Start up: the $200k iPhone hack, sleep robot axed, the criminal who wrote Truecrypt, If This Then No, and more

Dropcam’s founder gives you fresh insight into what happened at Nest. It’s not pretty. Photo by Ravi Shah on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 13 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.

The Dropcam Team » Medium

Former Dropcam CEO Greg Duffy proves that revenge is a dish that you can savour at any temperature, as he hits back as Tony Fadell’s claims that the Dropcam team (acquired by Google, folded into Nest) “weren’t up to much”:

»I can’t publish Dropcam’s revenue, but if you knew what percentage of all of Alphabet’s “other bets” revenue was brought in by the relatively tiny 100-person Dropcam team that Fadell derides, Nest itself would not look good in comparison. So, if Fadell wants to stick by his statement, I challenge him to release full financials (easy prediction: he won’t).

The ~50 Dropcam employees who resigned did so because they felt their ability to build great products being totally crushed. All of us have worked at big companies before, where it is harder to move fast. But this is something different, as evidenced by the continued lack of output from the currently 1200-person team and its virtually unlimited budget. According to LinkedIn, total attrition to date at Nest amounts to nearly 500 people, which suggests that we were not alone in our frustrations.

«

On Medium, this is covered in highlights by people who went “ooh! This bit! Ooh! This bit too!” It’s an amazing takedown of Fadell.
link to this extract

 


Google is completely redesigning AdWords: Offers first peek » Search Engine Land

Ginny Marvin:

»“The reason we’re rebuilding AdWords is because the world has changed so much in the past two years. AdWords is now over 15 years old and launched when Google was just figuring out what search advertising was. We rebuilt it several years ago for a desktop world — smartphones were only [a] year old. Now we are in probably the biggest shift since AdWords was introduced (and I’d argue perhaps ever) with mobile,” said [AdWords product management director Paul] Feng, “And there is now increased demand on marketers and on AdWords as a platform — advertisers are running ads in search, display, shopping, mobile, video. Ultimately, that’s why we’re re-imagining AdWords.”

Feng said the redesign has been informed largely by talking to advertisers across the spectrum. Three common themes emerged. First, advertisers said it felt like AdWords has been built around products and features, rather than marketers’ needs and objectives. “How the navigation is laid out can be un-intuitive and comes with a high learning curve,” said Feng.  Second, the platform has grown complex, with hundreds of features launching every year that stack up on each other. And third, the basic design looks and feels kind of dated. “The goal is to create a flexible platform for the future,” added Feng.

«

Amazing that it was last redesigned in 2008, which is basically pre-mobile. Quite a challenge to get that legacy code to look and work right.
link to this extract

 


Top talent leaves Google startup Verily under divisive CEO » STAT

Charles Piller:

»Google’s brash attempt to revolutionize medicine as it did the Internet is facing turbulence, and many leaders who launched its life sciences startup have quit, STAT has found.

Former employees pointed to one overriding reason for the exodus from Verily Life Sciences: the challenge of working with CEO Andrew Conrad.

Verily, one of Google’s “moonshots,” pursues ambitious, even radical, ideas that could take years to pay off. The emerging Silicon Valley juggernaut has attracted elite scientists, engineers, and data crunchers, and inspired buzz about its futuristic projects — as well as envy among competitors nervously eyeing this upstart with a seemingly unlimited bankroll.

The three-year-old venture has operated largely out of public view and carefully manages its image; employees said talking to a reporter without permission is a firing offense.

But people who know Conrad or have worked with him said in interviews that Google has entrusted its life sciences initiative to a divisive and impulsive leader whose practices are driving off top talent and leaving openings for competitors. They said many employees in key jobs were dispirited, and described a lack of focus and clear priorities that is unusual even in the chaotic culture of startups.

«

Trying to sell Boston Dynamics, got a fire in Nest, and now this. Alphabet is finding that being the second GE requires a second Jack Welch. Great reporting by Piller.
link to this extract

 


It’s game over for the robot intended to replace anesthesiologists » The Washington Post

Todd Frankel:

»the Sedasys machine was being used in just four hospitals, including the one we visited in Toledo. We watched as the Sedasys device provided basic anesthesiology services to a series of patients undergoing routine endoscopies and colonoscopies.

No longer did you need a trained anesthesiologist. And sedation with the Sedasys machine cost $150 to $200 for each procedure, compared to $2,000 for an anesthesiologist, one of healthcare’s best-paid specialties.  The machine was seen as the leading lip of an automation wave transforming hospitals.

But Johnson & Johnson recently announced it was pulling the plug on Sedasys because of poor sales.

«

Why? Humans campaigned against it.
link to this extract

 


He always had a dark side » The Atavist

Evan Ratcliff:

»Before encryption was a mainstream idea, before Apple defied a U.S. government request to provide a method to unlock our phones, this Le Roux had written the underlying code of a program that, a decade and a half later, the National Security Agency still could not break.

The question was: Could the Le Roux who politely answered jargon-laden posts about encryption software be the same one who ordered the murder of a real estate agent over a bad deal on a beach house? At first I thought I would never know. The former Paul Le Roux seemed to have disappeared from the Internet in 2004. Encryption experts I contacted had no idea what had become of that Le Roux, and there was no evidence linking him to the man known for drugs and gun running.

One night in October, I had been at the computer for hours when I finally found the missing link. It was a website once registered to the encryption Le Roux, in the early 2000s, and later transferred to a Philippine company controlled by the crime-boss Le Roux. My immediate reaction upon discovering this connection was a sudden and irrational fear…

«

You can already see why. Le Roux seems to have written TrueCrypt, which has near-mythic status in encryption circles.
link to this extract

 


Met police chief blaming the victims » Light Blue Touchpaper

Ross Anderson, professor of security engineering at the University of Cambridge, wrote a letter to The Times:

»[Met Police commissioner] Sir Bernard Hogan-Howe argues that banks should not refund online fraud victims as this would make people careless with their passwords and anti-virus software (p1, March 24, and letters Mar 25 & 26). This is called secondary victimisation. Thirty years ago, a chief constable might have said that rape victims had themselves to blame for wearing nice clothes; if he were to say that nowadays, he’d be sacked. Hogan-Howe’s view of bank fraud is just as uninformed, and just as offensive to victims.

About 5 percent of computers running Windows are infected with malware, and common bank fraud malware such as Zeus lets the fraudster redirect transactions. You think you’re paying £150 to your electricity bill, while the malware is actually sending £9000 to Russia. The average person is helpless against this; everything seems normal, and antivirus products usually only detect it afterwards.

Much of the blame lies with the banks, who let the users of potentially infected computers make large payments instantly, rather than after a day or two, as used to be the case. They take this risk because regulators let them dump much of the cost of the resulting fraud on customers.

«

Hogan-Howell really put his foot in it, but it’s the inertia that he represents – and the attempt to shift the blame – which is the most insidious.
link to this extract

 


Who unlocked the San Bernardino iPhone? » Perizie Informatiche Forensi

Paolo Dal Checco:

»Yesterday, Monday, March 28th, FBI purchased from Cellebrite $218.000 of “INFORMATION TECHNOLOGY SUPPLIES”  [WBM].

It might be a simple coincidence, but if we issue the query  «CONTRACTING_AGENCY_NAME:”FEDERAL BUREAU OF INVESTIGATION” VENDOR_FULL_NAME:”CELLEBRITE USA CORP“» on the FPDS search engine, in the EZ Search section, we can see and download the full history of purchase orders issued by “FEDERAL BUREAU OF INVESTIGATION” to “CELLEBRITE USA CORP”. We can observe that since September 2009 Cellebrite was given 187 purchase orders, but the purchase order issued yesterday, with ID “DJF161200G0004569”, is rather unique in that:

• it’s the only one with an action obligation of more than $ 200.000 issued with “CELLEBRITE USA CORP” (the average for purchase orders is about  $11.000);
•it’s the only one with the “INFORMATION TECHNOLOGY SUPPLIES” description and PSC type “7045”;
• it was issued yesterday, when the US Government published a note informing that the San Bernardino iPhone was successfully unlocked and data was successfully accessed, presumably by an “outside party” as they said in the previous note.

In conclusion, we don’t know if Cellebrite was involved in San Bernardino iPhone PIN unlocking, we know that Cellebrite is able to unlock iPhons up to iOS 7 and iOS8 with 32bit processors and on iPhone 4s/5/5c, iPad 2/3/4, iPad Mini 1 and… the coincidence of yesterday’s purchase order is rather weird.

«

So that’s wrapped up: Cellebrite is licensing the unlock technique to the FBI. (Jonathan Zdziarski reckons the $200,000 price is too low to be a complete sale, but high enough to suggest it works against lots of models.)
link to this extract

 


Apple acknowledges iOS 9 crashing bugs when tapping links, fix coming ‘soon’ with a software update » 9to5Mac

Benjamin Mayo:

»Since posting our original story, we have heard from a lot of readers that are affected by iOS 9 crashes or app hangs when tapping links, spanning multiple iOS versions (not just 9.3) and devices. In a statement, Apple has now confirmed that they are working on a fix for the problem, coming in a software update (presumably iOS 9.3.1).

»

“We are aware of this issue, and we will release a fix in a software update soon.”

«

A temporary workaround is still unknown, although community investigations have revealed why the bug has arisen. It is based on what apps the user has installed and how those apps handle universal links.

Previously, we pinpointed Bookings.com as a cause of the bug, although noting it affects other apps as well. On Twitter, it was found that their website association file, used by the system for the universal links feature introduced with iOS 9, was many megabytes, grossly oversized. This would essentially overload the daemon that had to parse these files, causing the crashing.

«

Linked yesterday. There is a workaround, involving toggling Airplane mode, deleting the offending app, restarting and so on. Not much fun.
link to this extract

 


David Cameron drops bombshell privatisation announcement then catches a plane to Lanzarote » The Canary

Kerry-Anne Mendoza:

»The government is selling off the Land Registry to private, profit making interests.

The government has also ordered local authorities to transfer up to 90% of brown field sites (previously developed sites that have become vacant, contaminated but could be reused) into the hands of the Homes and Communities Agency (the latest quango) where Eric Pickles (and his successors) and just two inspectors will control the planning decisions.

The Infrastructure Bill contains a clause which will allow ALL public land to be privatised. There’s no need to reference the Forestry Act 1967, the Countryside Rights of Way Act or any other protective law, because Schedule 3 of the Bill states that “the property, rights and liabilities that may be transferred by a scheme include… property, rights and liabilities that would not otherwise be capable of being transferred or assigned.”

In plain English, this means all preceding regulations, legislation and other protections for this site are null and void – fill your boots.

«

First the Land Registry, now this. It would be great if there were an effective political opposition in the UK.
link to this extract

 


Presentation: Mobile ate the world » Benedict Evans

»Updated for spring 2016, this is a snapshot of why mobile matters, where it is and where it’s going. I’ve written quite a lot of blog posts discussing these issues, which I collated in this [other] post.

«

76-slide presentation, with lots of subtle points in it to absorb; I think that AI will play a more important role than is immediately obvious, because it can be subsumed into the device. That, though, isn’t what the platform opportunity is about.
link to this extract

 


My heroic and lazy stand against IFTTT » Pinboard Blog

Maciej Ceglowski:

»A service like IFTTT [If This Then That] writes “shim code” that makes it possible to connect online services together like Lego. Everything slots into everything else. This is thankless, detailed work (like developing TurboTax or Dropbox) that when done right, creates a lot of value.

IFTTT has already written all this shim code. They did it when they were small and had no money, so it’s difficult to believe they have to throw it away now that they have lots of staff and $30m.

Instead, sites that want to work with IFTTT will have to implement a private API that can change without warning.

This is a perfectly reasonable business decision. It is always smart to make other people do all the work.

However, cutting out sites that you have supported for years because they refuse to work for free is not very friendly to your oldest and most loyal users. And claiming that it’s the other party’s fault that you’re discontinuing service is a bit of a dick move.

I am all for glue services, big and small. But it’s better for the web that they connect to stable, documented, public APIs, rather than custom private ones.

And if you do want me to write a custom API for you, pay me lots of money.

«

Ceglowski’s laconic humour is also razor-sharp; his tweets (on @pinboard) are worth a read, such as one from August 2014 after IFTTT got some venture funding: “Right now the IFTTT business model is to charge one user $30M, rather than lots of users $2. The challenge will be with recurring payments.” Ceglowski yesterday quoted his own tweet, and added “That man was a prophet.” (I use Pinboard to generate Start Up.)
link to this extract

 


The new iPhone may have a China problem » CNBC

Eunice Yoon:

»Apple’s new iPhone SE launches on Thursday and preliminary numbers at Chinese retailers suggest decent demand — but the black market tells a more mixed story.

The US tech giant started taking pre-orders for the smartphone on March 24 and has not released official figures. However, as of Monday in Beijing, total pre-orders on three retailing sites exceeded 3.4 million.

Despite the brisk pre-orders, though, Chinese vendors and scalpers are uncertain if the iPhone SE will be a sure bet like previous models.

“The new iPhone SE has no revolutionary update,” one distributor in Henan Province told CNBC. “I don’t think the demand will be as strong as the iPhone 6 and 6S.” He is offering the iPhone SE at a $20 discount to the official price in China.

In the past, scalpers have been able to charge a premium of roughly $300 over the official price for a newly released iPhone, but one Hong Kong smuggler who refused to be named said he expected to charge just $30 above the listed price for the iPhone SE.

«

First time I’ve heard 3.4m pre-orders described as a problem. (Any Android OEM’s CEO would gnaw off her/his arm to get that many pre-orders for a 4in phone.) And the black market angle has become less and less relevant in China over time, now that all the main networks and lots of retailers, sell iPhones.
link to this extract

 


The Next 40 » Asymco

Apple has hit 40 years old; Horace Dediu reflects on what successful (as in, long-lived) companies are, or do:

»we must search for other names to call a company that delivers an enabler that may lead to progress. Crude categorization like the reporting of finances leads to self-deception and a loss of opportunity to understand. Firms are often victims of this self-deception because they start believing that customers buy the things they sell. They start to believe that what is on their financial reports is a reflection of the value they create. It’s a simple mistake to make, but a mistake which leads to catastrophe. If its data is mis-categorized, by chasing numbers the company runs away from opportunity, leaving it to competitors otherwise unencumbered with knowledge of numbers.

Assuming Apple avoids mis-categorizing what it does, will it be a “solutions” or “services” or “brand” company? Is it, as I used to say, a “blockbuster manufacturing line”?

Yes, and still that’s not all it could be. Nor is it enough to understand what will come.

My simple proposal is to think of Apple (and actually any company) as a customer creator. It creates and maintains customers. The more it creates, the more it prospers. The more customers it preserves the more it’s likely to persevere. This measure of performance for a company is not easy to obtain. It’s not a line item in any financial report.

«

The point that companies believe customers buy the things they sell is a mistake you see again and again.
link to this extract

 


Errata, corrigenda and ai no corrida:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s