Start Up: the fake iCloud threat, Spotify to IPO (sorta), YouTube cuts the 20%, Yoga Book dead?, and more

You know this dance. In comedy lingo, it’s a Gorilla. Let us explain why. Photo by cyclephotos on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Here’s where the Apple accounts hackers are threatening to wipe came from • Troy Hunt

Hunt, who has the fabulously useful “Have I Been Pwned” database, analysed a “sample” from the self-styled Turkish Crime Family hackers, who were threatening* to wipe 300 million iCloud accounts. The sample was 69,355 email addresses, of which about 40,000 clearly came from a breach of the Evony game site – down to both the email and password:


I could load the MySpace breach and the LinkedIn breach and keep cracking hashes and filling in gaps, but the source of the data was now abundantly clear. Let’s apply Occams Razor to this and I’ll draw the most obvious conclusion possible from the whole thing:

The list of Apple accounts is not hundreds of millions, it is instead less than 53k and it’s compromised predominantly of accounts from the Evony data breach and a small handful of others.

Now, that’s not to say there’s no risk at hand here, but rather that the risk is no different to the one we’re faced after every data breach: a bunch of people have reused their passwords and they’re now going to have other accounts pwned as a result. But that’s a very different story to the headlines of “hundreds of millions of Apple accounts will be reset and iPhones wiped”. It’s nowhere near as bad 53k either because a significant chunk of those people won’t have reused their passwords. Of those that have, many my no longer even be valid for Apple services and indeed Zack found that when he reached out to people listed in the sample data. But here’s something even more significant – Apple has the sample set I’ve been analysing which puts them well and truly one step in front of TCF.


Kudos to Zack Whittaker, who was the journalist who got the “sample” and shared it with Hunt. (My comment two weeks ago: “It sounds like a bluff. They might have access to a few hundred thousand iCloud accounts…”) A person was arrested on March 29.
link to this extract

Transcript: Phil Schiller, Craig Federighi and John Ternus on the state of Apple’s pro Macs • TechCrunch

Matthew Panzarino and Romain Dillet have typed up the sorta presentation Apple did. I found this chunk telling:


Matthew Panzarino (TechCrunch): You probably did market research, you mentioned you went out to pros and talked to them. What applications did you find were the most lacking? Obviously with a single heavy-load GPU, people were saying: ‘I wish I had a GPU with 16GB of RAM and a bunch of CPU cycles on it that I could just load up fully with this task.’ And you’re thinking: ‘This machine will never be suited to that, because of the thermal properties.’ Who were those people talking to you who told you ‘this is what we want?’

John Ternus: I think some of the science and technology of those types of applications certainly.

Craig Federighi: There’s certain scientific loads that are very GPU intensive and they want to throw the largest GPU at it that they can. There are heavy 3D graphics or graphics and compute that mix loads. Those can be in VR, those can be in certain kinds of high-end cinema production tasks where most of the software out there that’s been written to target those doesn’t know how to balance itself well across multiple GPUs but can scale across a single large GPU.

Matthew Panzarino (TechCrunch): We had like 30 years of CPU-forward thinking and in the last few years, GPU computation has become much more central.

John Ternus: And it’s certainly growing at a faster rate than CPUs as well.


Those “scientific loads” would be AR, VR and particularly machine learning. Apple has lagged there because it made the wrong call in 2013 – well, a couple of years earlier, as it’s a process – with the Mac Pro design.

Plenty more to digest in the piece.
link to this extract

A conservative and two liberals swapped news feeds. It didn’t end well • Bridge Magazine

Ron French:


In Ann Arbor, Knuth and Leija stuck with the news swap for five days before giving in to temptation and checking the New York Times for updates on the Affordable Care Act repeal bill being debated in the House of Representatives.

Trying to keep up with the world by only reading the Drudge Report was “a nightmare,” Leija said. Drudge aggregates news stories from multiple sources on the Internet and places them in a list with the same, small headline size.

“I found it hard over the course of the week to know what the important stories were,” Leija said. “I felt under-informed because all that tiny text creates a sense of not being able to tell what is important. It was depressing in a strange way.”

“You have really important stories all mixed up with really unimportant stories on the same list,” Knuth added. “I just didn’t understand how that could ever be a helpful tool for understanding what’s happening in the world.”

Knuth listened to The Patriot hours each day. “I was shocked,” Knuth said. “I had never listened to a radio station like that before. I was shocked to see that it was actually just a series of programs of Rush Limbaugh-type guys. It was wall-to-wall programming of these cranky personalities, who were engaged mainly in complaining.”


The Trump supporter didn’t even manage to last that long. Michigan seems like an odd place.
link to this extract

YouTube will no longer allow creators to make money until they reach 10,000 views • The Verge

Ben Popper:


Five years ago, YouTube opened their partner program to everyone. This was a really big deal: it meant anyone could sign up for the service, start uploading videos, and immediately begin making money. This model helped YouTube grow into the web’s biggest video platform, but it has also led to some problems. People were creating accounts that uploaded content owned by other people, sometimes big record labels or movie studios, sometimes other popular YouTube creators.

In an effort to combat these bad actors, YouTube has announced a change to its partner program today. From now on, creators won’t be able to turn on monetization until they hit 10,000 lifetime views on their channel. YouTube believes that this threshold will give them a chance to gather enough information on a channel to know if it’s legit. And it won’t be so high as to discourage new independent creators from signing up for the service.


As is standard for The Verge reporting, it doesn’t bother to ask anyone independent why Google might be doing this. A couple of thoughts: it’s trying to stop clever abuse by spammers creating lots of channels; it’s trying to fight off the row over brands appearing next to hate/racism/etc videos. You probably wouldn’t have to try hard to find an analyst who could give an opinion (open Twitter, for a start). The Verge never, ever, does. Maybe its ambition is no higher than to be a sort of Reuters newswire of technology. But Reuters seeks opinions too.

As a result, you have to rely on the comments to give you the best analysis.

Also: 10,000 seems a pretty small number (a determined spammer could probably hit it in a couple of days). What percentage of channels have more than 10,000 views? Google’s blogpost doesn’t say; The Verge doesn’t ask. Seems like an important statistic.

Fortunately, someone on the blogpost has had a stab at the maths: he reckons it’s the smallest 20%, and that 10,000 views would earn you about $10.40. (So Google gets about $4.20 on a 30-70 split.)

Unknown: how many views, and so how much money, the other 80% get. That link just above might be a pointer.
link to this extract

Samsung’s Android replacement is a hacker’s dream • Motherboard

Kim Zetter:


a researcher in Israel has uncovered 40 unknown vulnerabilities, or zero-days, that would allow someone to remotely hack millions of newer Samsung smart TVs, smart watches, and mobile phones already on the market, as well as ones slated for future release, without needing physical access to them. The security holes are in an open-source operating system called Tizen that Samsung has been rolling out in its devices over the last few years.

Samsung has long sought to reduce its reliance on Google and Android to run its Galaxy smartphones and tablets and other devices. It already has Tizen running on some 30m smart TVs, as well as Samsung Gear smartwatches and in some Samsung phones in a limited number of countries like Russia, India and Bangladesh—the company plans to have 10m Tizen phones in the market this year. Samsung also announced earlier this year that Tizen would be the operating system on its new line of smart washing machines and refrigerators too.

But the operating system is riddled with serious security vulnerabilities that make it easy for a hacker to take control of Tizen-powered devices, according to Israeli researcher Amihai Neiderman.

“It may be the worst code I’ve ever seen,” he told Motherboard in advance of a talk about his research that he is scheduled to deliver at Kaspersky Lab’s Security Analyst Summit on the island of St. Maarten on Monday. “Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.”


Including high-level flaws on Samsung’s app store. It’s pretty awful. (Thanks Oliver Thomas for the link.)
link to this extract

Spotify finally readies an IPO…that’s not an IPO • WSJ

Maureen Farrell and Telis Demos:


Music-streaming service Spotify AB is readying an initial public offering that is expected by year-end. The rub is this: It may not really be an IPO.

Spotify is seriously considering a direct listing, in which the company would simply register its shares on a public exchange and let them trade freely, according to people familiar with the matter. The company wouldn’t raise any new money or use underwriters to place new blocks of stock.

That would mark a departure from the typical IPO, in which new investors buy shares from the company or its early investors, or both, the night before they start trading. The initial price is set by underwriters following extensive meetings with potential new investors.

In a direct listing, investors purchase shares in the open market after they are listed. The price is set organically based on supply and demand. Spotify, which has raised more than $1bn in equity, was last valued privately at $8.5bn in June 2015. The Swedish company is targeting a public valuation of more than $10bn, the people said. The 10-year-old company may list its shares on a U.S. exchange as early as September.


You’re wondering why. Here’s why:


the company could avoid the first-day trading pop that characterizes many IPOs shepherded by underwriters. They are good for some investors but also indicate a company left money on the table.


Spotify needs all the money it can get, rather than letting underwriters grab it; and all the babble in the article about “increased volatility” is utterly irrelevant, because once the share is sold by Spotify it has the money. What the share price does after that is someone else’s problem. (OK, partly Spotify’s when it wants to sell more shares in the future. But mostly the new share owner’s.)

Going public like this also gets it out from under the $1bn debt burden it took on last year.
link to this extract

xg – eyes gaze warping 2

Very unsettling. Machine-generated eye movements as you move your cursor; click to change the character – including a $100 bill. Works on mobile. The eye gaze is generated by DeepWarp, which has all sorts of examples. You can imagine this being used very eagerly in films.
link to this extract

How to talk comedy writer •

Andy Riley offers a tour of the phrases that comedy writers use about their work. This is a good way to spend your Friday (and will make watching even moderate comedy shows more entertaining: “oh, there’s the fish business”)”:


Fish Business – a quick set up, so the story hits the ground running. Invented by Laurel & Hardy. They begin Towed in the Hole, 1932, with the line ‘For the first time in our lives we’re a success – nice little fish business, and making money.’ Hollywood seized on this and throughout the 30’s and 40’s producers would throw first drafts across their desks at writers snarling ‘needs better fish business.’ [via Julian Dutton]

Eating The Sandwich – an expression used by Jesse Armstrong and Sam Bain, inspired by a memorably bad scene they read in a script once: a character drugged a sandwich with some sleeping pills and while on the way to deliver it, forgot, took an absent-minded bite, and passed out. Any time a character seems to be directly causing their own problems in a rather contrived way, they’re ‘eating the sandwich.’ More external pressure is needed to make them do something funny.

Gorilla – a plot point or joke which the audience will remember after the show is finished. Any given show would benefit from one of these. Derived (it’s thought) from a theatre piece where a gorilla appeared at a very pleasing point, so everyone went home talking about the gorilla. For writers, it’s worth bearing in mind that some of the greatest gorillas in British sitcom – Brent’s dance, Fawlty thrashing the car, Del falling through the bar and Granddad dropping the wrong chandelier – are primarily visual experiences, not dialogue-based. [via the Dawson Bros, Gareth Edwards and Stephen McCrum]


And many, many more. (Thinks: you could do a show full of comedy writers shouting these things at one another.. 🤔)
link to this extract

Drop it like it’s bot: Brands have cooled on chatbots • Digiday

Shareen Pathak, after Facebook said that it had found only 30% of bot requests could be handled without human intervention, and so it would “refocus” its use of AI:


It’s not surprising that bots are experiencing a backlash. Like branded emoji keyboards before them, there was a gold rush toward the new tech. Taco Bell’s TacoBot let you order from your Slack messenger, Domino’s DOM helped users order from Facebook. At whole Foods, you could chat with the Messenger bot to get a recipe, while HP’s print bot printed things for you, via Facebook Messenger. Brands went to them because they were easy to build from a basic perspective. But while Facebook Messenger seems to be stalling, brands and agencies are starting to get cautious about bots and other doodads on other platforms too.

One sticking point is that bots are opt-in experiences. And for customers to opt into something that requires a new behavior plus a lot of information about them, they want the payoff to be pretty great. Users expect personalized, human-like assistance from bots — and that’s where they fail, at least for now. 

And for sensitive situations that need a human input, bots don’t work.

“I would call it overpromising,” said CP+B executive creative tech director Joe Corr. “Brands that created bots with a structured request or utility like Domino’s or in retail were easy. But bots that tried to break out of the utility and be chatbots became the problem.”

Back in August, VC attention to the space seemed to have exploded. According to data provided by CBInsights, just in July, seven bot-focused startups raised first funding rounds. And CBInsights also made a running list of — as far as they knew — 51 corporate chatbots in travel, retail and insurance. People built them because it sounded cool to add “bot” to everything, said Scheideler. “Made us feel futuristic.”


It made you feel futuristic? I felt the hype over bots was a classic herd mentality example: Amazon, Google, Microsoft and Facebook fell over themselves trying to be the most bot-y without properly considering the use case. (There’s definitely a study to be done on herd mentality in big tech companies.)
link to this extract

The untimely demise of the Chrome OS Lenovo Yoga Book: ‘Pbody’ is dead • Chrome Unboxed

Gabriel Brangers:


From the outside looking in, it’s hard to see any real reason from a development standpoint why ‘Pbody’ was abandoned. From a marketing position, however, the demise of the Chrome OS Yoga Book might be a little easier to understand. The Windows and Android versions of the Yoga Book were met with very critical reviews and as a result its popularity has waned in the wake of other devices offering a more practical computing experience.

Not to mention the Chrome OS version was to house a Skylake chip making it more high-end than its counterparts. Possibly, Lenovo decided the profitability just isn’t there, yet. I think Engadget hit the nail on the head here. [Its review said “Still, none of these writing features make up for the terrible typing experience. Although it scores points for novelty, the Yoga Book is too unreliable to be a true productivity machine.”]

The Yoga Book is a novelty and until the gimmick acquires the functionality it needs maybe we’re better off waiting for the Yoga Book Chromebook. Even I will admit, typing on a haptic feedback keyboard during my daily tasks sounds horrid. Still, I really want this device to become a reality.


Lenovo hasn’t announced this officially; it was deduced from comments in the Chromium Repository about “Pbody”, the company’s codename for the Yoga Book. It’s possible the Windows version will still go ahead – but I wouldn’t hold your breath. I didn’t find the Yoga Book convincing when I tried it last September.
link to this extract

Google says its ultra-fast AI chips crush the competition • SiliconANGLE

Maria Deutscher:


Members of Google’s hardware team released a paper today that claims the system beats central processing units and graphics processing unit in its weight class on several key fronts. One of them is power consumption, which is a major economic factor for a company that operates as much hardware as the search giant does. Its engineers highlight that the Tensor Processing Unit, as the chip is called, can provide 30 to 80 times more horsepower per watt than a comparable Intel Corp. Haswell CPU or Nvidia Inc.’s Tesla K80 GPU.

Google’s TSU leads in overall speed as well. Internal tests have shown that the chip can consistently provide 15 to 30 times better performance than commercial alternatives when handling AI workloads. One of the models that Google used during the trials, which the paper refers to only as CNN1, ran 70 times faster.

The company’s engineers have managed to pack all this horsepower into a chip that is smaller than Nvidia’s K80. It’s housed on a board configured to fit into the hard drive slots on the likewise custom-made server racks that Google employs in its data centers. According to the search giant, more than 100 internal teams are using TSUs to power support Street View and the voice recognition features of other key services.


Perhaps one wouldn’t expect Google to release a paper saying its home-grown chip was an utter dog. When you read the actual paper, turns out the reason why this is so efficient is that it doesn’t have many of the optimisations for throughput; Google has optimised for response time. Think of a small high-pressure hose rather than a water main.
link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.