Start Up: Google unafraid of Stagefright, Whitehall’s identity problem, Amazon Prime in numbers, and more

Drink up, and then I’ve got a car for you to drive. Photo by SpacePirate82 on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 9 links for you. Do not leak to ambassadors. I’m @charlesarthur on Twitter. Observations and links welcome.

The drunk utilitarian: Blood alcohol concentration predicts utilitarian responses in moral dilemmas • Science Direct

Aaron Duke and Laurent Bègue:


In two field studies with a combined sample of 103 men and women recruited at two bars in Grenoble, France, participants were presented with a moral dilemma assessing their willingness to sacrifice one life to save five others. Participants’ blood alcohol concentrations were found to positively correlate with utilitarian preferences (r = .31, p below .001) suggesting a stronger role for impaired social cognition than intact deliberative reasoning in predicting utilitarian responses in the trolley dilemma. Implications for Greene’s dual-process model of moral reasoning are discussed.


So we need self-driving cars to be drunk? (“Utilitarian response” is “kill one person to save five”.)
link to this extract

New Mac malware pinned on same Russian group blamed for election hacks • Ars Technica

Dan Goodin:


APT28, the Russian hacking group tied to last year’s interference in the 2016 presidential election, has long been known for its advanced arsenal of tools for penetrating Windows, iOS, Android, and Linux devices. Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs.

Like its counterparts for other platforms, the Mac version of Xagent is a modular backdoor that can be customized to meet the objectives of a given intrusion, researchers from antivirus provider Bitdefender reported in a blog post published Tuesday. Capabilities include logging passwords, snapping pictures of screen displays, and stealing iOS backups stored on the compromised Mac.

The discovery builds on the already considerable number of tools attributed to APT28, which other researchers call Sofacy, Sednit, Fancy Bear, and Pawn Storm. According to researchers at CrowdStrike and other security firms, APT28 has been operating since at least 2007 and is closely tied to the Russian government. An analysis Bitdefender published last year determined APT28 members spoke Russian, worked mostly during Russian business hours, and pursued targets located in Ukraine, Spain, Russia, Romania, the US, and Canada.


link to this extract

Google claims ‘massive’ Stagefright Android bug had ‘sod all effect’ • The Register

Iain Thomson:


Despite shrill wailings by computer security experts over vulnerabilities in Android, Google claims very, very few of people have ever suffered at the hands of its bugs.

Speaking at the RSA security conference in San Francisco on Tuesday, Adrian Ludwig, director of Android security, said the Stagefright hole – which prompted the Chocolate Factory to start emitting low-level security patches on a monthly basis – did put 95% of Android devices at risk of attack. However, there have been no “confirmed” cases of infections via the bug, Ludwig claimed.

It was a similar story for the MasterKey vulnerability that was spotted in 2013, he said. In that case, 99% of Android devices were vulnerable, but exploits abusing the security blunder peaked at less than eight infections per million users, it was claimed. And there were no exploits for the hole before details of the flaw were made public.

He also cited the 2014 FakeID flaw, disclosed at Black Hat that year. This affected 82% of Android users but exploits peaked at one infection per million users after the details were released, and none before that, we’re told.

Ludwig said he was sure of his figures, due to malware-detection routines, dubbed Verify Apps, in Google Play services, which is installed on more than 1.4 billion Android handhelds. Verify Apps reports back to Google when a software nasty is spotted on the device, allowing the web giant to tot up infection tallies.


Well, OK, but Stagefright could be exploited by picture message, and then hacked the OS. Verify Apps wouldn’t see it. And given the extraordinarily broad permissions that the average Android app demands, and is granted, why bother with malware?
link to this extract

Whitehall’s identity crisis: HMRC and Verify • BBC News

Rory Cellan-Jones:


Verify is the flagship of the Government Digital Service (GDS). It’s an online identity system designed to let citizens securely access all sorts of public services with ease. But now it has competition from another branch of government, HMRC.

This week, HMRC revealed that it was working on its own “identity solution” for individuals and businesses, while mentioning in an offhand way that “other departments will use Verify for all individual citizen services”.

But only last week, when the government’s digital masterplan was published, the cabinet office minister Ben Gummer announced that Verify was central to the transformation of public services. Its rollout was going to be accelerated, with a target of 25 million users by the end of 2020.
Now the GDS and HMRC are involved in a bitter turf war, and there is a danger that we will end up with public confusion over which identity service to use, and a much higher bill for the public purse than necessary.

So why is HMRC going its own way?


Turf wars, and weak leadership from the Cabinet Office minister, who ought to be the one banging heads together. (Or banging HMRC’s head against a wall.)
link to this extract

Putting some numbers around Amazon Prime • Beyond Devices

Jan Dawson digs into Amazon’s 10-Q, with its detailed numbers:


Let’s focus, though, on that retail subscriptions business, because that’s where Prime revenue sits. We need to make some assumptions about how much of that revenue is actually Prime to start. Morgan Stanley reckons it’s about 90%, and though I was originally tempted to say it was more than that, checking into the size of Audible made me think it’s probably about right. So I’m going to stick with that.

If we want to know subscriber numbers, though, we need to figure out what the average subscriber pays, and that’s a complex proposition because the price of Prime increased by $20 in 2014 in the US, and costs different amounts in each market. If we make reasonable assumptions about the mix of where those Prime subscribers are located (e.g. by using Amazon’s revenue split by country) and then apply the going rates at various times for a Prime subscription, we can arrive at a reasonable average. Mine starts at $76 in 2014 and rises to $81 in 2015 and $82 in 2016, whereas Morgan Stanley’s is at $88 for both 2015 and 2016.

On that basis, then, here’s a reasonable estimate for Prime’s subscriber numbers over the last four years, together with a sanity check in the form of the minimum possible number Amazon might have based on various public statements it’s made:

The numbers you end up with are just barely above those minimum numbers provided by Amazon. There’s no way to be 100% sure about my numbers, but they certainly imply that Amazon has been making the biggest possible deal out of its total number ever since that “tens of millions” comment at the end of 2013 (which referred to 21 million subscribers according to my estimate).


link to this extract

Brexit bumps up the UK price of Microsoft’s Surface Book • TechCrunch

Natasha Lomas:


Another Brexit bump: Microsoft has increased the cost of its Surface Book laptops for UK consumers.

The company had already made changes to certain of its enterprise products following the impact of the UK’s June referendum vote to leave the European Union on pound sterling. But the precipitous fall in the value of the UK’s currency has now moved Microsoft to rework some of its consumer price-tags too.

A tipster called Nic pointed us to the Surface Book price rises, noting the laptops have increased by £150 across the board — with the base model now costing £1449 vs the prior price-tag of £1,299. So a rise of 11.5%, in that instance.

A spokeswomen for Microsoft confirmed it has raised some consumer prices, telling TechCrunch: “In response to a recent review we are adjusting the British pound prices of some of our hardware and consumer software in order to align to market dynamics.”

She added that the price changes — which came into effect today — only affect products and services purchased by individuals, or organisations without volume licensing contracts.


Why can nobody see this is a fantastic opportunity for all the British PC makers to increase their exports to the rest of the world, such as New Zealand, freed of the shackles of EU regulation?
link to this extract

Linux’s Munich crisis: Crunch vote locks city on course for Windows return • ZDNet

David Meyer:


Munich’s city council has resolved to draw up a plan for abandoning LiMux, a Linux distribution created especially for its use, which the mayor wants ditched in favor of Microsoft’s Windows 10 by the end of 2020…

…At a Wednesday morning council meeting the coalition agreed to produce a draft plan for the migration, including cost estimates, before the council takes a final vote on the subject.

“The city council has not fully approved to change to Windows,” confirmed Petra Leimer Kastan, a spokeswoman for the office of mayor Dieter Reiter.

However, Matthias Kirschner, president of the Free Software Foundation Europe said: “They have now stepped back a little bit because so many people were watching, but on the other hand it’s very clear what they want.”

Little over a decade ago, Munich completed a migration from Windows to LiMux that involved some 15,000 computers, reportedly cost over €30m. Today, most of the local authority’s computers run LiMux, although some use Windows to run certain applications.

According to Munich’s current administration, council staff members dislike the software they have to use each day, and the city needs to stick to one operating system: Windows.


However it’s not clear whether they’re dissatisfied with LiMux, or the entire IT system they have to navigate. One suspects it’s the combination, but that they might be able to fumble their way through on Windows.
link to this extract

Apple struggles to make big deals, hampering strategy shifts • Bloomberg

Alex Webb and Alex Sherman:


“The first step in M&A is having some conviction about what it is you want to do,” said Eric Risley, managing partner at Architect Partners LLC who has negotiated deals with Apple. “Apple probably more than most feels that they’re very capable of building things” rather than buying them, he added. An Apple spokesman declined to comment.

Apple’s biggest deal in its 41-year history was the $3bn purchase Beats Electronics in 2014, followed by the $400m acquisition of NeXT Computer in 1996. In Facebook Inc.’s 13 years, it has made three acquisitions of at least $1bn, including its $22bn WhatsApp purchase. Google, founded in 1998, has done four such deals, while Microsoft has completed at least 10, according to data compiled by Bloomberg.

Instead of closing big deals, Cook has so far focused on growing Apple’s services businesses, including Apple Music, the App Store and iCloud. That’s beginning to work, with the company recently forecasting that annual revenue from those operations will top $50bn by 2021.

But even here, some analysts and investors argue for a big acquisition, especially in online video streaming. Apple has started distributing videos through the Music service, and pooling other providers’ video in its mobile TV app, but it has no service akin to Netflix or Inc.’s Prime Video.

On Friday, Sanford C. Bernstein analyst Toni Sacconaghi said Apple needs at least one big acquisition in online video. To reach its $50bn target, the company must find an extra $13 billion in services revenue over the next four years – beyond what it can generate itself. Netflix Inc. ended 2016 with sales of less than $9bn, so even buying that business may not be enough, the analyst said.


This is frantic talk. Apple makes lots of small acquisitions, and in general it makes them work. Google’s multi-billion acquisitions – YouTube, DoubleClick, Motorola (later sold), Nest – have a 50-50 hit rate; it’s the smaller ones, including Android and DeepMind, which arguably add value. (Though YouTube has been as crucial as Android.) Facebook’s acquisitions – Oculus, WhatsApp, Instagram – are roughly 2-for-3 (we don’t know how well Instagram converts; WhatsApp was strategic to block Google dominating messaging). Apple is making Beats work, but the idea it should rush off into a huge acquisition which would dilute its carefully built culture is the sort of move that kills companies slowly, by a sort of poisoning of the well.
link to this extract

Worldwide sales of smartphones grew 7% in the fourth quarter of 2016 • Gartner


In the smartphone operating system (OS) market, Google’s Android extended its lead by capturing 82% of the total market in the fourth quarter of 2016 (see Table 3). In 2016 overall, Android also grew its market share by 3.2 percentage points to reach an 84.8% share, and was the only OS to grow market share year on year. “The entry of Google’s Pixel phone has made the premium Android smartphone offering more competitive, while the re-entry of HMD (Nokia) in the basic (midtier) smartphone category, is set to further increase the competition in emerging markets,” said Anshul Gupta, Gartner research director.


Notable: BlackBerry share went from 0.2% in 4Q 15 to 0.0% in 4Q 16 (or at least, less than 0.05%, ie less than 250,000 units). Windows Phone went from 1.1% to 0.3% (1.09m). How long has Windows Phone got left?
link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.