Start Up: GoPro diverts, Samsung’s cash pile, SF Muni hacker hacked, 1m Androids infected, and more

You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link. Stay alert.

A selection of 11 links for you. It’s not your fault. I’m @charlesarthur on Twitter. Observations and links welcome.

It’s no Christmas No 1, but AI-generated song brings festive cheer to researchers • The Guardian

Ian Sample:


It will not, if there is any certainty left in the world, top the charts this Christmas. But what it lacks in party hit potential, it more than makes up for with its unique, if vaguely unsettling, brand of festive cheer.

To be fair, humans had very little hand in penning the song. Instead, scientists fed a Christmassy photograph into a computer and let it do its thing. A program analysed the image, whipped up some relevant lyrics, and then sang them to music it had composed along the way.

Known to its creators as “neural karaoke”, the project from the University of Toronto can take any digital photo and transform it into a computer-generated singalong. It is a whimsical demonstration of what artificial intelligence (AI) might do for us beyond the familiar: giving voice to chatbots, wiping billions off the stock market, and ultimately destroying the human race.

“We are used to thinking about AI for robotics and things like that. The question now is what can AI do for us?” said Raquel Urtasun, an associate professor in machine learning and computer vision at Toronto’s computer science lab. “You can imagine having an AI channel on Pandora or Spotify that generates music, or takes people’s pictures and sings about them,” adds her colleague, Sanja Fidler. “It’s about what can deep learning do these days to make life more fun?”


And there’s also the song penned by a system trained on the Beatles’ work (above). It’s way, way better. Scarily better. Not quite unemployed musician better, but background music composer better? Getting there.
link to this extract

Solid holiday demand in the US for GoPro HERO5 • PR Newswire

Here’s GoPro’s announcement. See if you can spot the hidden actual news (I’ve cut off the first three paragraphs, which talk about how well the HERO5 has sold compared to last year):


“We have a lot of work to do to finish the quarter and our fiscal year, however our HERO5 cameras have been very well-received by critics and consumers alike,” said Nicholas Woodman, Founder & CEO of GoPro. “Both HERO5 cameras can now auto-offload new content to the cloud and our Quik mobile app makes accessing and editing your footage fun. Its clear consumers are excited about these new features.”

GoPro also announced a company-wide restructuring that will reduce full-year 2017 non-GAAP operating expenses to approximately $650m (GAAP: $735m) and achieve its goal of returning to non-GAAP profitability in 2017. The restructuring includes the closure of its entertainment division, facilities reductions, and the elimination of more than 200 full-time positions plus the cancelation of open positions for a reduction in force of approximately 15%.

Additionally, Tony Bates will depart his position as president of the Company at the end of the year. 


That’s a lot of jobs going. And closure of the “entertainment division”, with which it had wanted to get beyond simple device sales and into original shows. Reality bites, and GoPro is getting bitten by saturation in its initial market. (Every news organisation led on the staff cuts and closure.)
link to this extract

Samsung, you don’t need $60bn • Bloomberg Gadfly

Tim Culpan on Samsung’s reaction to activist shareholder Elliott Management:


In a statement Tuesday, the company said that its business objectives:”…require maintaining a net cash balance of 65 to 70 trillion Korean won, based on historical and expected capital expenditures, working capital requirements, M&As and other financing needs.”That’s $56 billion to $60 billion. Seriously, is the Lee family spiriting it away for a rainy day, when they suddenly need to crack open the piggy bank to buy umbrellas and tarpaulin? Exploding phones and self-destructing washing machines are about as close as the company will ever get to the urgent need for a large wad of Ben Franklins, and even those disasters won’t set them back that much.

In its response to Elliott Management Corp.’s call last month for widespread changes, Samsung made the bold claim that its cash haul allowed it “to seize compelling opportunities, withstand challenges and pursue strategic goals throughout all economic cycles.”…

…The company is under-leveraged, with 93.7% of its capital coming from equity, according to data compiled by Bloomberg. What it has done with that cash is very little. Samsung has spent an average of just 24trn won a year over the past five years on fixed and intangible assets – mostly factories and equipment – well below the average 37trn won in cash it gets from operations. Its biggest acquisition to date is the $8bn it plans to fork out for Harman International Industries Inc., announced after Elliott’s pitch.

Instead, Samsung has allowed its cash pile to grow fourfold over the past five years, despite boosting capital expenditure to fight wars on multiple fronts, including against Taiwan Semiconductor Manufacturing Co., Apple Inc., Foxconn Technology Group and LG Display Co.It’s true that sales are slowing and operating cash flow will moderate accordingly. But on the flip side, the arms race in chips and displays is losing pace and the next battle will be around production quality rather than capacity.


link to this extract

Interview: Steve Milunovich of UBS on the future of Apple • Business Insider

Jim Edwards interviewed the UBS analyst who often asks the sharpest questions in the earnings calls:


Steven Milunovich: I don’t believe that Apple thinks in a “jobs to be done” way. Tell them that and I think you’ll get a lot of blank looks. I don’t think they necessarily adhere to the theory per se. I think it is what they do internally. They ask themselves, “What is it I don’t like about my phone?”

I remember when Steve Jobs brought out the original iPhone. He talked a lot about the drawbacks of the current phone, and we’d like it to do this, that, and the other. Apple solved those problems, and it turned out to be an innovative job to be done.

I think Apple does indirectly think in this way. They come out with new products, and eventually come out with new jobs to be done. They often have to innovate the technology in order to finish the job.

Jim Edwards: Reading your note, you gave me the impression that you were worrying that Apple right now has not identified a new “job to be done”.

Steve: Yes, my concern is with what Alex Danco talks about with alignment on the supply-and-demand side. So my concern is actually a little less on the “job to be done” side. We don’t know if Apple has figured out what the next jobs to be done are. But my sense in talking to them is they’ve at least identified the places they want to innovate — home automation; healthcare; and they don’t talk about it but I guess automotive; AR and VR which they do talk about, particularly augmented reality.

So I think they’ve identified the places they can make a difference and disrupt. It’s also dependent on the technology.


link to this extract

San Francisco rail system hacker is himself hacked • Krebs on Security

Brian Krebs was contacted by someone who accessed the SF Muni hacker’s email by guessing his secret answer (impressive trick in its own right):


One hundred Bitcoins [the ransom demanded for the SF Muni ransomware attack] may seem like a lot, but it’s apparently not far from a usual payday for this attacker. On Nov. 20, hacked emails show that he successfully extorted 63 bitcoins (~$45,000) from a U.S.-based manufacturing firm.

A review of more than a dozen Bitcoin wallets this criminal has used since August indicates that he has successfully extorted at least $140,000 in Bitcoin from victim organizations.
The attacker appears to be in the habit of switching Bitcoin wallets randomly every few days or weeks. “For security reasons” he explained to some victims who took several days to decide whether to pay the ransom they’d been demanded. A review of more than a dozen Bitcoin wallets this criminal has used since August indicates that he has successfully extorted at least $140,000 in Bitcoin from victim organizations.

That is almost certainly a conservative estimate of his overall earnings these past few months: My source said he was unable to hack another Yandex inbox used by this attacker between August and October 2016, “,” and that this email address is tied to many search results for tech help forum postings from people victimized by a strain of ransomware known as Mamba and HDD Cryptor.

Copies of messages shared with this author answer many questions raised by news media coverage of this attack, such as whether the SFMTA was targeted. In short: No. Here’s why.

Messages sent to the attacker’s account show a financial relationship with at least two different hosting providers. The credentials needed to manage one of those servers were also included in the attacker’s inbox in plain text, and my source shared multiple files from that server.


Data points to the hacker being in Iran, despite a Russian phone number and email address.
link to this extract

Political correctness: how the right invented a phantom enemy • The Guardian

Moira Weigel:


In 1970, the African-American author and activist Toni Cade Bambara used the phrase in an essay about strains on gender relations within her community. No matter how “politically correct” her male friends thought they were being, she wrote, many of them were failing to recognise the plight of black women.

Until the late 1980s, “political correctness” was used exclusively within the left, and almost always ironically as a critique of excessive orthodoxy. In fact, some of the first people to organise against “political correctness” were a group of feminists who called themselves the Lesbian Sex Mafia. In 1982, they held a “Speakout on Politically Incorrect Sex” at a theatre in New York’s East Village – a rally against fellow feminists who had condemned pornography and BDSM. Over 400 women attended, many of them wearing leather and collars, brandishing nipple clamps and dildos. The writer and activist Mirtha Quintanales summed up the mood when she told the audience, “We need to have dialogues about S&M issues, not about what is ‘politically correct, politically incorrect’.”

By the end of the 1980s, Jeff Chang, the journalist and hip-hop critic, who has written extensively on race and social justice, recalls that the activists he knew then in the Bay Area used the phrase “in a jokey way – a way for one sectarian to dismiss another sectarian’s line”.

But soon enough, the term was rebranded by the right, who turned its meaning inside out. All of a sudden, instead of being a phrase that leftists used to check dogmatic tendencies within their movement, “political correctness” became a talking point for neoconservatives. They said that PC constituted a leftwing political programme that was seizing control of American universities and cultural institutions – and they were determined to stop it…

…By making fun of professors who spoke in language that most people considered incomprehensible (“The Lesbian Phallus”), wealthy Ivy League graduates could pose as anti-elite. By mocking courses on writers such as Alice Walker and Toni Morrison, they made a racial appeal to white people who felt as if they were losing their country. As the 1990s wore on, because multiculturalism was associated with globalisation – the force that was taking away so many jobs traditionally held by white working-class people – attacking it allowed conservatives to displace responsibility for the hardship that many of their constituents were facing. It was not the slashing of social services, lowered taxes, union busting or outsourcing that was the cause of their problems. It was those foreign “others”.


As Weigel points out, the hypocrisy of continually yelling for years that you’re being silenced goes unremarked.
link to this extract

More than 1 million Google accounts breached by Gooligan malware • Check Point Technologies



The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device. Our research team has found infected apps on third-party app stores, but they could also be downloaded by Android users directly by tapping malicious links in phishing attack messages.

After an infected app is installed, it sends data about the device to the campaign’s Command and Control (C&C) server.

Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153). These exploits still plague many devices today because security patches that fix them may not be available for some versions of Android, or the patches were never installed by the user. If rooting is successful, the attacker has full control of the device and can execute privileged commands remotely.

After achieving root access, Gooligan downloads a new, malicious module from the C&C server and installs it on the infected device. This module injects code into running Google Play or GMS (Google Mobile Services) to mimic user behavior so Gooligan can avoid detection, a technique first seen with the mobile malware HummingBad. The module allows Gooligan to:

• Steal a user’s Google email account and authentication token information
• Install apps from Google Play and rate them to raise their reputation
• Install adware to generate revenue

Ad servers, which don’t know whether an app using its service is malicious or not, send Gooligan the names of the apps to download from Google Play. After an app is installed, the ad service pays the attacker. Then the malware leaves a positive review and a high rating on Google Play using content it receives from the C&C server.


Affects Android 4 and 5, which covers 74% of users. Most of those affected are in Asia, but about 190,000 in the US, where Google Play is easily available. Remember the thing I said the other day about Android vulnerabilities being theoretical, until they aren’t? This is that.
link to this extract

Amazon plans premium Alexa speaker with large screen • Bloomberg

Mark Gurman:

» Inc. is developing a premium Echo-like speaker with a screen, a sign the world’s largest online retailer is trying to capitalize on the surprise success of its voice-controlled home gadgets and fend off competition from Google and Apple Inc.

The new device will have a touchscreen measuring about seven inches, a major departure from Amazon’s existing cylindrical home devices that are controlled and respond mostly through the company’s voice-based Alexa digital assistant, according to two people familiar with the matter. This will make it easier to access content such as weather forecasts, calendar appointments, and news, the people said. They asked not to be identified speaking about a product that has yet to be announced.

The latest Amazon speaker will be larger and tilt upwards so the screen can be seen when it sits on a counter and the user is standing, one of the people said.


After Jan Dawson’s points yesterday about the lack of visual feedback for the Alexa, guess what! Interesting that it’s Gurman, who has been famed for his Apple scoops, getting this story. It feels like one which either comes from supply chain sources, or from Amazon itself. Some of the detail in the story (“Amazon is also testing a feature that allows users to pin items such as photos on their speaker’s screen”) leans just a little towards the latter.
link to this extract

How the BBC England data unit scraped airport noise complaints • Online Journalism Blog

Daniel Wainwright:


I’d wondered for a while why no-one who had talked about scraping at conferences had actually demonstrated the procedure. It seemed to me to be one of the most sought-after skills for any investigative journalist.

Then I tried to do so myself in an impromptu session at the first Data Journalism Conference in Birmingham (#DJUK16) and found out why: it’s not as easy as it’s supposed to look.

To anyone new to data journalism, a scraper is as close to magic as you get with a spreadsheet and no wand.

Numbers and text on page after page after page after page just effortlessly start to appear neatly in a spreadsheet you can sort, filter and interrogate.

You can even leave the scraper running while you ring a contact or just make a cup of tea.

Scraping Heathrow noise complaints

I used a fairly rudimentary scraper to gather three years’ worth of noise complaint data from the Heathrow Airport website. With the third runway very much on the news agenda that week I wanted to quickly get an idea of how much of an issue noise already was.

The result was this story, which was widely picked up by other outlets.

But how did I do it?


With Google sheets. To anyone who codes, his method will look really shonky, but it worked well enough. This is how data journalism needs to work: if you can really code, you’d sort it quickly, but journalists need to be able to roll their own rather than having to hassle coders to do it for them.
link to this extract

The colossal African solar farm that could power Europe • BBC Europe

Sandrine Ceurstemont:


Hundreds of curved mirrors, each as big as a bus, are ranked in rows covering 1,400,000 sq m (15m sq ft) of desert, an area the size of 200 football fields. The massive complex sits on a sun-blasted site at the foot of the High Atlas mountains, 10km (6 miles) from Ouarzazate – a city nicknamed the door to the desert. With around 330 days of sunshine a year, it’s an ideal location.

As well as meeting domestic needs, Morocco hopes one day to export solar energy to Europe. This is a plant that could help define Africa’s – and the world’s – energy future.

Of course, on the day I visit the sky is covered in clouds. “No electricity will be produced today,“ says Rachid Bayed at the Moroccan Agency for Solar Energy (Masen), which is responsible for implementing the flagship project.

An occasional off day is not a concern, however. After many years of false starts, solar power is coming of age as countries in the sun finally embrace their most abundant source of clean energy. The Moroccan site is one of several across Africa and similar plants are being built in the Middle East – in Jordan, Dubai and Saudi Arabia. The falling cost of solar power has made it a viable alternative to oil even in the most oil-rich parts of the world.

As well as meeting domestic needs, Morocco hopes one day to export solar energy to Europe.

Noor 1, the first phase of the Moroccan plant, has already surpassed expectations in terms of the amount of energy it has produced. It is an encouraging result in line with Morocco’s goal to reduce its fossil fuel bill by focusing on renewables while still meeting growing energy needs that are increasing by about 7% per year. Morocco’s stable government and economy has helped it secure funding: the European Union contributed 60% of the cost for the Ouarzazate project, for example.


link to this extract

Peak Google, revisited • Naofumi Kagami

Kagami takes a stab at predicting when we might see Google’s revenue stop its dramatic growth, based on (1) ad spend is a pretty constant percentage of US GDP (2) Google’s revenues principally come from and grow with US GDP, not developing nations (3) the assumption that Google won’t find anything to add substantially to its ad-driven top line:


1. Since the size of total media ad spending is constant as a percentage of GDP, this is the hard ceiling of advertising growth in the US.

2. Digital ad spending is rapidly approaching this ceiling. With already close to 40% of total ad spending, there is less and less room left for digital to grow.

3. Google has close to half of total digital ad spending. Of the remainder, it is likely that Facebook is taking half of this. Google has little space to grow by increasing its share within the total digital ad market. In fact, it is more likely that Facebook will eat into Google’s ad market share. Note that one estimate suggests that Google & Facebook own 85% of the US the digital ad market.

4. Since Google’s ad revenue growth has largely been independent of developing countries, it is reasonable to assume that this will continue for the mid-term.

In simple terms, there is no longer room in the advertising industry for both Google and Facebook. Since Facebook has more momentum, it is likely that we will see Google being increasingly squeezed. Although the total digital ad spending will likely still see mid double digit growth, Facebook will take the majority of this growth and Google will probably drop to single digit growth before 2020.


Which would be in the next three years.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.