalkTalk were front page news in the mainstream press, VTech continued to run a service with such egregious security flaws as the SQL injection risk the hacker originally exploited, unsalted MD5 password hashes, no SSL encryption anywhere, SQL statements returned in API calls (it’s actually in the JSON response body of my post above) and massively outdated web frameworks.

What I didn’t write about at the time but reported privately was that they also had multiple serious direct object reference risks; the API that returned information on both kids and parents could be easily exploited just by manipulating an ID.

Ugh. Terrible, terrible security. And these people want access to childrens’ data? Oh, but it gets worse: see how they’ve updated their Ts and Cs.
link to this extract

 


Errata, corrigenda and ai no corrida: ICYMI, I wrote about iPhone third-party repairs, #error53 and its likely causes, and what it tells us about Apple and some of the media.

Explaining the iPhone’s #error53, and why it puts Apple between conspiracy and rock-hard security (updated)


The TouchID system on the iPhone 6 is difficult to fix because it’s linked to Apple Pay. Photo by Janitors on Flickr.

There’s been a huge amount of coverage on the topic of “error 53”, which is a message thrown up by iTunes when it detects a particular fault on newer iPhones. But of course the rewriting hasn’t actually tried to add any value or understanding, for the most part. (Oh, internet journalism, if you only knew how crap you are.)

Techmeme coverage of "error 53"

Techmeme coverage of “error 53”: did any of it add any detail?

 

So here’s my attempt to explain it, starting from what we know, and what we can find out, and what we can deduce. On with the show!

What is #error53?

It’s the error shown in iTunes for an iPhone 6, 6 Plus, 6S or 6S Plus after an operating software upgrade (eg upgrading from iOS 8.1 to iOS 8.2, or 8.1 to 9.0, or 9.2 to 9.2.1) if the phone has had its TouchID sensor replaced or its cable interfered with since the last software upgrade.

Error 53 (almost) bricks the device: it tells you to plug it in to iTunes and recover it, but in the instance above it won’t work. There is a way to bring the phone back to life if you’ve had Error 53, which we’ll come to presently.

Update: Apple has now (February 18, ten days later) released an iOS update for those using 9.2.1 and updating via iTunes which fixes this. Read the support document.

This is just Apple trying to stop third-party repairs, isn’t it?

That’s the conspiracy version of the explanation, but it isn’t self-consistent. Third-party repairers say they can still replace batteries, screens, and various other bits. What they’ve learnt though is that doing anything with TouchID on the iPhone 6/etc can kill the phone. So they avoid doing those repairs, and tell people to take affected phones to Apple repair shops.

Note that third-party repair shops have known about the home button problem for a long time. However, it’s only just come to media attention.

Why doesn’t it happen to the iPhone 5S?

The fact that this only began happening with the iPhone 6/Plus sharpened the conspiracy that this is Apple trying to shut down third-party repairs. (But it also weakens the conspiracy theory, because wouldn’t Apple seek to block it on all devices?) The reason is down to the key difference between the 5S and the 6/Plus: the 5S doesn’t have NFC, and so can’t do Apple Pay.

Why does Apple Pay matter in this?

Apple Pay means the phone contains Secure Elements, which are cryptographic stores with credit card and payment data – including (I surmise) how to turn a credit card number into an NFC payment mechanism, which is not the sort of information that banks want to be leaked everywhere.

Why does it only happen after an OS upgrade, rather than right after a replacement?

To understand this, we have to go to Apple’s security documents about iOS 9, and how security works with TouchID (the fingerprint reader), the Secure Enclave (which stores a hashed version of your fingerprint) and the Secure Elements, which store key financial data in an encrypted form.

Here’s a diagram from Apple’s security document, showing the direction of trust as the device boots up: it travels from the bottom to the top. We’re only interested in the stuff at the bottom of this stack at present (from “Apple root certificate” upward to the top of the “hardware/firmware” part).

iPhone security system begins with the hardware

Apple’s explanation of how the security system works in the iPhone: booting starts from the bottom and progresses upwards.

On bootup, the system goes through various hardware checks to ensure that everything is tickety-boo, cryptographically speaking. If it finds something wrong, then it gives you the “Connect to iTunes” screen, and if you’re lucky, throws up an error message. Note that if something is wrong at this bootup stage, you don’t reach the higher level of the file system and OS partition; you’re stuck at the hardware/firmware level.

If you replace the TouchID system on a device, the system doesn’t throw an error at this point. Why not? I’m not completely sure, but I think that the TouchID subsystem doesn’t have an entry in the device’s own hardware/firmware listing, so the device can’t tell whether the TouchID system that’s installed is the same one it originally had at manufacture.

Update: on thinking some more about it, I think this is why. The security model is one which doesn’t trust values that are stored on-device but not burnt into hardware. So any value in a firmware register could have been changed. Now, if the TouchID serial were stored on hardware, it could be checked on boot to see if it’s trusted – but you’d never be able to replace the TouchID sensor, because the old serial is burnt into the chip. A firmware value on startup can’t be trusted because it might have been changed.

Therefore the device doesn’t brick when it’s first turned on after repair. It has to rely on something external which has stored the TouchID serial – that is, Apple’s installation authorisation server./Update

What happens on a software upgrade is subtly different from simply booting. From Apple’s document, on p6:

During an iOS upgrade, iTunes (or the device itself, in the case of OTA [over-the-air] software updates) connects to the Apple installation authorization server and sends it a list of cryptographic measurements for each part of the installation bundle to be installed [emphasis added] (for example, LLB, iBoot, the kernel, and OS image), a random anti-replay value (nonce), and the device’s unique ID (ECID).

The authorization server checks the presented list of measurements against versions for which installation is permitted and, if it finds a match, adds the ECID to the measurement and signs the result. The server passes a complete set of signed data to the device as part of the upgrade process.

Adding the ECID “personalizes” the authorization for the requesting device. By authorizing and signing only for known measurements, the server ensures that the update takes place exactly as provided by Apple. The boot-time chain-of-trust evaluation verifies that the signature comes from Apple and that the measurement of the item loaded from disk, combined with the device’s ECID, matches what was covered by the signature.

These steps ensure that the authorization is for a specific device and that an old iOS version from one device can’t be copied to another. The nonce prevents an attacker from saving the server’s response and using it to tamper with a device or otherwise alter the system software.

What I think is happening is that the new TouchID system’s serial number is in included in the cryptographic data sent to the authorisation server, and when that is compared against what it should be for the given ECID, the numbers don’t match.

At that point, the authorisation server decides that Something Bad is going on, and blocks the update. The device now fails the low-level boot – it can’t get past the kernel level to the OS boot – and so the device is bricked.

And that is why it bricks on a software update.

Why doesn’t it check with the authorisation server after the repair?

The phone doesn’t have any way of “knowing” whether it’s restarting after a repair, or after it ran out of battery, or you just turned it off for the night. If every phone were to check in with the authorisation server on being powered on, three things would happen: (1) the authorisation server would die (2) people would be furious because their phone wouldn’t boot because it would need connectivity to check the details for its ECID, and you don’t always have connectivity when you turn your phone on (3) Apple would get majorly dinged for “snooping on when people turn their phone on.”

That doesn’t explain why it doesn’t happen on the 5S, though.

Damn right. At which point we have to consider that the “cryptographic measurements” sent back for an iPhone 6/etc differ from those of an iPhone 5S, specifically because of the Apple Pay-related Secure Elements.

Why does the device still work after the third-party replacement?

Let’s qualify this: it does work, but TouchID (and so Apple Pay and others) don’t work after a third-party fix that affects TouchID. The pairing there between the Secure Element/Secure Enclave/TouchID, which was set up when the device was manufactured, is lost. It carries on not working; then at some point, you get a software upgrade notification. And then – disaster.

Considering this, I think what is stored for communication with the server is the TouchID pairing status. If it’s unpaired, the update can’t go ahead.

Update: the fix issued by Apple must tell it to go ahead if the TouchID pairing status is changed, but leaving TouchID disabled.

What if you’ve never set up Apple Pay?

Doesn’t matter. The issue is not the data you’ve stored in the device, but the data that’s built into the device – cryptographic keys used for creating payment authorisation for credit cards. Those are in the Secure Elements.

What are the Secure Elements, and what do they contain?

Here’s a definition:

An SE is a tamper resistant hardware platform, capable of securely hosting applications and storing confidential and cryptographic data. For example, in the finance industry SEs are used to host personalized card applications and cryptographic keys required to perform financial (EMV) transactions at a point-of-sale terminal. SEs used in the identity market may hold biometric data or certificates which can be used for signing documents. Whichever purpose, the secure environment provided by the SE protects the user’s credentials ensuring the safety of the user’s data.

The reason why Error 53 happens when you change or interfere with the TouchID sensor on a more-recent-than-5S phone is that the system detects – during the software upgrade – that something has changed, and that the embedded trust system has been broken. And so the device doesn’t get authorisation to update.

Why does the Secure Elements stuff matter, though?

The banks/financial institutions specify that the operating system must not be able to directly access the data in the “trusted zone” (the Secure Elements).

How can you recover from Error 53?

Quite simple: replace the new TouchID processor with the old one. (People say they have successfully done this.) However, saying it is a lot easier than doing it. Some people don’t have the old one. Or the old one might just be broken.

How does Apple replace TouchID systems?

We don’t know, but we know it can, because it does. There must be a method for updating the cryptographic measurement list held by the authorisation server for a particular ECID. I’d imagine that involves logging into a server, entering an ECID (or connecting the phone) and letting the two talk to each other.

Note that when you have your screen repaired by Apple, it will tell you to disable TouchID first. And afterwards, you’ll have to recalibrate it. So there might be something there.

Why can’t Apple do that to devices which have failed on Error 53?

We don’t know. (Possibly it can.)

Could Apple change things so that in future it just disables TouchID and software updates still work?

Perhaps. I suspect it would need some sort of adjustment to what gets sent to the authorisation server, or what the server considers OK to approve. But if Apple is tied here by what the financial institutions demand around the Secure Elements, it might not have the choice.

Why hasn’t Apple explained that this is a risk of third-party replacement?

Ah, now we come to the challenge of Being Apple. Its mystique (for that’s what a lot of it is) lies in saying very little about how it does things, and asking people to take this stuff on trust, or for granted.

Thus when it comes to repairs, Apple’s implied assumption is that everyone will bring their device to an Authorised Apple Dealer, or Apple, to get it fixed. This ignores the fact that it now sells phones in countries where you’d have to travel for hours and hours to reach either of those – if you were lucky.

Naturally, people go to third-party repair shops to get these things done. And then problems start, because you’re talking about a pocket supercomputer with embedded cryptographic systems that are sensitive to being fiddled with.

But Apple has done a bad job here in communicating the risks of getting anything around the TouchID system replaced. It really needed to get the message out there.

Why didn’t Apple get the message out there?

Probably it’s been difficult to separate the signal from the noise on this. If someone comes in to an Apple Store with an Error 53 phone, it’s hard to know at first why it has done it. The device gets replaced, and the old one sent back to Apple, but that’s barely half of the feedback loop: it has to reach Apple, someone has to figure out why it doesn’t work, and then inform stores, and also inform the marketing people that this can be a problem which needs to be communicated.

Very likely there are people in Apple Engineering, Apple Retail and Apple Marketing who are right now looking at an email trail and smacking their foreheads as they realise what the problem they missed was. Those phones sent back from the stores marked as “will not boot”… ohhh.

That’s the problem with big organisations, though: that sort of feedback loop is really, really hard to organise well. Alternatively, perhaps it has been noticed, but it hasn’t affected a large number of people, and so isn’t as high a priority as.. something else. (We don’t know what.) Of course, to the affected people, it’s a bloody high priority.

Shouldn’t Apple allow third-party TouchID repairs, though? After all, the phone is your property.

The “property” argument isn’t a great one, to be honest. Apple sells you a device, but it doesn’t give you untrammelled rights to it; you aren’t legally allowed to (try to) decompile the software, or the firmware, or to dig into things like the Secure Elements. You don’t own the entire thing.

That’s how things are these days; the open-software absolutists run into a problem with mobile phones, because even if you can download and compile the operating system (a la Andy Rubin) you won’t be able to do that on the baseband software which actually provides the mobile functions. So it’s never completely “your” phone. That’s the case with PCs too these days – there’s stuff on the motherboard you don’t get to mess with.

None of this proves it isn’t Apple just shutting out third-party repairs, though.

Ah, proof. It’s so hard to prove the imaginary, or to refute it. However the scenario where some Apple executives gather round a table and say “You know what? We’re losing valuable revenues and profits from people using third-party repairs! We need to brick those phones!” fails both Occam’s Razor and Hanlon’s Razor, the two logical tests that help you filter through a lot of modern crap.

Occam’s, you’ll recall, is “don’t let entities multiply unnecessarily – aka “the simplest explanation is probably the right one.” Hanlon’s, meanwhile, is “never ascribe to conspiracy what can more easily be ascribed to cockup.”

Why does “shutting out third party repairs” fail Occam’s? Because it requires a lot of people putting in varying amounts of effort to make it happen.

For the malicious version: Apple has to have decided (1) it doesn’t like third-party repairs; (2) it wants people to have a bad experience when they try to upgrade their software (is it certain people will connect the third-party repair with the bricking, given that the events might be weeks or months apart? They might even have had an Apple fix of some sort in the meantime) (3) to set in motion an internal program whereby third-party replacements using correctly-sourced parts will fail, but its own repairs using the same parts won’t (quite risky) (4) to keep all this secret while also instructing its repair shops how to do this.

For the accidental explanation: the new TouchID system on the iPhone 6/etc now pairs with the Secure Elements and its cryptographic signature is sent to the update server on device activation. If the signature doesn’t match on subsequent update requests, the device isn’t authorised.

See how much simpler the latter one is? It doesn’t require any executives, or nefarious planning; just some work by the engineers updating the TouchID/Secure Elements systems. That satisfies Occam.

But equally, the second also satisfies Hanlon’s Razor. Nobody has been malicious; if anything, they’ve been trying to safeguard customers by making sure that sensitive (to financial groups) information can’t get hacked off your phone. However, in doing that, they’ve created a situation where customers get a bad experience and Apple gets bad publicity over something it would have hoped would give it kudos.

The shibboleth

In all the coverage of this topic, it is quite amazing how ready people are to assume the worst. Apple is uniquely capable of polarising people, who find it exceptionally hard to be indifferent about what it does. Either it’s a sort of wellspring of ideas and direction in all sorts of markets, from PCs to mobile phones to smart watches; or it’s a malicious money-grabbing marketing machine seeking ever more ways to rip people and governments off, while foisting commodity products on people at sky-high prices.

For instance, where do you think Cory Doctorow stands on it?

Punish. There’s a verb.

Or Dan Gillmor?

(Both links in those tweets are to the same Guardian article that kicked this all off on Saturday.)

Yet if you look on Hacker News, you’ll find the tenor of the discussion is much more like “oh, that makes sense from a security point of view”. And security experts on Twitter such as Steve Bellovin and Matthew Green could discuss the matter without invoking conspiracy theories.

I find it odd that people who write publicly for money seem more willing to go for the conspiracy theory than those who don’t. Doesn’t exposure to enough organisations teach you that the bigger they get, the more easily screwups happen, and the less communication there is between their many arms?

And Apple really is big these days, stretching across an incredibly broad area of the computing market – from Macs to mobile phones to tablets to smart watches to iPods, from desktop operating systems to mobile operating systems (tweaked differently for the tablet and the phone), to smartwatch and TV set-top box operating systems, to desktop and mobile applications, to cross-platform music programs (iTunes is on Mac OSX and Windows; Apple Music is on iOS, Windows, Mac OSX and Android), to web services (CloudKit) and even chip design.

I’m pretty confident in saying that no other company is doing as many things across as many hardware and software platforms. Google is huge, but doesn’t make hardware in anything like that volume; Microsoft is huge too, but doesn’t make hardware in any appreciable volume. Apple does the whole thing, including chip design. The combination of hardware and software challenge in adding just one new feature to any individual device line is mind-boggling, because you have to consider how it’s going to affect everything else.

In that context, an engineering team working away on an improved TouchID system which authenticates against tampering probably thought they were doing just the right thing. Instead, they were throwing their retail and PR people into a media storm. The size of the teacup is yet to be determined.

Quite how Apple is going to get its explanation across will be educative to watch. (I haven’t spoken to Apple in writing this.) The more interesting question though is: what will happen once lots of Android devices start using Android Pay (which has pretty much the same trust requirements) and those start breaking? Will third-party repairers be able to fix them, or will they have to be sent back to the manufacturer? And if it’s the latter (or if people try the former) how much hell is there going to be to pay?

Though you suspect you know the answer already. It won’t arise, because not that many OEMs will implement Android Pay, and the people who get inconvenienced won’t make as much noise about it. Who cares if someone with an HTC phone has to swap it and loses their data? You’d struggle to get most newsdesks to know what an HTC phone was. Say “iPhone”, though…

Start up: hedge funds like AI, Facebook’s close separation, what if Twitter died?, BlackBerry cuts, and more

A break like this, affecting the home button, is probably going to lead in time to an #error53 fault if you don’t get it repaired by Apple. But what causes it, exactly? Photo by wZa HK on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 12 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Will AI-powered hedge funds outsmart the market? » MIT Tech Review

Will Knight:

Anthony Ledford, chief scientist of MAN AHL, explains that the company is exploring whether techniques like deep learning might lend themselves to finance. “It’s at an early stage,” Ledford says. “We have set aside a pot of money for test trading. With deep learning, if all goes well, it will go into test trading, as other machine-learning approaches have.”

Trading might seem like an obvious place to apply deep learning, but actually it isn’t clear how comparable the challenge of finding subtle patterns in real-time trading data is to, say, spotting faces in digital photographs. “It’s a very different problem,” Ledford admits.

Academic experts also sound a note of caution. Stephen Roberts, a professor of machine learning at Oxford University, says deep learning could be good “for extracting hidden trends, information, and relationships,” but adds that it “is still too brittle with regard to handling of high uncertainty and noise, which are prevalent in finance.”

You just know that this isn’t really going to work, but also that it’s going to be used by a ton of funds to try to get ahead of the market – a market composed of other funds also trying to use the same processes.
link to this extract

 


iOS security – iOS 9 or later » Apple

Let’s try to get on top of this #error53 stuff:

During an iOS upgrade, iTunes (or the device itself, in the case of OTA software updates) connects to the Apple installation authorization server and sends it a list of cryptographic measurements for each part of the installation bundle to be installed (for example, LLB, iBoot, the kernel, and OS image), a random anti-replay value (nonce), and the device’s unique ID (ECID).

The authorization server checks the presented list of measurements against versions for which installation is permitted and, if it finds a match, adds the ECID to the measurement and signs the result. The server passes a complete set of signed data to the device as part of the upgrade process. Adding the ECID “personalizes” the authorization for the requesting device. By authorizing and signing only for known measurements, the server ensures that the update takes place exactly as provided by Apple.

The boot-time chain-of-trust evaluation verifies that the signature comes from Apple and that the measurement of the item loaded from disk, combined with the device’s ECID, matches what was covered by the signature.

These steps ensure that the authorization is for a specific device and that an old iOS version from one device can’t be copied to another. The nonce prevents an attacker from saving the server’s response and using it to tamper with a device or otherwise alter the system software.

To recap, with #error53, people who have had third-party replacements of screens and/or home buttons on the iPhone 6/Plus and 6S/Plus (but not the 5S) find that it works fine – though they can’t use TouchID (it’s greyed out as an option). But when they do an OS update, the phone bricks: can’t get data, can’t restore.

So my understanding of this is: the reason why devices which have had third-party replacement parts only brick after an OS update, yet work fine before it, is this: on trying to install the update they connect to the auth server. The server decides that the cryptographic measurements no longer match what it has on record. So it decides the chain of trust is broken, and effectively shuts down the device.

But it’s poor decision-making by Apple, and equally poor communication. Why doesn’t it happen on the 5S? Update: because the 5S doesn’t have NFC for Apple Pay. (Thanks, Andy.) What’s the process that Apple uses when it does the repair to revalidate the TouchID system (which fails even with valid parts)? Why can’t the system tell that it’s just TouchID that’s affected? The safety process has overshot its requirements. Every part of what happens makes sense from a security perspective  – but not if considering that many people will get third-party repairs.
link to this extract

 


Three and a half degrees of separation » Research at Facebook

How connected is the world? Playwrights, poets, and scientists have proposed that everyone on the planet is connected to everyone else by six other people. In honor of Friends Day, we’ve crunched the Facebook friend graph and determined that the number is 3.57. Each person in the world (at least among the 1.59 billion people active on Facebook) is connected to every other person by an average of three and a half other people. The average distance we observe is 4.57, corresponding to 3.57 intermediaries or “degrees of separation.” Within the US, people are connected to each other by an average of 3.46 degrees.

Our collective “degrees of separation” have shrunk over the past five years. In 2011, researchers at Cornell, the Università degli Studi di Milano, and Facebook computed the average across the 721 million people using the site then, and found that it was 3.74 [4,5]. Now, with twice as many people using the site, we’ve grown more interconnected, thus shortening the distance between any two people in the world.

Apparently my average is 3.26 so ya boo. Zuckerberg is 3.17. Sheryl Sandberg is 2.92 – blimey.
link to this extract

 


On your cute release notes » The Brooks Review

Ben Brooks:

We’ve all seen them. Notes about a fictional engineer who was hired and then fired. A cute story about something completely irrelevant to the matter at hand. Recipe for ‘squash bug soup’ or something along those lines.

With disturbingly increasing frequency, companies are deciding to let their marketing departments handle their release notes instead of the engineering team or product manager.

And we are all worse off for it.

As a user I mostly look at release notes to find out about one (or more) of three things:

• Have you added something new to the app which will make it better for me? That is: what are the new features, what do those features do, and perhaps how do I get to them.
• Have you fixed that bug which was making the app hard for me to use, perhaps even impossible for me to use? Aka: What bugs did you fix?
• How active is development on this app? Before I invest or move to most apps I look at recent release notes to get a sense of whether they are in maintenance mode (just major bug fixes), or under some kind of active development (minor bug fixes and feature releases, optimized for current version of iOS, etc).

link to this extract

 


BlackBerry cuts 200 jobs in Ontario and Florida to trim costs » Reuters

Alastair Sharp:

The layoffs will affect 75 manufacturing jobs in Sunrise, Florida, a state government website showed.

The company also confirmed that Gary Klassen is one of the people who has departed in the latest round of cuts. Klassen was one of its longest-tenured employees and the inventor of its BBM messaging service.

One source familiar with the matter, who declined to be identified due to the sensitivity of the issue, said many of the Canadian cuts were people working on its BB10 handset software at its Waterloo, Ontario, headquarters.

A spokeswoman for BlackBerry declined to comment on which divisions will be affected by the cuts, but said the company stood by its commitment to release further updates on its BB10 software.

BB10 is so, so dead.
link to this extract

 


“Dangerous ramifications” » Medium

Rohin Dharmakumar, with some examples of things that didn’t happen:

In January 2015, users of Microsoft’s Office in India were suddenly greeted with a pop-up asking them to “Support Microsoft Office”. The Indian government under PM Narendra Modi was said to be formulating an “Open Source Policy” under which all government offices were to either mandate or prefer open-source software for official work.

Clicking the “Support Office” button caused Microsoft to send the PMO and the Ministry of IT a letter from the user’s name with a pre-determined format. It said the user’s loved Microsoft’s products and wanted their government interactions to be based on the same. “I urge you not to ban Microsoft Office,” it ended.

The same message popped up on users of various Microsoft products in India – Windows, XBox, Windows Phone, Skype etc.

Within a few weeks, over 7 million emails had been sent in support to Microsoft.

“Support Monsanto”

In January 2014, farmers in the southern Indian state of Karnataka were surprised to see a notice attached to every bag of seed they bought from Mahyco, the market leader.

“Tell the Karnataka Govt. not to ban MMB”, said the notice. MMB was Monsanto-Mahyco Biotech, the joint-venture that licensed Monsanto’s crop technologies in India.

He has some more examples of things that didn’t happen – and then one which did.
link to this extract

 


Why most A/B tests give you bullshit results » Mixpanel

We’ve all seen the articles. Company X increases conversions 38% with this simple trick. Hell, I’ve written some of them.

But those success stories have hidden the grey underbelly of testing and experimentation.

AppSumo revealed that only 1 out of 8 tests produce results. Kaiser Fung estimates that 80 to 90 percent of the A/B tests he’s run yield statistically insignificant results.

Yet many new testers walk into A/B testing thinking it’ll be quick and easy to get results. After running a handful of simple tests, they think they’ll find the right color for this button or the right tweak to that subject line, and conversions will, poof, increase by 38% like magic.

Then they start running tests on their apps or sites, and reality suddenly sets in. Tests are inconclusive. They yield “statistically insignificant” results and no valuable insights about the product or users. What’s happening? Where’s that 38% bump and subsequent pat on the back?

Don’t get frustrated. If you’re going to be running A/B tests, you’re going to have some tests that fail to produce meaningful results you can learn from. But if you run good tests, you’ll have fewer failures and more successes.

link to this extract

 


Advice for companies with less than one year of runway » The Macro

Dalton Caldwell:

Let’s imagine that you are the founder of a company that has successfully raised an angel or institutional round and are currently in a situation where you have 12 months or less of runway.

The hardest part of dealing with a low runway situation is managing your own psychology. You have to simultaneously manage your own anxiety to not be overly negative about your prospects, but also not be irrationally positive. It’s a delicate balance.

Watch companies do the various things in this post over the next year or so.
link to this extract

 


Technology: the rift with reality » FT.com

Tim Bradshaw:

With so many [virtual reality] headsets hitting the market this year, the challenge may be figuring out what people will do with them. Video games are seen as the first popular application, and some are experimenting with VR versions of films including The Martian. Futuresource Consulting believes the VR content market could be worth $8.3bn within four years.

Beyond entertainment, advocates say these headsets could transform education, travel, real estate and architecture, not to mention videoconferencing and social networking. Some inside Uber are worried that Oculus could one day prove disruptive to their business by removing the need for people to travel. Why hail a taxi when you can teleport?

“Whenever a market is this early, you have to have strong convictions loosely held,” says Nabeel Hyatt, a venture partner at Spark Capital, which also backed Oculus. “We don’t know what’s going to happen.”
That uncertainty provides fertile ground for entrepreneurs. “There will be billion-dollar companies started by college students because someone gave them a Rift as a present and they solved a very specific problem,” says Anjney Midha, a partner at KPCB Edge.

However, as any sci-fi reader knows, new technologies have inherent risks, too. The futures depicted in Ready Player One and Snow Crash are dystopian and chaotic.

In December, academics led by Christian Sandor of the Nara Institute, Japan, wrote that “true augmented reality”, where the digital is indistinguishable from the physical, “will be the most powerful medium that humanity ever had at its disposal”.

link to this extract

 


What if Twitter Died? » Tech.pinions

Bob O’Donnell:

this seems to be one of the fundamental problems of Twitter. It’s appealing to Hollywood, TV, music and sports celebrities as a means to interact more intimately with their fans and share the kinds of details they’d never provide to traditional celebrity media. It’s appealing to the tech industry as a mouthpiece for those who want to determine the course of what is or isn’t important. The digital taste-setters, so to speak.

But for mainstream business and consumer users? Not so much. Arguably, this is the biggest problem with Twitter—it can’t seem to stretch beyond its celebrity, celebrity follower, and tech roots. If you aren’t into celebrities or the tech industry, Twitter just isn’t that appealing, especially given all the other options for online social interactions.

Despite these points, I think the navel gazing value of Twitter to the tech industry is so high, I seriously doubt they’ll let Twitter actually die. Someone with enough money and enough self-interest will likely make sure that, no matter what, Twitter will continue in some shape or form. Eventually, it’s value may start to fade, as some have already started to argue, but at least the Twittersphere will have a few years to adapt and find new alternatives.

The fundamental challenge is a publishing service that’s essentially based on self-promotion, self-aggrandizement, and self-importance at some point is going to run into the wall of indifference. Not everyone cares to read about what the self-elected are all doing all the time.

link to this extract

 


Yahoo loses mobile entrepreneur Arjun Sethi to venture firm » WSJ

Douglas MacMillan:

Mr. Sethi helped lead Yahoo’s effort to compete with Facebook Inc.FB -2.29% and Snapchat Inc. in the emerging area of mobile chat apps. Last July, his team released Livetext, a mobile app that lets users send live video and text without any sound.

Livetext failed to take off with users. In its first month, the program dropped out of the ranking of the 1,000 most popular apps in Apple Inc.’s app store and never returned, according to data from App Annie.

Yahoo’s struggles to produce a hit mobile app has hurt Ms. Mayer’s chances at turning around the 20-year-old Internet icon. This week, Yahoo said its board is weighing “strategic alternatives” to the turnaround which likely include a sale of its core Web business…

…Mr. Sethi is one of dozens of startup founders Ms. Mayer brought into Yahoo through a series of small acquisitions. In her three-and-a-half years as CEO, Yahoo has spent more than $2.3bn on at least 53 acquisitions, largely for small mobile-software developers whose apps were shuttered and whose founders were enticed to work on new projects at the company. At least 26, or over one-third, of the more than 70 startup founders and CEOs who joined Yahoo through an acquisition during Ms. Mayer’s tenure have left the company, according to their profiles on LinkedIn Corp.

As has also been pointed out, Yahoo last week wrote down the value of those acquisitions by $1.2bn. The idea of a video app without sound appears dumb, but then again lots are like that; but Instagram, Facebook and Vine were all there ages earlier. Yahoo’s problem is that it’s late and has no traction in mobile, not that the ideas are of themselves bad.
link to this extract

 


Sacked in Dublin by a boss in… London » Private Eye

Private Eye is always anonymous:

Google’s claim that all its real business is handled through its European HQ in Dublin while its multiple UK offices exist merely to count the paperclips, organise staff leaving collections and do the morning coffee run is further undermined by evidence it gave to an employment appeals tribunal in the Irish capital in 2013.
Rachel Berthold had been sacked in May 2011 from a position as a “level six” manager, which the tribunal heard put her in the top 7% of employees in Google’s Dublin office.

Anne-Catrin Sallaba, her former boss as Google Europe’s Head of Publisher Services, gave evidence to the tribunal that Berthold had failed to meet performance targets – but Sallaba had to cross the Irish sea to do so, given that as Berthold’s line manager she was employed in, er, London.

Berthold was eventually awarded €100,000 for unfair dismissal. Sallaba has in the meantime been promoted twice, and now rejoices in the job title “Senior People Development Manager, Head of Global Onboarding” – still in London!

As it happens, Matt Brittin of Google UK will be testifying before the UK Parliament this week.
link to this extract

 


Errata, corrigenda and ai no corrida:

Start up: risky USB-C cables, Google’s travel funnel, Uber’s tax diversion, bye-bye 747, and more

This damn thing was silently eating huge chunks of iOS time – and battery – at least until last October. Photo by edowoo on Flickr.

Last chance this week to sign up to receive each day’s Start Up post by email. You won’t believe what happens next. (OK, you might.)

A selection of 8 links for you. Tested on humans for irritancy. I’m charlesarthur on Twitter. Observations and links welcome.

Google engineer Benson Leung finds a USB Type C cable that isn’t just dangerous on paper — it allegedly fried his hardware » Android Police

Bertel King:

Not all USB Type C cables are created equal. Some charge better than others. A number ignore USB spec so much that they run the risk of actually damaging your hardware. This could happen gradually, or in the worst-case scenario, it could be instant.

Googler Benson Leung has taken on the task of going through Amazon and reviewing whichever USB Type C cables he can get his hands on. We’ve recommended a number of them in past deals, feeling confident that we’re steering readers in the direction of safe accessories. We don’t test these products ourselves, so we consider what he does a real service.

Unfortunately, Leung may be taking an extended break. After plugging Surjtech’s 3M USB A-to-C cable (the item shows up now as not available, but here’s the 1M option you’ll presumably also want to avoid) into his 2015 Chromebook Pixel and two USB-PD Sniffer devices, he says the latter failed immediately. Resetting the analyzer and reflashing the firmware did not bring the hardware back to life.

Shouldn’t there be a proper certification system for USB-C? Having to rely on one Google engineer seems barmy. Especially in light of this.
link to this extract

 


Facebook’s iOS bug led ComScore to overestimate time spent » AdAge

Tim Peterson, on a rejigging after it was realised that Facebook’s app used all sorts of trickery on iOS to make itself appear to be active (silent audio, etc) to the OS:

When looking at Facebook’s iPhone app specifically, total time spent [after some of the bugs – but note, not all – were fixed] was 40% lower in November compared to September [before the fix], and the average amount of time spent per person was 41% lower. For Facebook’s iPad app, total time spent was 39% lower, as was the average amount of time spent per person.

For comparison, total time spent in Facebook’s Android app increased by 2% and average time spent per user was flat when comparing September and November; ComScore’s Android figures are considered more reliable than its iOS figures because the firm is only able to take into account activity when the app is running in the foreground.

A Facebook spokeswoman declined to comment.

Amazing – Facebook’s iOS app really was the spawn of the devil in the way it abused battery life through to October 2015. (And it’s hardly innocent now.)

That up-to-October period includes a lot of testing of new iPhones “in real-life situations” by gadget reviewers, as it happens.
link to this extract

 


Google revamps travel search queries, almost making web results irrelevant » Search Engine Land

Barry Schwartz:

Google has quietly revamped the mobile user interface for travel-related searches. The result of the change makes it really hard to get to the organic web results once you click on the “more destinations” button. Let me walk you through the experience.

This is called “thrusting the user head-first into the sales funnel”.
link to this extract

 


Why the sun is setting on the Boeing 747 » The Conversation

Guy Gratton:

Today, the industry has moved towards twin-engine aeroplanes such as the Boeing 777 and the Airbus A330, with three-engine aeroplanes being relatively unpopular because of the high labour costs of working on an engine bedded into the aeroplane fin. The four-engine 747 retained a clear place in the market because twin-engine planes must stay within a certain distance from an airport in case of engine failure. This allowed the 747 to achieve shorter journey times on the longest routes because it can use more direct flight paths.

However, improving engine reliability means authorities have slowly increased the distance a twin-engine airliner can fly from a runway, gradually reducing the advantage of having four engines. And of course, those newer, more reliable engines have also been bigger and more efficient.

Of course, the slowdown in 747 production doesn’t mean the original jumbo jet will disappear from our skies just yet. The latest models are much longer, bigger and operate with more modern engines and instruments than the earlier 747-100s (no longer do the crew have to take sextant readings through the cockpit roof), and the newer aircraft are likely to stay in service for at least another 20 years.

Then: “Where’s the sextant?”
Now: “Where’s the sextant app?”
link to this extract

 


Uber’s Dutch businesses had zero employees in 2013 » Business Insider

Oscar Williams-Grut:

A European member of parliament has accused Uber’s European business of being “specifically designed, from the start, to reduce its tax liabilities.”

Labour’s Anneliese Dodds made the comment to Business Insider over email after we pointed out that two Dutch companies closely involved in running Uber’s UK business had no employees for up to a year after it launched here.

Uber employed eight people in its Amsterdam offices in 2013. But the corporate entity that immediately controlled the UK operation had none.

*grinds teeth* We’re now at the stage where if an American tech company pays more in tax than the average Briton we’re shocked.
link to this extract

 


The end of Twitter » The New Yorker

Joshua Topolsky:

what should worry Twitter isn’t the value of its stock. (USA Today reported that, given its cash reserves, the service could run for another four hundred and twelve years with current losses.) What should worry Twitter is irrelevance, and there is growing data to suggest that that is where the company is headed. If Twitter’s real-time feed is its most powerful asset (and it is), it’s not difficult to see a future in which Instagram, Facebook, Snapchat, or even a newcomer like Peach (yes, I am citing Peach) focus enough on real-time news that they obviate the need for Twitter’s narrow, noisy, and oft-changing ideas about social interaction. Considering the fact that Kevin Weil, the head of product, left the company to join Instagram, it’s easy to imagine that service mutating or bifurcating into a speedier, more social platform for sharing links and having conversations. And, for many users—particularly young users, according to a recent survey—Snapchat is already their most important destination. We live in the Age of the Upgrade, and the generation raised on the Internet is the most fickle of brand champions: it loves something passionately, until it doesn’t. Then it moves on.

Ultimately, Twitter’s service is so confused and undifferentiated in the market that it’s increasingly difficult to make a clear case for its existence.

That’s not quite right; it’s more that lots of other services have come along and do similar things (text, pictures, links) but Twitter has always had the focus on The Moment – that it is the place where you see the world unfold, if the world cooperates. Nowhere else can do that.
link to this extract

 


Why Alto’s Adventure will be free on Android » The Verge

Andrew Webster:

According to both [Ryan] Cash [of development company Snowman] and Noodlecake’s Ryan Holowaty, one of the main reasons they decided to make the game free on Android is piracy. “Piracy on Android is a much bigger issue on the platform especially in the case of premium iOS titles that charge more than $0.99,” Holowaty explains. When Noodlecake ported iOS game Wayward Souls to Android, for example, the studio found that only 11% of installed copies of the game were paid for. The studio even uploaded a special version of its game Shooting Stars on a number of torrent sites as an experiment, one that couldn’t be completed if you were playing a pirated copy.

There were also factors outside of piracy that contributed to the decision. “It made sense to us because of the state of mobile gaming and the reality that the vast majority of players do not pay for games,” says Holowaty. “In addition, Android has a much larger install base than iOS internationally, and games that release in countries like China and Japan are basically free-to-play only at this point. So to really capitalize on the market internationally, it made sense to have a free version.”

That’s Alto’s Adventure, which was released 12 months ago on iOS. Does anyone monitor how long it takes games and other non-platform apps to reach Android from iOS?
link to this extract

 


Regulators are failing to block fraudulent adverts » FT.com

John Gapper:

Malware robots — “bots” in advertising jargon — are estimated to sit on 10 per cent of home computers in the US, browsing away in the background while the owners do other things, or sleep.

Second, the world of programmatic advert buying and selling is highly automated and bafflingly complex, filled with layers of intermediaries doing slightly different things for commissions. An advertiser places adverts through an online network contracted by its media buying agency. The network may find inventory on which to place them on an exchange such as Google’s DoubleClick Ad Exchange, into which thousands of publishers plug.

That is the simple version. There are more obscure ways to do it, enabled by automation and the internet. The result is that no one knows everyone with whom they trade, or can be sure where ads end up being shown. This makes it easy for fraudsters to infiltrate and infect the advertising supply chain.

Third, companies are desperate. The economics of digital publishing are under severe strain, with publishers being paid small amounts for millions of page views. They need traffic and some are tempted into buying it from brokers that can mysteriously rustle it up. Such publishers look the other way rather than delving too deeply into where the traffic comes from.

I’m currently reading The Big Short, Michael Lewis’s book about the people who realised – slowly but with growing horror and delight – that the bond market built around US subprime mortgage loans was unsustainable, and began to bet against it (“shorting” it). The film derived from the book is fabulous. Go and see it.

Reading the book, you try to think like those people: to look for opportunities in giant, unsustainable businesses whose precise workings aren’t really understood and whose collapse is inevitable, yet which the participants (with an interest in its continuation) insist is fine and dandy.

The online ad business begins to look like that to me.
link to this extract

 


Errata, corrigenda and ai no corrida: none notified.

Start up: Google’s search rejig, adblockers can’t Play, Sony to exit tablets?, Magic Leap’s big step, and more

No longer can you seek him here or there. Photo by abrinsky on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 10 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

Google search chief [Amit] Singhal to retire, replaced by AI exec » Bloomberg Business

Jack Clark:

“When I started [at Google in 2000], who would have imagined that in a short period of fifteen years, we would tap a button, ask Google anything and get the answer,” Singhal wrote in a Google+ post announcing his retirement. “My dream Star Trek computer is becoming a reality, and it is far better than what I ever imagined.”

With Giannandrea’s appointment, the technology may get smarter. The executive has overseen recent artificial intelligence efforts, including RankBrain, which saw Google plug an AI technology called a neural network into its search engine to boost the accuracy of results and an e-mail service called Smart Reply that automatically writes responses. Other work he has managed include efforts in image recognition and technologies that fetch information based on what users are doing with their devices, rather than what they’re explicitly searching for.

[John] Giannandrea joined Google in 2010 when it acquired a company he co-founded called Metaweb Technologies. Those assets became the basis for Google’s knowledge graph, a vast store of information on hundreds of millions of entities that helps the search engine present factual data in response to certain queries. Singhal’s last day is scheduled to be Feb. 26.
The elevation of Giannandrea represents a further emphasis on the importance of artificial intelligence to Google, a unit of Alphabet Inc. Chief executive officer Sundar Pichai said the technology has been key to recent efforts in search on mobile devices and personal assistant technologies.

Speaking of search..
link to this extract

 


Garth Gibbs: ‘The archetypal diary writer’ » Press Gazette

An obituary from August 2011:

Garth also managed to spend much of his time chasing various ‘sightings’ of ‘Lucky’ Lord Lucan, who was thought to have fled abroad after apparently mistaking his nanny for his wife and bludgeoning the ‘wrong’ woman to death. Of this colourful period in an almost continually helter-skelter career, Garth himself wrote: ‘As that brilliantly bigoted and crusty old columnist John Junor once cannily observed: ‘Laddie, you don’t ever want to shoot the fox. Once the fox is dead there is nothing left to chase.'”

With a wonderfully fertile imagination – a prerequisite of any good tabloid journalist – plus a good deal of chutzpah, Garth relished the challenge of keeping Lord Lucan alive, but never finding him.

‘I regard not finding Lord Lucan as my most spectacular success in journalism,’he said. ‘Of course, many of my colleagues have also been fairly successful in not finding Lord Lucan. But I have successfully not found him in more exotic spots than anybody else.

‘I spent three glorious weeks not finding him in Cape Town, magical days and nights not finding him in the Black Mountains of Wales, and wonderful and successful short breaks not finding him in Macau either, or in Hong Kong or even in Green Turtle Cay in the Bahamas where you can find anyone.”

Lucan was finally declared dead – though never found – on Wednesday. Not finding him was indeed a splendid task allotted to many journalists down the years. Speaking of search…
link to this extract

 


#SEO for sale?! Exposing Google loopholes in light of FTC native guidelines » aimClear® Blog

Marty Weintraub:

Mashable, a respected global media company focused on informing and entertaining “the digital generation,” was our inspiration.  Mashable has joined the swelling ranks of websites selling native content articles to advertisers.  Initially we were interested in participating in the program and reached out to Mashable regarding their native post advertising, which is called BrandSpeak or BrandLab.

As the conversation progressed, we were curious as to how Mashable native posts show up in Google search results and disclosure verbiage in light of new FTC native advertising guidelines. After we corresponded with a Mashable sales associate and researched BrandSpeak/BrandLab in detail, we were motivated to share our findings with the community as a point of learning about native content.

Those findings surprised (and astonished) us. Aimclear analysts identified a Google SEO loophole, which is perhaps the greatest ranking algorithm gap in years, allowing marketers to literally buy their way into Google search results with paid content…

…At best, allowing paid SEO tilts the playing field, making it even harder for smaller, perhaps more relevant players to compete for free Web Search results.

Google’s Webmaster Guidelines governing native content and Web Search are firmly rooted in 2013.

Tricky; this stuff is low-quality, but sites are desperate to generate revenue somehow. Speaking of revenue…
link to this extract

 


Google boots ad blockers from Google Play » TechCrunch

Sarah Perez:

According to Rockship Apps founder and CEO Brian Kennish, maker of Adblock Fast, Google’s app reviews team informed him the app was being removed for violating “Section 4.4” of the Android Developer Distribution Agreement.

This is the section that informs developers they can’t release apps that interfere with “the devices, servers, networks, or other properties or services of any third-party including, but not limited to, Android users, Google or any mobile network operator.”

If that text sounds a little broad-reaching and vague, that’s because it is. It’s also what allows Google to react to changes in the industry, like this one, on the fly.

Kennish says that Google’s app reviews team informed him that he could resubmit after modifying his app so it didn’t “interfere with another app, service or product in an unauthorized manner.”

“We’ve been trying to contact Google through their public channels since Monday, and I tried through private ones all day yesterday…but we haven’t gotten any official response from a human – just autoresponders,” notes Kennish.

He suspects that Adblock Fast was the first to be pulled from Google’s app store because it had climbed the charts so quickly and had achieved a 4.25 rating. Kennish says that the app had around 50,000 installs at the time of its removal.

In addition, the company could have gotten on Google’s radar by pushing out an update that offered a better user experience. (Some people didn’t realize it only worked on Samsung’s 4.0 browser and left 1-star reviews. The update was meant to better highlight the app’s requirements.)

Meanwhile, as of the time of writing, other ad blockers are still live, including Crystal and Adblock Plus (Samsung Browser). However, that may not be the case for long.

Crystal’s developer Dean Murphy also just submitted an update that’s just been declined by Google’s app review team for the same reason cited above. Again, Google references section 4.4 of the Developer Agreement as the reason for stopping the update from going live.

“I have appealed the update rejection, as I assume that I am rejected for ‘interfering’ with Samsung Internet Browser, citing the developer documentation that Samsung have for the content blocking feature,” explains Murphy. “I’m still awaiting their reply.”

Wow, that was fast. Crystal was still there on Wednesday. This is going to ratchet up tensions between Google and Samsung (again); in the comments on the Verge article on this topic (which has less detail) there are people who switched to iOS because of adblocking, or are considering moving back because they can’t get it on Android. A small but possibly significant group.

Google has clearly set its face against adblocking on mobile, but the pressure is starting to build up behind the dam.
link to this extract

 


About » DeepDetect

DeepDetect (http://www.deepdetect.com/) is a machine learning API and server written in C++11. It makes state of the art machine learning (such as deep learning) easy to work with and integrate into existing applications. Its goal is to simplify and secure both the development and production phases by using possibly different servers and passing models from one to the other.

It originates from the need for industries, businesses and researchers to quickly fit a machine learning pipeline into existing applications, starting with well-known models, and moving toward more targeted ones while measuring accuracy.

DeepDetect allows this by coupling a generic API and a server with high performance machine learning libraries. At the moment it has support for the deep learning library Caffe. More libraries are to be supported in order to span over a larger set of common use cases.

There are free (even for commercial use) models that are downloadable from the site. This lies just over my event horizon for understanding – but reading the details about “getting started” puts me in mind of people feeding a giant brain, or disembodied intelligence, and that gives me pause.

But this stuff is going to be everywhere in two years.
link to this extract

 


Would you be sad to see Sony withdraw from the tablet market? » Xperia Blog

The mysterious “XB”:

given the challenging smartphone market, as evidenced by last week’s results there is no guarantee that Sony will continue to cater for the tablet market. A recent Japanese blog post by a Sony store manager speculated that the company may withdraw from the tablet market after receiving marketing material suggesting so.

The news would not surprise us, after all, we know that tablets made just 5% of Sony Mobile’s revenues back in 2013 and that was expected to shrink even further. Given the R&D costs of developing and supporting new devices, Sony may feel that producing another tablet for 2016 might not be commercially viable.

I didn’t know that about the tablet revenues; apparently they’re meant to be down to 3-4% now. The question is whether they generate more than 0% in profit – because they must be eating up R+D time and money, which is opportunity cost that Sony probably can’t afford.
link to this extract

 


The joy of shortcuts » Allen Pike

Next January, Parse is shutting down. The successful Parse apps will get moved to a custom backend like ours was, perhaps using Parse’s excellent open-source server and migration tool. The unsuccessful Parse apps will die. Hundreds of thousands of unsuccessful Parse apps will perish. Like links to long-dead Geocities pages, dead mobile apps that relied on Parse will linger in the App Stores for years, slowly accumulating one-star reviews.

As much as Parse will try to get the word out that they’re shutting down, many apps’ owners don’t even know that they’re reliant on Parse. Parse’s overly generous free plan made them popular with freelancers and consultants building quick app backends for their clients. Many of those clients don’t know what Parse is, let alone that the little app they commissioned a couple years ago is a ticking time bomb.

How many iOS apps, how many Android apps relied on Parse? There needs to be an enumeration.
link to this extract

 


How the iPhone 6 ruined Apple » All this

Dr Drang:

While it’s certainly possible that the great days of iPhone sales growth are over, I wouldn’t make that prediction just yet. In fact, I was surprised to learn that iPhone sales were merely flat. I was expecting a decline—not because the iPhone is losing popularity, but because the iPhone 6’s first quarter of sales was such a gigantic leap upward. The pent-up demand for a larger iPhone caused sales to increase nearly 50% year over year, to 74.47m from 51.03m the year before. This was the biggest percentage jump in year-over-year sales since the introduction of the 4S (which was goosed a bit because the 4S was delayed). I just didn’t think the 6S could keep up with that. And maybe it won’t.

But look at how things were going before the iPhone 6. Had the trend of 2012–2014 continued through 2015, iPhone sales last quarter would have been 65–70 million. Instead they were just under 75m. It’s only in comparison to the huge holiday quarter of 2014 that last quarter looks dull.

I’m reminded of the devotion climate change deniers had to the year 1998. Because of an intense El Niño that year, global temperatures rose well above the trend line, and it remained the hottest year on record for several years. Deniers hit upon this fact, and claimed that global warming had stopped, even though the overall warming trend had continued. The iPhone 6 was Apple’s El Niño.

link to this extract

 


Magic Leap Just Landed an Astounding Amount of VC Money » WIRED

Jessi Hempel on the company which has just raised $793.5m in a C round from Alibaba and others (Google and Qualcomm were already on board):

Many believe Magic Leap’s technology—along with a handful of competing virtual and augmented reality products—will usher in a sea change in how we use computers. By placing sensors everywhere and processing the volumes of data they produce, it’s possible to create better immersive environments and believable layers of digital images on top of the physical world. Facebook, Samsung, and Microsoft are creating competing technology and have chosen to make their headsets available even as they’re engineering the products. Google is also beefing up its virtual reality team, and Apple is also reportedly getting into the action. Magic Leap claims to be using a different technology to achieve its effect, and it’s keeping its efforts mostly secret.

The company has made converts out of many of those who have seen demos. New Zealand design studio Weta Workshops has teamed up with Magic Leap to build games. Science fiction writer Neal Stephenson joined the company as its chief futurist. Last fall, Google led a $542m investment, bringing its previous funding total to $592m. But so far, it hasn’t been clear when Magic Leap’s tech will be available for consumers.

Expectations around this are going to be huge, which usually leads to disappointments of the same size. Shipping product matters; having that much of a cash pillow can’t be good, because it won’t help the financial discipline needed to make things (of whatever sort) to a price, for a user, to a specification. Don’t forget the lesson of Leap Motion – big hype, big letdown.
link to this extract

 


​Startup lands $100m to challenge smartphone superpowers Apple and Google » CNET

Stephen Shankland:

Acadine, which CNET previously reported was initially known by the placeholder name Gone Fishing, plans to build an operating system for smartphones, tablets, wearable devicess and the Internet of Things.

That’ll be a tough challenge. But [fouder Li] Gong believes Acadine’s generous funding [from a Chinese state-controlled company], fast development and international reach will mean consumers finally will see the alternative to Apple and Google that so many other companies have failed to build.

And of course that means his startup and its investors will reap the rewards. “Owning an OS is extremely important if you can do it,” Gong said. “It’s very profitable if you can do it.”

Potential sources of money, Gong said, include being paid to promote services like search, storage, music streaming and e-commerce; revenue sharing from those services when customers pay to use them; and fees generated by advertising and game sales. All of those, though, depend on Acadine succeeding in finding and exploiting gaps where existing OSes are weak then expanding from there to a large user base.

The list of mobile operating systems that have struggled to compete against Android and iOS and gain that large population of users is long: Microsoft’s Windows Phone, Samsung’s Tizen, Jolla’s Sailfish OS, Canonical’s Ubuntu, Hewlett-Packard’s WebOS, BlackBerry’s BlackBerry OS and Mozilla’s Firefox OS. This last project is the one Gong led at Mozilla until he left in April, and it’s the starting point for H5OS.

One hates to say “a fool and his $100m are soon parted”, but it’ll do.
link to this extract

 


Errata, corrigenda and ai no corrida: I was going to include a link to a video of a male cyclist who was suspected of having a motor in his bicycle (and man, it looked fishy) but realised it is a rabbit hole one would never emerge from.