Huaqiangbei: the electronics everything market. Photo by Nagarjun on Flickr.
This happens tomorrow!
Going to be in London on October 18th? I’ll be giving a talk: “Social Networks and the Truth“:
How many people do you follow on Facebook or Twitter whose political views you fundamentally disagree with?
It’s probably in the single digits. Yet there are millions of them out there. So why aren’t you following them? And if you aren’t, does that make their views wrong – or yours?
What happens when an election cycle or a referendum runs around opposing camps of social media opinions? How important are news media in such a situation? And would you believe that being online is polarising us, rather than making us more willing to listen to other viewpoints?
This talk will explore that – and its consequences.
Some tickets left; £10 secures your place.
You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 11 links for you. Use them wisely. I’m charlesarthur on Twitter. Observations and links welcome.
Google News now has a “Fact Check” tag • Poynter
»The links tagged as “fact checks” are from websites that apply a corresponding label to their code, ClaimReview markup. Google will also flag fact-checking content from “sites that follow the commonly accepted criteria for fact checks,” though these too will need to use the ClaimReview markup. This is currently in use by fewer than 10 domains. A Google spokesperson wouldn’t confirm the full list of websites; searches for the moment yield results from PolitiFact and Full Fact.
In the announcement, Google Head of News Richard Gingras writes that the organization is “excited to see the growth of the Fact Check community and to shine a light on its efforts to divine fact from fiction, wisdom from spin.”
Fact-checking guru Bill Adair called this move a “huge step” on Twitter.
This tagging may well lead to increased traffic for fact-checking outlets, which are already seeing record growth in the United States. Whether it will help “crowd out” false claims on the internet remains to be seen.
«
What’s to stop a site which just makes stuff up from using the ClaimReview label? Sure, it’s a little twiddly, but if there’s Google News traffic in it.. why not?
link to this extract
Samsung Galaxy Note 7: usage [was] highest ever as explosions continue • Apteligent
»Our original post outlined how users of the Samsung Galaxy Note 7 were defying the recall, and were still using their devices at roughly the same rate a week later. Usage did drop off slightly in the midst of the recall but has trended upwards in the past few weeks as replacement devices have largely been distributed. Unfortunately new reports are out this past week that show replacement devices continue to explode.
As of this past Monday, the Samsung Galaxy Note 7 now has the highest usage rate in its history. In fact, Note 7 usage was over 23% higher on Monday than the date of the recall. We urge consumers to stop using this phone immediately.
Update: Graph updated through end of day Thursday the 13th. Note 7 usage is now equal to the usage on the recall date.
«
Apteligent has some nifty tools if you want to see the spread of device use in different countries.
link to this extract
Yahoo not to hold quarterly earnings call or webcast • Reuters
»Yahoo Inc said on Friday that it would not hold a call or webcast when it reports third-quarter results on Tuesday, citing its pending $4.83bn deal with Verizon Communications Inc.
Last month, Yahoo disclosed a massive data breach in 2014 that affected at least 500 million of its email accounts.
Verizon’s general counsel said on Thursday that the company has a “reasonable basis” to believe the hack represents a material impact that could allow it to withdraw from the deal to buy the company.
«
I’ve never heard of a company putting off an earnings call just because a deal is pending.
link to this extract
a single byte write opened a root execution exploit • daniel.haxx.se
Daniel Steinberg is the lead developer of curl (grabs content of a webpage through the terminal) and works at Mozilla. He gets bug reports:
»As one of the maintainers of the c-ares project I’m receiving mails for suspected security problems in c-ares and this was such a one. In this case, the email with said subject came from an individual who had reported a ChromeOS exploit to Google.
It turned out that this particular c-ares flaw was one important step in a sequence of necessary procedures that when followed could let the user execute code on ChromeOS from JavaScript – as the root user. I suspect that is pretty much the worst possible exploit of ChromeOS that can be done. I presume the reporter will get a fair amount of bug bounty reward for this.
The setup and explanation on how this was accomplished is very complicated and I am deeply impressed by how this was figured out, tracked down and eventually exploited in a repeatable fashion. But bear with me. Here comes a very simplified explanation on how a single byte buffer overwrite with a fixed value could end up aiding running exploit code as root.
«
A single byte. Ever more worried for the internet of things.
link to this extract
What $50 buys you at Huaqiangbei, the world’s most fascinating electronics market • Keyboardio
The folks at Keyboardio decided to see how many items they could get for a cool US$50 at the wonderful electronics market in Shenzhen. One was a smartwatch with phone functionality:
»The economics of how to make a watch phone for $9.74 were completely bewildering to us. If we could get the price down to 65 CNY just by buying 30, how much could they possibly cost to make?
As it happens, a friend of ours in Shenzhen has a friend who is a salesperson at a smartwatch factory. We talked him into calling his friend and asking her what she knew about watches like the ones we bought.She asked for photos….and then told us that her factory sells an identical model. She told us that next time, we should just deal with her directly, as we could have saved a lot of money. If we bought 30 watches directly from the factory, they would only cost us $7.49 each. So, the reseller made about $67 profit on us.
If the factory sold the watches for $7.49, how much could they possibly cost to make? That’s a question that can be awfully hard to get answered. Not really expecting an answer, we asked our friend to ask his friend. She was happy to tell us: $6.
Six dollars.
Six dollars for: a GSM chipset, a CPU, an LCD screen, a battery, a PCB, a metal housing, a molded silicone watch band, a microUSB cable, and a box. And the labor to assemble and test all of that.
«
It’s a fabulous piece. (I wrote about my own visit to Huaqiangbei – pronounced “Huang-sheow-bay”, as I understand it – a couple of years ago.)
link to this extract
Flirting with the iPhone 7: why I just couldn’t do it • AndroidAuthority
Kris Carlon tried out an iPhone 7 for a few weeks (though he wasn’t forced to rely on it):
»As for the software, well, it’s iOS. I enjoyed finding my way around the interface over the first few days, but I have to admit iOS isn’t exactly rocket science to figure out. I suppose this is one of its strengths: that it doesn’t take a genius to figure out.
But unfortunately for me, as someone who likes a little complexity because it affords more control, I started to get bored with iOS after only a week.
I was amazed by just how little there was to contend with in the iPhone’s software. A lock screen you can’t do much with, endless home screens full of app icons, a two-tab notifications shade accessed with a swipe from the top of the screen and a command center for Quick Settings buttons at the bottom.
I understand now why iPhone fans like iOS. It’s simple, generic and always the same. For folks like me that’s the very antithesis of what I like in a phone’s software. I love the novelty factor of constantly switching between manufacturer skins, custom ROMs and stock Android. This is why I’m pumped for the new Pixel experience from Google and probably the same reason I enjoyed iOS as long as I did.
«
Perhaps he should have grabbed an Android user off the street to try it, since “novelty factor” users are a tiny percentage of the total – something that Cyanogen has learned to its cost. But it’s a reasonable review, once you get past that self-selection element.
link to this extract
The real Republican adversary? Population density • Dave Troy
»Curious about the correlation between population density and voting behavior, I began with analyzing the election results from the least and most dense counties and county equivalents. 98% of the 50 most dense counties voted Obama. 98% of the 50 least dense counties voted for Romney.
This could not be a coincidence. Furthermore, if the most dense places voted overwhelmingly for Obama, and the least dense places voted overwhelmingly for Romney, then there must be a crossover point: a population density above which Americans would switch from voting Republican to voting Democratic.
So I normalized and graphed the data, and there is a clear crossover point.
At about 800 people per square mile, people switch from voting primarily Republican to voting primarily Democratic. Put another way, below 800 people per square mile, there is a 66% chance that you voted Republican. Above 800 people per square mile, there is a 66% chance that you voted Democrat. A 66% preference is a clear, dominant majority.
So are progressive political attitudes a function of population density? And does the trend hold true in both red and blue states?
«
This turns out to be one of those “town v country” things. But the implications of that go deep too. Similar effects were seen in the UK over Brexit – except in Scotland, which voted to remain.
link to this extract
Uber’s ad-toting drones are heckling drivers stuck in traffic • Technology Review
»Drivers stuck in traffic in Mexico City lately have found themselves being buzzed by a fleet of sign-toting drones. “Driving by yourself?” some scolded in Spanish. “This is why you can never see the volcanoes” — a reference to the smog that often hovers over the mega-city and obscures two nearby peaks.
It wasn’t exactly a plea for environmentalism, though—it was an ad for UberPOOL, part of Uber’s big push into markets across Latin America. As Bloomberg points out, Uber already does more business in Mexico City than any other city it operates in, and Brazil is its third-largest market after the U.S. and India. Uber sees Latin American countries as generally easier targets for expansion than either of its top two markets.
«
“Hand me the crossbow, honey.”
link to this extract
Password storage in sensitive apps • BBQ and 0days
»Last week I was contacted by a forensic specialist for a law enforcement agency. They had a phone that could make or break a very sensitive case, and their commercial mobile forensic tools were failing to do, well anything. They could not extract any data off the device. After verifying their identity and purpose, I agreed to help. Using a backdoor, very much like Pork Explosion, and some trickery we were able to fully extract all data off the device. This had me thinking, what next? What if this criminal was using another layer of security? What if they had a “secure storage” app, what if their photos, videos and what not were encrypted in an addition layer of security?
Off to the Google PlayStore, searched for “Secure Photo” and downloaded the first result, sure enough the files stored were encrypted…. but the PIN was stored in plaintext as a shared preference. Ok no fun, so I install the second result.
«
Long/short: you’re going to be hunting some time for an app that *really* stores your data securely, despite the promises. He looks at Android, though for iOS I guess the security is there in the passcode-encrypted file system.
link to this extract
Election 2016: publishing hacked private emails is a slippery slope • Fortune
»Sociologist Zeynep Tufekci said on Twitter that she believes while media outlets seem incapable of resisting the lure of an email dump from a prominent figure, there are risks to publishing indiscriminately from such hacks that could have long-lasting impact.
One of the biggest risks, Tufekci says, is the destruction of personal privacy—for example, the Podesta dump included details of an ordinary staffer’s suicide attempt, which was subsequently tweeted out by Wikileaks and discussed on the air on CNN.
Theoretically, breaching someone’s privacy—even that of a quasi-government official—should be something that we do when there is a compelling argument for it, some broader social policy aspect, as there arguably is with the tape recordings of Donald Trump admitting to horrible behavior towards women.
«
What I’ve seen of the Podest emails seems to show absolutely what I’d expect: people trying to get access to Clinton, Podesta discussing ideas with people. It’s like West Wing, but the storyline is just real life, and not squashed into an hour with a dramatic arc. It might be impossible to secure email completely – in which case the answer might be to move to other communications channels such as Signal.
Tufecki is right, though. (I’ve never come across a point she’s made that I disagree with.)
link to this extract
Google pushing Pixel pre-orders with popup on Google homepage • Android Police
»Google really, really wants you to pre-order a pixel, or at least to be aware that it exists. If you head to the Google homepage, you very well may see a popup encouraging you to pre-order the Pixel. Forget for a minute that most variants of the Pixel are sold out—Google is getting as much attention as possible for this phone.
The notification is popping up at the bottom of the screen on both mobile and desktop platforms (you can see the mobile version above). If you tap “Yes Please,” you’ll go right to the Made By Google site. From there, it’s just one click to the Google Store where, again, the Pixel is mostly sold out. The ad doesn’t appear all the time, but it’s fairly widespread.
«
Well, it has sunk north of half a billion dollars into it, so may as well use the world’s most prominent and (for Google) cheapest possible online advertising space to push it. It’s also doing this with Allo and previously with Duo, and before that of course with Chrome. How soon before we get ads for Google Chromebooks – and will the floodgates open some time after that, to anyone?
link to this extract
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 