Start Up: Fitbit’s slow watch, the real airline scandal, Ikea goes IoT, killing Kelihos, and more

California generated more than half its energy from renewables during a day in March. Bad news for coal miners? Photo by mypubliclands on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 13 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

Fitbit’s new smartwatch has been plagued by production mishaps • Yahoo News

JP Mangalindan:


Fitbit’s first “proper” smartwatch and first-ever pair of bluetooth headphones are due out this fall after a series of production mishaps delayed the project, Yahoo Finance has learned.

The fitness tracker company’s smartwatch project has been a troubled one. Production problems have forced Fitbit to push an original spring launch to this fall, according to two sources familiar with the matter.

“In one of the more final prototypes, the GPS wasn’t working because the antennae wasn’t in the right place,” one of those sources told Yahoo Finance. “They had to go back to the drawing board to redesign the product so the GPS got a strong signal.”

Fitbit’s design team also ran into problems making its smartwatch fully waterproof, even though that’s a key design element for the Apple Watch Series 2. Indeed, it’s still unclear as of the publication of this article whether the device will launch with the waterproof feature. If it isn’t waterproof, critics may perceive it to be an inferior product to Apple’s — especially given that the device will launch roughly a year after the Apple Watch Series 2.

“Regardless of whether Fitbit manages to make it waterproof, I think they have to release the watch later this year,” one of our sources familiar with the matter told Yahoo Finance. “It’s literally sink or swim time for them.”


This is Fitbit which, don’t forget, acquired successful smartwatch maker Pebble back in December for $23m.
link to this extract

Autonomous trucking overlooks skilled labor need • Supply Chain 24/7

Joseph Kane and Adie Turner:


Unsurprisingly, analysts expect automated trucks to proliferate in the next five to ten years, leading to significant job losses in the process.

The only problem? The numbers do not clearly back up the predictions.

In addition to the numerous regulatory and logistical hurdles that automated trucks still need to clear, generalizing the skilled work undertaken by millions of truck drivers and their peers overlooks how this industry functions.

In many ways, the current national conversation on the trucking industry tends to overemphasize the technology and oversimplify the complex set of labor concerns, where many jobs are not likely to disappear anytime soon.

Similar to most infrastructure jobs, truck drivers depend on a wide range of skills to carry out their jobs every day. Just as there are different types of doctors, there are different types of truck drivers – from heavy and tractor-trailer truck drivers who focus on long-haul journeys to delivery truck drivers who carry lighter loads and navigate local streets.

Read APICS Blog: Truck Drivers (Still) Wanted

Not surprisingly, many of these drivers are not simply sitting behind the wheel all day on auto drive. They also inspect their freight loads, fix equipment, make deliveries, and perform other non-routinized tasks.

Standardized data verify this non-routinized conception of truck-driving. The Department of Labor’s O*NET database shows how truck drivers have a lower “degree of automation” compared to most occupations nationally.

On a scale of 0 (not at all automated) to 100 (completely automated), O*NET surveys workers across all types of occupations, where those with simpler, repeated tasks are often better suited for automated technologies, such as telephone operators and travel agents.

The average degree of automation, however, remains quite low (29.6) for all occupations, and heavy and tractor-trailer truck drivers (22) and delivery drivers (24) rate even lower than that. Significantly, they also rate lower than some of the country’s other largest occupations, including office clerks (32), cashiers (37), and receptionists (47).


Expect counternarratives like this to become increasingly common as we really begin to examine what machine learning systems can and can’t do. Rather like the last mile problem, it’s the small but essential things humans do that makes them indispensable.
link to this extract

The real scandal of that brutal United video • The Atlantic

Derek Thompson:


although this incident was unusual in many respects, it was also representative of an airline industry that has considerable power over consumers—even if the use of force is more subtle than a group of security professionals wrestling a passenger to the floor.

For example, many people have pointed out that United might have avoided the entire fiasco by simply offering the passengers more money to leave the plane. By law, compensation for passengers is capped at $1,350, which means that United technically could have raised its offer by more than 50% before removing people against their will. But it’s absurd that airlines’ capacity to compensate passengers is bounded by the law in the first place. Indeed, there’s a good case to remove the cap entirely. If airlines are legally permitted to overbook—that is, to sell consumers a service that they will not fulfill—they ought to pay market price to compensate people for the unfulfilled promise.

Domestic airlines are now enjoying record profits, having flown more passengers each year since 2010. This is in part because the airline industry is sheltered from both antitrust regulation and litigation. Four carriers—United, Delta, American, and Southwest—earn more than $20 billion in profits annually and own 80% of seats on domestic flights. Along with cable companies, airlines are the top-of-mind paragon for industries that seem to get worse for consumers as they become more heavily concentrated. Indeed, when fuel prices fell last year, as The Atlantic’s Joe Pinsker (who edited this story and who has a relative who works at United) has written, airlines spent the savings on stock buybacks rather than pass them to consumers.


The US is so proud of its capitalistic economy, yet can’t see how often it suffers either from regulatory capture or total lack of regulation – because its political class relies on donations to get elected. Who contributes? Companies. So whose interests do the political class serve? The people who got them elected – that is, the people in the companies.
link to this extract

Apple may ditch Dialog, analyst says, hitting chipmaker’s shares • Reuters

Eric Auchard and Harro Ten Wolde:


Dialog Semiconductor risks losing a crucial supply deal with Apple, according to a financial analyst who cut his rating on the stock on Tuesday, sending the Anglo-German chipmaker’s shares down by as much as one-third.

Bankhaus Lampe reduced its rating on Dialog to “sell” from “hold” as it argued that Apple was working on its own battery-saving chip for the iPhone that could replace Dialog’s power management integrated circuits (PMIC) as early as 2019.

Apple accounted for more than 70% of Dialog’s 2016 sales, analysts estimate. The German company says it is the world’s top maker of power management chips used in smartphones with roughly 20% of the market.


After Imagination Technologies, everyone’s wondering who’s next.
link to this extract

Solar breaks 50% of California electricity for first time – driving wholesale rates negative • Electrek

John Fitzgerald Weaver:


Recently we saw California solar + wind hit a record high at 49.2%, with all renewable energy above 56%.


In March, during the hours of 8:00 a.m. to 2:00 p.m., system average hourly prices were frequently at or below $0 per megawatthour (MWh). In contrast, average hourly prices in March 2013–15 during this time of day ranged from $14/MWh to $45/MWh.


This type of event has happened in other places – Germany gets the headlines often. It is expected that there will be so much solar power this spring and summer (plus large amounts of hydroelectric power) that curtailment will need to occur on solar assets.

On March 11th, the California power grid broke 50% solar power for the first time – when considering ALL sources of solar power in the state:


Additional generation from customer-sited solar generators installed in California (such as those on residential and commercial rooftops) further adds to the total solar share of mid-day electricity generation. As of December 2016, utilities in CAISO reported 5.4 gigawatts (GW) of net-metered distributed solar capacity. EIA estimates that this capacity would have generated approximately 4 million kilowatthours (kWh) during the peak solar hours on March 11. This level of electricity reduced the metered demand on the grid by about the same amount, suggesting that the total solar share of gross demand probably exceeded 50% during the mid-day hours.


Per the EIA, there are multiple reasons why March is the season most probable for negative wholesale rates, including one unique to this year – heavy amounts of hydroelectric power due to flooding this winter. The other major reason is that spring and fall are low demand seasons due to the temperate climate not needing as much heating or cooling.


Well this isn’t going to go down well with all the coal miners.
link to this extract

A quick look at the Ikea Trådfri IoT lighting platform • mjg59

Matthew Garrett on Ikea’s smart lighting offer:


When you start the app for the first time it prompts you to scan a QR code that’s just a machine-readable version of that key. The Android app has code for using the insecure COAP port rather than the encrypted one, but the device doesn’t respond to queries there so it’s presumably disabled in release builds. It’s also local only, with no cloud support. You can program timers, but they run on the device. The only other service it seems to run is an mdns responder, which responds to the _coap._udp.local query to allow for discovery.

From a security perspective, this is pretty close to ideal. Having no remote APIs means that security is limited to what’s exposed locally. The local traffic is all encrypted. You can only authenticate with the device if you have physical access to read the (decently long) key off the bottom. I haven’t checked whether the DTLS server is actually well-implemented, but it doesn’t seem to respond unless you authenticate first which probably covers off a lot of potential risks. The SoC has wireless support, but it seems to be disabled – there’s no antenna on board and no mechanism for configuring it.

However, there’s one minor issue. On boot the device grabs the current time from (fine) but also hits . That file contains a bunch of links to firmware updates, all of which are also downloaded over http (and not https). The firmware images themselves appear to be signed, but downloading untrusted objects and then parsing them isn’t ideal. Realistically, this is only a problem if someone already has enough control over your network to mess with your DNS, and being wired-only makes this pretty unlikely.


Ikea, the unlikely winner of the “not bad IoT” award.
link to this extract

Official: Russia knew Syrian chemical attack was coming • Associated Press

Robert Burns and Lolita Baldor:


The United States has made a preliminary conclusion that Russia knew in advance of Syria’s chemical weapons attack last week, but has no proof of Moscow’s involvement, a senior U.S. official said Monday.

The official said that a drone operated by Russians was flying over a hospital as victims of the attack were rushing to get treatment. Hours after the drone left, a Russian-made fighter jet bombed the hospital in what American officials believe was an attempt to cover up the usage of chemical weapons.

The U.S. official said the presence of the surveillance drone over the hospital couldn’t have been a coincidence, and that Russia must have known the chemical weapons attack was coming and that victims were seeking treatment.

The official, who wasn’t authorized to speak publicly on intelligence matters and demanded anonymity, didn’t give precise timing for when the drone was in the area, where more than 80 people were killed. The official also didn’t provide details for the military and intelligence information that form the basis of what the Pentagon now believes.


Syrian jets followed by Russian jets feels like more than coincidence. One could spin up a story of explanation, but Russia looks more and more guilty. Journalists for western publications have been to the town and returned, which means that it can’t be under Isis control.
link to this extract

LeEco is said to miss US sales forecasts, plan more job cuts • Bloomberg

Selina Wang:


The company entered the North American market in October with a splashy event in San Francisco, where it showed off an array of products, including ultra high-definition televisions, phones, virtual reality goggles and electric bikes. Yet LeEco generated U.S. revenue of less than $15m last year after that October debut, compared with an original goal of $100m, according to the person.

The company so far is only selling TVs, smartphones and some accessories in the US. The US unit is also making plans to eliminate about 175 jobs, which would shrink its staff in the country to about 300 people, said the person, who asked not to be named because the financial details aren’t public.

LeEco declined to comment on the planned job cuts and revenue miss.

On Monday, the company said it was abandoning its plan to acquire U.S. TV maker Vizio Inc. for $2bn, citing regulatory hurdles. The collapse of the deal, which was meant to give LeEco a beachhead to build its brand with American customers, sets LeEco even further back in the US.


Did anyone there really believe they could do $100m of business in three months? That’s crazy. Now though it’s clearly stick-a-fork-in-its-American-ambitions time.
link to this extract

Our focus on pay equity • Google Official blog

Eileen Naughton is vice-president of “people operations”:


each year, we suggest an amount for every employee’s new compensation (consisting of base salary, bonus and equity) based on role, job level, job location as well as current and recent performance ratings.  This suggested amount is “blind” to gender; the analysts who calculate the suggested amounts do not have access to employees’ gender data. An employee’s manager has limited discretion to adjust the suggested amount, providing they cite a legitimate adjustment rationale.

Our pay equity model then looks at employees in the same job categories, and analyzes their compensation to confirm that the adjusted amount shows no statistically significant differences between men’s and women’s compensation.

In late 2016, we performed our most recent analysis across 52 different, major job categories, and found no gender pay gap. Nevertheless, if individual employees are concerned, or think there are unique factors at play, or want a more individualized assessment, we dive deeper and make any appropriate corrections.

Our analysis gives us confidence that there is no gender pay gap at Google.  In fact, we recently expanded the analysis to cover race in the US.


That’s cute, but the US Department of Labor isn’t asking for your pay model, Eileen. It’s asking for your pay data.
link to this extract

DOJ moves to topple Kelihos, one of the world’s largest botnets

Patrick Howell O’Neill:


[Peter Yuryevich] Levashov was first indicted over a decade ago by U.S. authorities on charges of email and wire fraud for allegedly using spam to promote profitable pump-and-dump penny stock schemes.

He was charged again in 2009 for allegedly operating the Storm botnet, another spam behemoth and a predecessor to Kelihos.

This week’s arrest was made possible because the FBI learned just last month that Levashov was going to leave his home in Russia, a country without extradition to the United States, to spend several weeks in Spain. The details about how the FBI came into that information remain unknown.

Levashov was connected to Kelihos by the FBI by connecting IP addresses used to operate the botnet that was also used by email and other online accounts under the name of Pete Levashov, a web programmer in Russia.

Levashov regularly used the same addresses to commit crime. To connect the dots, the FBI obtained Levashov’s records from companies including Google, Apple, WebMonkey and Foursquare.


Opsec (operational security) is hard. But you’d think someone who had a decade of being on the wrong side of the law might have remembered that. He was arrested in Spain, where he was on holiday. There’s all the documentation you could ever want at the US Justice Department site.

link to this extract

Tilted device could pinpoint pin number for hackers, study claims • The Guardian

Alex Hern on a study from Newcastle University which used the gyro information to intuit your PIN:


Websites need to ask permission from users to access sensitive information, such as location data, or to access sensors such as the cameras or microphones on a device. But some information, such as the orientation of the device or the size of its screen, is considered non-sensitive and generally shared with any site that asks for it to enable interactivity and responsive webpages.

Thankfully, to train the system to enough precision to be able to guess even a simple four-digit pin (and most smartphones require a six-digit, or longer, password), the researchers required a lot of data from users: each had to type 50 known pin numbers in, five times over, before it learned enough about how they hold their phones to guess a hidden pin with 70% accuracy.

But with no uniform way of managing sensors across the industry, when research such as [Dr Maryam] Mehrnezhad’s shows flaws, it can be difficult for manufacturers to give a coordinated response.

“Despite the very real risks, when we asked people which sensors they were most concerned about we found a direct correlation between perceived risk and understanding,” she said. “So people were far more concerned about the camera and GPS than they were about the silent sensors.”


Filed under “probably not worth worrying about, but might keep relying on fingerprint unlock”.
link to this extract

Culprit broadcast signal that triggered Dallas’ emergency sirens Friday night • Dallas News

Robert SWilonsky:


City officials don’t know who triggered Dallas’ outdoor warning sirens late Friday, but they do know how it was done — by broadcasting a few tones, via either radio or telephone signal. In other words, there was no computer hack.

“It’s a radio system, not a computer issue,” Dallas City Manager T.C. Broadnax said Monday morning.
The city’s outdoor warning sirens had to be manually shut down and turned back on late Sunday, with “immediate fixes” intended to prevent the type of incident that woke up — and shook up — much of the city Friday night, according to Broadnax.

“As we brought the system back up, some encryption was added as part of our process to prevent this type of error from occurring going forward,” he said.

City officials said late Monday that the system was purchased a decade ago and that encryption was not part of the original deal with the vendor for one simple reason: No one at City Hall knew something like this was possible.


OK, so it’s not a hack, it’s a phrack (phone hack) or even rack (radio hack, if that’s even a thing). Even so: now you realise you have a flaw, and only found out the hard way.
link to this extract

Stuck Pixel: how Google is dropping the ball with its “consumer” phone strategy (opinion) • Android Police

Trevor Newman:


At Apple, the customer – the revenue generator – is you and me, the consumer. Though many of their decisions may be viewed as anti-consumer (e.g. the #donglelife), much can be said about their comparatively strong customer service as well as the fact that a part of the “Apple Tax” for their products goes toward the maintenance of brick and mortar facilities to which you can bring a broken device and receive a repair or replacement on the spot.

On the other hand we have Google, and Google has customers, too. But those customers are neither you nor me. Google’s lifeblood is advertising, and the essential nutrient for ads is data – our data. We the consumers are not Google’s customers. Rather, we are batteries that power Google’s cash advertising engine. While this information is probably not new to most of you, nor is it to me, it helps to explain why Google can’t successfully sell a product to save its life (which, at the moment, it has no need to do).

Google’s inability to make a successful play in the consumer space is no more apparent than with the Pixel. Google’s first attempt at a “true” Google Phone (R.I.P Nexus) has been a success, but one with reservations. The Pixel is a solid phone. So is the OnePlus 3T. Sure the OP3T lacks the Pixel’s camera, but it is otherwise decent and happens to cost $400 less than a comparable Pixel XL – and is generally available for purchase, which the Pixel most certainly is not. Let’s also just pause for a minute to acknowledge the tone-deaf hubris of charging $30 for a poorly-made clear plastic case. Sure Apple charges Pixel prices, but if my iPhone is defective I can go to an Apple Store, get a replacement on the spot, and have some peace of mind that the extra expense went to maintaining this store and the general customer service model. With Google, the extra cost goes to the bottom line and maybe a month-long replacement process of ‘ship and pray’ with buggy refurbished replacements and full-price holds on my credit card.


I’m not sure that “Apple charges Pixel prices”. It’s vice-versa, and as Newman points out, you don’t get the same customer service. (Or, indeed, availability, so far.)
link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.