Start Up: Facebook’s video switch, cyberattack in Ukraine, the browser line of death, and more

Popular – and a big money-loser so far for Amazon, estimates say. Photo by Adam Bowie on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Feel their sensuality. I’m @charlesarthur on Twitter. Observations and links welcome.

Facebook looks like it’s going to stop paying publishers to make live videos • Recode

Kurt Wagner:


Facebook spent more than $50 million last year paying publishers and celebrities to create live video on the social network.

Now numerous publishers tell Recode that Facebook is de-emphasizing live video when it talks to them. And none of the publishers we’ve spoken with expect Facebook to renew the paid livestreaming deals it signed last spring to get live video off the ground.

Instead, Facebook is pushing publishers to create longer, premium video content as part of a larger effort led by Facebook exec Ricky Van Veen. The hope is to get more high-quality video onto the platform and into your News Feed — the kind of stuff, presumably, you might find on Netflix.

Facebook may pay publishers for that stuff, instead of paying them to make live video, a format Mark Zuckerberg was “obsessed” with last year.


When are publishers going to realise they can’t win this game? The problem is, their audience is over on Facebook. And they need the money badly. So when Facebook says “jump”, they can only ask how high.
link to this extract

Google Contributor has been shut down • Android Police

Corbin Davenport:


Back in 2015, Google launched a service called Google Contributor, which allowed users to pay a small amount of money per month to see fewer AdSense ads on their favorite websites. The service never expanded outside the United States, and last month, Google announced it would shut down “mid-January 2017.”

Well, it’s now mid-January, and Google Contributor has been laid to rest. The site now shows a 404 error, and users have received refunds for their remaining account balance.


Except Google’s Contributor page says it’s “launching a new and improved Contributor in early 2017!” Question is, why does it have to kill the old one and resart?
link to this extract

Ukraine’s power outage was a cyber attack: Ukrenergo • Reuters

Pavel Polityuk, Oleg Vukmanovic and Stephen Jewkes:


A power blackout in Ukraine’s capital Kiev last month was caused by a cyber attack and investigators are trying to trace other potentially infected computers and establish the source of the breach, utility Ukrenergo told Reuters on Wednesday.

When the lights went out in northern Kiev on Dec. 17-18, power supplier Ukrenergo suspected a cyber attack and hired investigators to help it determine the cause following a series of breaches across Ukraine.

Preliminary findings indicate that workstations and Supervisory Control and Data Acquisition (SCADA) systems, linked to the 330 kilowatt sub-station “North”, were influenced by external sources outside normal parameters, Ukrenergo said in comments emailed to Reuters.

“The analysis of the impact of symptoms on the initial data of these systems indicates a premeditated and multi-level invasion,” Ukrenergo said.

Law enforcement officials and cyber experts are still working to compile a chronology of events, draw up a list of compromised accounts, and determine the penetration point, while tracing computers potentially infected with malware in sleep mode, it said.


link to this extract

Tim Draper keeps defending Theranos • Axios

Draper is an old family friend of Theranos founder Elizabeth Holmes, and put $1m into it early on. Dan Primack leads the questioning, such as:


The first Wall Street Journal story critical of Theranos was published in October 2015. What was your initial reaction?

“I dismissed it because there are always writers who want to take down big successes. Then after the next one I realized there was some strange vendetta. Maybe it had to do with money. The guy is getting $4 million to continue this charade.”

Don’t journalists sometimes dig into something that only looks like a big success, but actually is fraudulent in some way?

“Elizabeth started an amazing company that is so disruptive to various industries, so I think there were competitors fueling this fire. She was delivering 50 blood tests for $30. Her competitors are delivering the same thing for hundreds, sometimes thousands of dollars. They were hugely threatened by this. Her product allowed consumers to have a baseline and then measure all of the changes in their blood over time. That technology is going to happen and I’m hoping it happens with Theranos.

It’s like other industries that get threatened by new technology. Like Bitcoin when all of the banks lined up against it. Or Uber being attacked by the taxi companies or Tesla by the car companies or Skype by the telecom companies. In this case, the competitors got a mouthpiece. I believe Elizabeth is the victim of a witch hunt.”

You said something similar to Bloomberg TV last summer, adding that the competitors in this case included pharma and health insurers. How so?

“My argument there is a little more abstract. If you’re big pharma, you like this relationship you have with doctors. You like that you can drive what people are prescribed. Theranos allows people to take more control over their own health, which would end up creating smaller markets for drug companies and health insurance companies.”


Would love smaller markets for health insurance companies, but that’s not really what Theranos was aiming at. And believe me, there’s no way that John Carreyrou was getting $4m for anything.
link to this extract

The Artificial Lawyer year in review: the new era of legal AI begins • artificial lawyer

Richard Tromans:


One can seriously doubt whether a website called Artificial Lawyer in, for example 2006, would have received the same level of interest, or had that much to write about.

In 2006, the site would have been almost entirely theoretical. It would have been sparsely populated with comments from a few talking heads, talking again and again about the same theoretical issues. In short, it would not have been of much interest. News is about actual events, not just theory. And there was no legal AI news back then.

Roll forward 10 years and everything has changed. Some might say changed too much. Others may say: ‘Yes, it’s changed, but a lot of it is hype.’

My view is that neither too much has changed (in fact, it’s only just started to change), nor is this hype. It is very real and having an impact, but it is still small for now. Hype is about the latest version of the flying car that will never go into production, or marketing spiel about smart watches changing the world, even though few people have really ever used them for more than fitness tracking.

Moreover, the many new legal tech companies that are now emerging, both those operating inside the AI spectrum and several in other areas, are transforming the way we think about the production of legal work. They are changing client relationships and the internal dynamics of law firms. And though I don’t see the end of lawyers, we will probably see a big reduction in the need for paralegals in the years to come.

This is happening because this wave of legal AI and automation companies really do provide something that works and really do make a difference to lawyers and clients.


link to this extract

Google’s new stab at boosting Android brand in US • The Information

Amir Efrati:


Google is expanding its “Android One” program for low-cost smartphones to the U.S in coming months, promising phone makers major new promotional dollars if they play by its rules, say three people briefed on the plan…

…Google recently expressed its displeasure with Huawei after the China-based smartphone giant said earlier this month it would offer Amazon’s Alexa “virtual assistant” on upcoming U.S. phones, according to a person briefed about the matter. (Google developed a rival virtual assistant that will be built into Android phones besides the Pixel later this year.) It’s likely that Huawei made the decision in order to be in Amazon’s good graces, given that Amazon is an important seller of Huawei phones to U.S. customers.

A Huawei spokesman didn’t immediately respond to a request for comment.

Google already has lined up at least one phone maker to be a U.S. launch partner for Android One, said one of the people briefed on the program. The identity couldn’t be learned. But one potential partner is LG, this person said. Google isn’t accepting submissions from additional phone makers at the moment, this person said. After the first launch, Google is expected to consider including other phones on a case-by-case basis.


You’d have to think this is going to cause even more friction with Android OEMs. The smartphone market is slowing down (in the US as much as anywhere) which could mean some wondering whether it’s worth competing if Google isn’t making the field level (as well as playing in it the game itself).

link to this extract

Google has slashed the price of Daydream View headset • VR-Zone

Thomas Oliver on the price cut (from $79 to $49):


This is not a permanent price slash, however, and it is only valid until 25 February. Even though Daydream is not readily available in Singapore, anyone interested should get on this deal while it lasts.

Why Google has cut the price

Google only launched the Daydream headset last November. Since then, sales figures have not been made available, but are unlikely to be really impressive. After all, it came out near the end of 2016 and was limited to Daydream-ready devices, meaning the Google Pixel phone.  Pessimists would likely see this as the driving reason behind the sale, trying to push up sales numbers to make up for a disappointing year.

However, another potential reason could be that Google has seen renewed potential in the headset. After all, Google announced a whole slew of Daydream-Ready headsets at CES this year, including the very interesting Zenfone AR from Asus. With this information, it’s very clear that Google still has plenty of interest in VR. If anything, the sale shows how much they believe in the technology.


So he doesn’t know why Google cut the price, and hasn’t tried to find out. Journamalism. Most likely reason: poor sales (this feels like an inventory dump), which is reinforced by this tweet from Amir Efrati: “Google told one partner that usage of #DayDream VR “disappointing,” hence G asking phone brands to give away VR head gear for free.”
link to this extract

Amazon pours resources into voice assistant Alexa • FT

Leslie Hook, Richard Waters and Tim Bradshaw:


The company has also been pouring resources into Alexa at an ever-faster pace. Evercore estimates that Amazon lost about $330m on Alexa in 2016, including net losses on the devices as well as personnel costs, and that this figure will nearly double to exceed $600m this year. Amazon is advertising openings for more than 500 jobs in its Alexa team as it seeks to expand. (The company has also promised to add 100,000 new jobs, mostly warehouse positions, in the US by mid-2018.)

The strategic imperative for Amazon is clear: Alexa is its chance to own the operating system in this new medium, voice.

“It’s kind of like trying to become the Google for voice or the Windows for voice,” said Mark Mahaney, analyst at RBC. “I think Amazon is just running away with this market.”

He points to two places where voice interactions are most convenient: the home and the car. In the home, Amazon can strengthen its ties to customers, and of course make it easier for them to shop on Amazon and listen to Amazon Music.

This presence in the home dovetails with Amazon’s recent effort to expand its grocery business, Amazon Fresh. “It is kind of Amazon’s Trojan horse into the refrigerator,” said Mr Mahaney. He estimates as many as 10m Alexa devices were sold in the recent holiday quarter.

These direct retail opportunities are only part of the picture, however. Owning the popular voice operating system puts Amazon in a powerful position, allowing it to act as the gatekeeper for third-party applications and customer data.


Amazon’s position in voice is definitely interesting; it’s great they can afford to lose money on it, because they’ll make it up in volume. (Haha, volume, geddit?) When and how does it start earning back enough?
link to this extract

The Line of Death • text/plain

Eric Lawrence:


When building applications that display untrusted content, security designers have a major problem— if an attacker has full control of a block of pixels, he can make those pixels look like anything he wants, including the UI of the application itself. He can then induce the user to undertake an unsafe action, and a user will be none the wiser.

In web browsers, the browser itself usually fully controls the top of the window, while pixels under the top are under control of the site. I’ve recently heard this called the line of death:

If a user trusts pixels above the line of death, the thinking goes, they’ll be safe, but if they can be convinced to trust the pixels below the line, they’re gonna die.

Unfortunately, this crucial demarcation isn’t explicitly pointed out to the user, and even more unfortunately, it’s not an absolute.

For instance, because the area above the LoD is so small, sometimes more space is needed to display trusted UI. Chrome attempts to resolve this by showing a little chevron that crosses the LoD:

…because untrusted markup cannot cross the LoD. Unfortunately, as you can see in the screenshot, the treatment is inconsistent; in the PageInfo flyout, the chevron points to the bottom of the lock and the PageInfo box overlaps the LoD, while in the Permission flyout the chevron points to the bottom of the omnibox and the Permission box only abuts the LoD. Sometimes, the chevron is omitted, as in the case of Authentication dialogs.


This is fascinating, and shows the problems that designers are up against in trying to deter hackers, phishers and spoofers.
link to this extract

Silence speaks louder than words when finding malware • Android Developers Blog

Megan Ruthven, software engineer:


One security solution included on all devices with Google Play is Verify apps. Verify apps checks if there are Potentially Harmful Apps (PHAs) on your device. If a PHA is found, Verify apps warns the user and enables them to uninstall the app.

But, sometimes devices stop checking up with Verify apps. This may happen for a non-security related reason, like buying a new phone, or, it could mean something more concerning is going on. When a device stops checking up with Verify apps, it is considered Dead or Insecure (DOI). An app with a high enough percentage of DOI devices downloading it is considered a DOI app. We use the DOI metric, along with the other security systems to help determine if an app is a PHA to protect Android users. Additionally, when we discover vulnerabilities, we patch Android devices with our security update system

…A device is considered retained if it continues to perform periodic Verify apps security check ups after an app download. If it doesn’t, it’s considered potentially dead or insecure (DOI). An app’s retention rate is the percentage of all retained devices that downloaded the app in one day. Because retention is a strong indicator of device health, we work to maximize the ecosystem’s retention rate.

Therefore, we use an app DOI scorer, which assumes that all apps should have a similar device retention rate. If an app’s retention rate is a couple of standard deviations lower than average, the DOI scorer flags it…

…the DOI score flagged many apps in three well known malware families — Hummingbad, Ghost Push, and Gooligan. Although they behave differently, the DOI scorer flagged over 25,000 apps in these three families of malware because they can degrade the Android experience to such an extent that a non-negligible amount of users factory reset or abandon their devices.


Nice. But tell me more about this thing where “we patch Android devices with our security update system.” I don’t think you actually do that. The OEMs do, if people are lucky.
link to this extract

Google has acquired most of Twitter’s developer products, including Fabric and Crashlytics • Recode

Kurt Wagner and Tess Townsend:


Google is acquiring Twitter’s suite of developer products, including its developer suite Fabric which includes the crash reporting service Crashlytics. Twitter acquired Crashlytics back in 2013.

The two companies are not sharing deal terms, but every member of Twitter’s Fabric team has been offered a job at Google. One source estimated the team at around 60 employees.

Fabric is the collection of products that Twitter rolled out 18 months ago to try and encourage mobile app developers to integrate more closely with Twitter’s core app.

But when the company announced another round of layoffs back in October, it also added that it would be refocusing the company around what employees call “Bluebird,” the main Twitter app. This was less than a month after Twitter decided to forgo its annual developer conference, Flight, a flag that Twitter was trying to figure out what to do with Fabric amid all the changes.

In the fall, Twitter started exploring options to offload its fringe businesses, like Fabric and Vine, the latter of which has since been shut down. At least one other company, Microsoft, showed some interest in acquiring Fabric, according to multiple sources.


Twitter has been spending far too much on development – that’s part of why it’s in the red – so offloading this chunk makes financial sense. It looks bad, but it’s necessary.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.