Start Up: car app hacking, Zuckerberg examined, Samsung’s S8 Sony power, the trouble with HTTPS, and more

Curved TVs: looks like they’re going the way of 3D TVs. Photo by pestoverde on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 13 links for you. Unlucky for some. I’m @charlesarthur on Twitter. Observations and links welcome.

Car apps are vulnerable to hacks that could unlock millions of vehicles • WIRED

Andy Greenberg:


In the era of the connected car, automakers and third-party developers compete to turn smartphones into vehicular remote controls, allowing drivers to locate, lock, and unlock their rides with a screen tap. Some apps even summon cars and trucks in Knight Rider fashion. But phones can be hacked. And when they are, those car-connected features can fall into the hands of hackers, too.

That’s the troubling result of a test of nine different connected-car Android apps from seven companies. A pair of researchers from the Russian security firm Kaspersky found that most of the apps, several of which have been downloaded hundreds of thousands or over a million times, lacked even basic software defenses that drivers might expect to protect one of their most valuable possessions. By either rooting the target phone or tricking a user into installing malicious code, the researchers say, hackers could use any of the apps Kaspersky tested to locate a car, unlock it, and in some cases start its ignition.


Happy days.
link to this extract

Zuckerberg’s world • ROUGH TYPE

Nick Carr:


The problems with Zuckerberg’s self-serving fantasy about social relations become even more pronounced when we turn to “sub-communities” of creeps and miscreants who share poisonous beliefs — neo-Nazi groups, say, or racist groups or misogynistic groups or groups of murderous ideologues (or even groups of amoral entrepreneurs who seek to make a quick buck by spreading fake news stories through the web). Here, too, the beliefs of the individual members of the community form the values of the community — values that, thankfully, are anything but common standards. “The purpose of any community is to bring people together to do things we couldn’t do on our own,” Zuckerberg writes, without any recognition that those “things” could be bad things. Even though the actions of destructive groups, in particular their use of Facebook and other social networks not as a metaphorical infrastructure for global harmony but as a very real infrastructure for recruitment, propaganda, planning, and organization, would seem to be one of the spurs for Zuckerberg’s message, he is blind to the way they contradict that message. Nastiness, envy, chauvinism, mistrust, distrust, anger, vanity, greed, enmity, hatred: for Zuckerberg, these aren’t features of the human condition; they are bugs in the network.


There have been plenty of takedowns of Zuckerberg’s sorta-manifesto, but Carr offers the broadest take.
link to this extract

Samsung to use Sony batteries in Galaxy S8 phone • WSJ

Takashi Mochizuki:


Samsung Electronics Co. will add a third battery supplier for its next flagship smartphone, the Galaxy S8, according to people familiar with the matter, as the world’s biggest phone maker seeks to avoid a repeat of last year’s disastrous recall.

The South Korean technology giant will use lithium-ion battery packs from a unit of Japan’s Sony Corp. for the Galaxy S8, these people said, in addition to its two longtime suppliers: a Samsung affiliate and Hong Kong-based Amperex Technology Ltd.

Samsung SDI Co. and Amperex, a unit of Japanese electronic parts maker TDK Corp., have been told by Samsung Electronics that there will be an additional battery supplier for the new smartphone, these people said. The orders from the Sony unit are relatively small in quantity, they said.


In the UK (perhaps elsewhere too?) Samsung is running a series of ads about how carefully it tests its phones – heat, cold, bending, dropping, water. No fire though. Not sure how reminding people about its quality control, or its failure, will go down.
link to this extract

Apple vowed to revolutionize television. An inside look at why it hasn’t • Bloomberg

Mark Gurman:


[Timothy] Twerdhal’s arrival [from Amazon] comes as the company tests a new, fifth-generation Apple TV that it may release as soon as this year. Internally codenamed “J105,” the new box will be capable of streaming ultra-high-definition 4K and more vivid colors, according to people familiar with the plans.

The features will probably boost Apple TV sales as consumers increasingly upgrade to 4K television sets, but those enhancements alone probably aren’t enough to turn the gadget into a groundbreaking, iPhone-caliber product. Time and again, the people say, Apple engineers have been forced to compromise on Apple’s vision of revolutionizing the living room.

Early on, the Apple TV was going to replace the clunky set-top boxes from the cable companies and stream live television. It never happened. The team debated bundling a gaming controller with the current model to better compete with Microsoft Corp.’s Xbox and Sony Corp.’s PlayStation. That didn’t happen either. Originally, viewers were going to be able to shout commands from the couch to the Apple TV. Instead they must talk to the remote control.

Apple has essentially settled for turning the television set into a giant iPhone: a cluster of apps with a store. “That’s not what I signed up for,” says one of the people, who requested anonymity to talk freely about internal company matters. “I signed up for revolutionary. We got evolutionary.”


Nor, of course, has anyone else managed to do this. I wondered on Sunday morning what has happened to Android TV – relaunched for a third time in 2014. Nobody seems to know, except that it doesn’t work well for some. I’d love to see stats on intentional Android TV use.
link to this extract

How software is eating the banking industry • CNBC

Ari Levy:


Digit’s software plugs into a user’s checking account, analyzing expenses and income and determining how much money could be stashed away without the customer feeling it. Based on the personalized algorithm, Digit puts a few bucks or so a week into a savings account, notifying users with a simple text to help them pay off college or credit card debt or prepare for a wedding. It also serves up reminders to eliminate late fees and recently launched a notification bot on Facebook Messenger.

Digit says that it’s saved more than $350m for its customers.

That includes people like Jenn Chenn, a former community manager at a San Francisco software company who’s now in between jobs. Chenn has saved close to $16,000 over the past three years using Digit, money that would have otherwise remained in her checking account and more than likely have been spent.

“It started off small and as time went by, I started seeing different ways I could increase that amount and be OK,” she said.

The savings were of particular importance after a hit-and-run accident left her with a hefty out-of-pocket payment for hospital bills.


Ah, American healthcare. Nearly as broken as the American banking industry.
link to this extract

LG and Sony confirm no curved TVs for 2017 • What Hi-Fi?

Andy Madden:


It came as no real surprise when LG and Sony revealed they were both killing off 3D at CES 2017. The feature failed to take off for a number of reasons, not least cost and the competing passive/active technologies. Now, both LG and Sony have confirmed that there won’t be any curved TV options on the menu this year either.

Speaking at the company’s InnoFest event in Crete, LG cited a lack of consumer interest as the key reason, with its research showing consumers tend to choose flat over curved when given the choice of similarly-priced sets.

Sony had a similar event to outline its ranges for 2017 and curved sets were also absent – “there were no curved models in the line-up we showed at the trade show recently, but we are not commenting on our future plans,” said a Sony spokesperson.


Recall that the furious review of the Samsung TV included its curvedness.

Another innovation bites the dust.
link to this extract

The truth about the Trump data team that people are freaking out about • BuzzFeed News

Kendall Taggart:


interviews with 13 former employees, campaign staffers, and executives at other Republican consulting firms who have seen Cambridge Analytica’s work suggest that its psychological approach was not actually used by the Trump campaign and, furthermore, the company has never provided evidence that it even works. Rather than a sinister breakthrough in political technology, the Cambridge Analytica story appears to be part of the traditional contest among consultants on a winning political campaign to get their share of credit — and win future clients.

Every person who spoke to BuzzFeed News insisted on anonymity, with many citing a reluctance to cross the company’s powerful leaders, who insiders say include co-owner Rebekah Mercer, one of Trump’s major donors, and board member Steve Bannon, his chief strategist.

Yet when Nix claimed that on a single day during the campaign, the firm tested more than 175,000 different Facebook ad variations based on personality types, Gary Coby, who ran digital advertising for the Trump campaign, took to Twitter to call it a “100% Lie” and “total rubbish.” Gerrit Lansing, who worked with the campaign and is now the White House chief digital officer, also dismissed Nix’s claim as “a lie.” Both declined to comment further, as did Mercer and Bannon.


Perhaps the truth is somewhere in between the amazing and the flop.
link to this extract

ZTE cancels Kickstarter campaign for Project CSX “Hawkeye” phone • AndroidAuthority

John Callaham:


ZTE started Project CSX as a way to get its fans to help them design a unique device. It held a contest in 2016 for people to submit concepts for new products, with the public voting for their favorite of the top five designs. The winning product idea was an Android smartphone that included eye-tracking technology and a self-adhesive case, so the phone could be used without actually touching the screen.

However, when the campaign actually began in early January, many people were not impressed by the hardware specs that were posted on the Kickstarter page. They included a 5.5-inch display, a Qualcomm Snapdragon 625 processor, 3GB of RAM and 32GB of onboard storage. Some fans felt the specs were too low for a phone that was scheduled for a launch in September 2017 for the price of $199.

In their update today announcing the Kickstarter campaign cancellation, ZTE said this was not going to be the end for Project CSX. It stated it is “reevaluating the device” and changes to the phone “will be implemented on based on your feedback.” That includes improving the hardware specs and also pushing back the date of its release, which the company said is “still being finalized”.


Raised 190 people donated $36,245 towards the $500,000 target. VR headsets for your cat do better.
link to this extract

Certified malice • text/plain

Eric Lawrence:


One unfortunate (albeit entirely predictable) consequence of making HTTPS certificates “fast, open, automated, and free” is that both good guys and bad guys alike will take advantage of the offer and obtain HTTPS certificates for their websites.

Today’s bad guys can easily turn a run-of-the-mill phishing spoof:

…into a somewhat more convincing version, by obtaining a free “domain validated” certificate and lighting up the green lock icon in the browser’s address bar:

The resulting phishing site looks almost identical to the real site…

By December 8, 2016, LetsEncrypt had issued 409 certificates containing “Paypal” in the hostname; that number is up to 709 as of this morning. Other targets include BankOfAmerica (14 certificates), Apple, Amazon, American Express, Chase Bank, Microsoft, Google, and many other major brands. LetsEncrypt validates only that (at one point in time) the certificate applicant can publish on the target domain. The CA also grudgingly checks with the SafeBrowsing service to see if the target domain has already been blocked as malicious, although they “disagree” that this should be their responsibility. LetsEncrypt’s short position paper is worth a read; many reasonable people agree with it.


It’s a real mess.
link to this extract

Trump can’t build a border wall without the real estate • WSJ

Evan Siegried:


This past weekend the president took to Twitter to lash out at reports that the true cost of the border wall would be well north of $10bn.

The critics are almost certainly correct. Mr. Trump fails to take into account the major hurdle the wall faces: eminent domain.

To build the wall, the U.S. would need to own all 1,954 miles of the border. Most of this land is now private property—especially in Texas, where the U.S. government owns only 100 miles of the 1,254-mile border. To acquire the rest of the land it would need, Washington would need to employ eminent domain, the authority under the Fifth Amendment to seize private property for public use upon payment of “just compensation.”

Recent history shows that’s easier said than done. In 2006 Congress passed the Secure Fence Act with strong bipartisan backing, including the support of New York Democrat Chuck Schumer, now Senate minority leader. The law authorized construction of a border fence along 700 miles of the U.S.-Mexico border, including 100 miles in Texas. Lawmakers expected swift completion of the project.

Instead, a decade later, there are unfenced gaps—because the fence had to have holes to accommodate local ranchers whose cattle graze on the southern side, but also due to property owners’ fighting land seizures in federal court.


Gosh, it’s almost as if he hadn’t actually done any research into the complexity of the preexisting problem before he spouted a convenient neologism for personal gain. Property bought in this way can cost 20 times what the government first offers. And there are thousands of landowners.
link to this extract

Why so many couples fight at Ikea • Science of Us

Carl Romm:


Here’s the cruelest of all the cruel jokes Ikea plays on its customers: If — if — you and your significant other still make it out of there with minimal strife and all the furniture you need, you still have to go home and assemble it. And that, for the uninitiated, is a whole other can of worms.

Ikea famously does not write out the instructions for assembling its pieces, but instead uses pictures of a cheerful, human-shaped blob, a strategy that unfortunately leaves plenty open to interpretation. Which means — you guessed it — more decisions. “You have a lot of steps to go through to get to that final product,” Peterson says, “and you’re compromising every single step of the way, because most of us don’t do things exactly the way our partners do them.”

Or at least, that’s the best possible outcome, even if it’s mentally exhausting. Another alternative: You don’t compromise, and instead butt heads every step of the way about what those confusing little arrows in the illustration are actually saying. “It’s a situation where there needs to be clear communication, but there’s stress on the system because the instructions are not clear,” Ayduk says. And that stress can lead to a lot of finger-pointing when things go awry: “It’s open to misunderstanding, errors, and then people get into blaming mode,” she adds. “And then it becomes more than just disagreeing over a bad interaction in the context of furniture assembly.” As with the chair that goes on too many camping trips, a spat over which peg goes where can quickly roll down the slippery slope into don’t you trust me and you never listen.


Pro tip: only one of you goes to Ikea. Then once home, the other one assembles, while the buyer provides refreshments.
link to this extract

Beepi winding down after burning through $150m • WSJ

Yuliya Chernova:


Beepi Inc. is inching toward winding down its business after blowing through $150m in venture capital, the latest casualty of investor caution after a frothy period.

The Mountain View, Calif.-based startup, founded in 2013, was operating an online marketplace for used cars. Having run out of cash, the startup has begun the process to sell its assets to satisfy creditors through an alternative to bankruptcy.

Neither equity investors nor employees are likely to get any money back, said a person familiar with the matter.


Astonishing. If only John Updike were around to write “Rabbit is Venture-Funded”.
link to this extract

The problem with AMP • 80×24

Kyle Schreiber:


Make no mistake. AMP is about lock-in for Google. AMP is meant to keep publishers tied to Google. Clicking on an AMP link feels like you never even leave the search page, and links to AMP content are displayed prominently in Google’s news carousel. This is their response to similar formats from both Facebook and Apple, both of which are designed to keep users within their respective ecosystems. However, Google’s implementation of AMP is more broad and far reaching than the Apple and Facebook equivalents. Google’s implementation of AMP is on the open web and isn’t limited to just an app like Facebook or Apple.

If you want to avoid AMP, it is a lot easier to stop using the Facebook app or Apple News app than it is to avoid Google search. Google is the gateway to the web at large and is the doorway to information access in a way that Facebook will never be. Facebook might be the gatekeeper of social, but Google is the gatekeeper to a far larger and more meaningful set of information stored on the web – anything from cat pictures to scientific research. It’s disappointing to see Google promoting a closed standard under the guise of an open one.

Google insists that AMP is not a factor in a site’s search ranking. However, AMP compatibility does determine whether or not publishers are featured in the much coveted news carousel. This, in effect, forces publishers to start using AMP regardless of how fast their site loaded previously.

Google has the ability to further change the AMP HTML specification to keep publishers in their ecosystem. Google already makes deleting AMP pages difficult. Despite touting AMP HTML as an open standard, every one of the AMP Project’s core developers appears to be a Google employee.


There’s open, and there’s “open”. His point about external Javascript might also give some people pause. Question is: will AMP become embedded as the way publishers provide pages, or will the pendulum swing back? The “news carousel” factor is probably determinant there.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.