Things are different at White House press briefings nowadays. Photo by DonkeyHotey at Flickr
You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 11 links for you. Can you keep a secret? I’m @charlesarthur on Twitter. Observations and links welcome.
Is Trump trolling the White House press corps? • The New Yorker
Andrew Marantz with a masterful, in-depth piece about the useless “journalists” who have been added to the accredited group by the incoming administration, essentially in order to dilute the media’s effectiveness. This was on a day when anonymous sources were suggesting Flynn might be fired:
In Trump’s first two bilateral press conferences, he gave one question to Reuters and three questions to right-leaning outlets owned by Rupert Murdoch: Fox News, Fox Business, and the New York Post. “Let’s see who he calls on today,” one correspondent said. “National Enquirer, maybe? Whoever it is, they’d better fucking ask about Flynn.”
After Trump and Trudeau made brief remarks, Trump’s first question went to Scott Thuman, of the Sinclair Broadcast Group, which owns dozens of TV news affiliates across the country. According to Politico, Trump’s son-in-law, Jared Kushner, had struck a deal with Sinclair during the campaign: in exchange for increased access to Trump, Sinclair agreed to air footage of the candidate uninterrupted by commentary. (Sinclair denied this.) Thuman asked about the relationship between Trump and Trudeau, given their “philosophical differences.”
Trump’s second question went to Kaitlan Collins, a twenty-four-year-old reporter with the conservative Web site the Daily Caller. This was the press corps’s last chance to ask about Flynn. Several reporters craned their necks to get a look at Collins. “President Trump,” she began, “now that you’ve been in office and received intelligence briefings for nearly one month, what do you see as the most important national-security matters facing us?”
Many of the reporters were unable to mask their displeasure in person; on Twitter, the reactions were even stronger.
Also, don’t miss the way that a can of tuna stands in for a loaded revolver in a Chekhov play. It’s a long piece, but enormously rewarding.
link to this extract
How Trump gets his fake news • Politico
While the information stream to past commanders in chief has been tightly monitored, Trump prefers an open Oval Office with a free flow of ideas and inputs from both official and unofficial channels. And he often does not differentiate between the two. Aides sometimes slip him stories to press their advantage on policy; other times they do so to gain an edge in the seemingly endless Game of Thrones inside the West Wing.
The consequences can be tremendous, according to a half-dozen White House officials and others with direct interactions with the president. A news story tucked into Trump’s hands at the right moment can torpedo an appointment or redirect the president’s entire agenda. Current and former Trump officials say Trump can react volcanically to negative press clips, especially those with damaging leaks, becoming engrossed in finding out where they originated.
That is what happened in late February when someone mischievously gave the president a printed copy of an article from GotNews.com, the website of internet provocateur Charles C. Johnson, which accused deputy chief of staff Katie Walsh of being “the source behind a bunch of leaks” in the White House.
No matter that Johnson had been permanently banned from Twitter for harassment or that he offered no concrete evidence or that he had lobbed false accusations in the past and recanted them. Trump read the article and began asking staff about Walsh. Johnson told POLITICO that he tracks the IP addresses of visitors to his website and added: “I can tell you unequivocally that the story was shared all around the White House.”
It gets worse. Honestly. The Washington Post also reports that Trump told the Russian ambassador (who, let’s note, isn’t a security individual) details about the Islamic State laptop threat which could compromise sources. Just amazing.
link to this extract
Uber allowed to continue self-driving car project but must return files to Waymo • The Guardian
A judge has granted a partial reprieve to Uber in its high-profile intellectual property lawsuit with Google’s self-driving car operation, allowing the ride-hailing company to continue developing its autonomous vehicle technology.
The judge, however, has barred an Uber executive accused of stealing trade secrets from Google spin-off Waymo from continuing to work on self-driving cars’ radar technology, and has ordered Uber to return downloaded documents to Waymo. The judge also said that evidence indicates that Waymo’s intellectual property has “seeped into Uber’s own … development efforts” – suggesting that Uber could face a tough battle as the case moves ahead.
Google’s lawyers were seeking a broader injunction against Uber, which could have significantly impeded the taxi startup’s entire self-driving car program, a move that could have been a fatal setback. The partial victory for Uber follows a judge’s recommendation that federal prosecutors launch a criminal investigation into the accusations that it stole Waymo’s technology.
The case has also been referred to criminal prosecutors on the basis that the code might have been stolen; and Waymo gets to review Uber’s code. Uber is really screwed.
link to this extract
Exclusive: upcoming Apple Watch to include game-changing health features • BGR
It has been rumored that Apple is interested in glucose monitoring, and it appears that the time may now be right. Previous rumors have stated that Apple might only be able to achieve this through a separate device that might complement the watch, however BGR has learned that this might not be accurate.
According to our source, Apple’s sights are now set on the epidemic of diabetes, and the company plans to introduce a game-changing glucose monitoring feature in an upcoming Apple Watch. An estimated 30 million people suffer from diabetes in the US alone, according to the American Diabetes Association, so Apple’s efforts could lead to a historic achievement in the world of health and fitness.
Currently, the only way to properly measure blood sugar levels is by using a blood sample, or by using a device that penetrates the skin. It’s uncomfortable, difficult and painful, and there are not presently any widely available noninvasive methods that are accurate. Apple isn’t stopping at just glucose monitoring, however.
Apple also plans to introduce interchangeable “smart watch bands” that add various functionality to the Apple Watch without added complexity, and without increasing the price of the watch itself. This could also mean that the glucose monitoring feature will be implemented as part of a smart band, rather than being built into the watch hardware.
I could believe smart bands doing the job, if the job can be done.
link to this extract
Who’s behind the ransomware pandemic? One small clue points to North Korea • Forbes
The clue lies in the code. Google security researcher Neel Mehta posted a mysterious tweet linking to two samples of malware: one was WannaCry, the other a creation of a gang of hackers called the Lazarus Group, which has been linked to the catastrophic 2014 hack of Sony and attacks on the SWIFT banking system that resulted in a record $81 million cyber theft from a Bangladeshi bank. Lazarus was also said to be North Korean, according to previous analyses by numerous security firms.
After Mehta’s post, Kaspersky Lab probed the code, as did Proofpoint security researcher Darien Huss and founder of Comae Technologies Matthieu Suiche. All have been actively investigating and defending the web against WannaCry and were intrigued at the possible link to North Korea.
All believe that Mehta’s find could provide a clue as to the possible creators of WannaCry, which has resulted in huge downtime for hospitals in the U.K. and caused downtime in Nissan and Renault car factories, amongst other issues. But, they all note, it could be a false flag purposefully lodged in the code to lead everyone down the wrong path.
Google received 1.6 million NHS patients’ data on an ‘inappropriate legal basis’ • Sky News
Google’s artificial intelligence arm received the personally identifying medical records of 1.6 million patients on an “inappropriate legal basis”, according to the most senior data protection adviser to the NHS.
Sky News has obtained a letter sent to Professor Stephen Powis, the medical director of the Royal Free Hospital in London, which provided the patients’ records to Google DeepMind.
It reveals that the UK’s most respected authority on the protection of NHS patients’ data believes the legal basis for the transfer of information from Royal Free to DeepMind was “inappropriate”.
The development raises fresh concerns about how the NHS handles patients’ data after last week’s cyberattack on hospitals and GP surgeries, which could have been prevented if staff had followed guidance issued a month earlier.
While there are strict legal protections ensuring the confidentiality of patients’ records, under common law patients are “implied” to have consented to their information being shared if it was shared for the purpose of “direct care”.
However, this basis was not valid in the arrangement between Royal Free and DeepMind in the view of Dame Fiona Caldicott, the National Data Guardian at the Department of Health, who has contributed to an investigation into the deal.
This is going to get overlooked. But it shouldn’t.
link to this extract
WannaCry about business models • Stratechery
This comparison [by Microsoft of the EternalBlue exploit to a Tomahawk missile], frankly, is ridiculous, even if you want to stretch and say that the impact of WannaCry on places like hospitals may actually result in physical harm (albeit much less than a weapon of war!).
First, the U.S. government creates Tomahawk missiles, but it is Microsoft that created the bug (even if inadvertently). What the NSA did was discover the bug (and subsequently exploit it), and that difference is critical. Finding bugs is hard work, requiring a lot of money and effort. It’s worth considering why, then, the NSA was willing to do just that, and the answer is right there in the name: national security. And, as we’ve seen through examples like Stuxnet, these exploits can be a powerful weapon.
Here is the fundamental problem: insisting that the NSA hand over exploits immediately is to effectively demand that the NSA not find the bug in the first place. After all, a patched (and thus effectively published) bug isn’t worth nearly as much, both monetarily as ShadowBrokers found out, or militarily, which means the NSA would have no reason to invest the money and effort to find them. To put it another way, the alternative is not that the NSA would have Microsoft about EternalBlue years ago, but that the underlying bug would have remained un-patched for even longer than it was (perhaps to be discovered by other entities like China or Russia; the NSA is not the only organization searching for bugs).
In fact, the real lesson to be learned with regard to the government is not that the NSA should be Microsoft’s QA team, but rather that leaks happen: that is why, as I argued last year in the context of Apple and the FBI, government efforts to weaken security by fiat or the insertion of golden keys (as opposed to discovering pre-existing exploits) are wrong.
(Well, the US government *buys* Tomahawks from Raytheon. But anyway.) Thompson says the real problem is that software licences were single-payment, rather than subscription. Fair point, but the business wasn’t ready for subscription models then.
link to this extract
NHS Trusts ignored patch that would’ve averted malware disaster • Engadget
The ransomware attack that crippled crucial NHS systems across the UK and continues to cause disruption could have easily been contained, according to NHS Digital. The body, which oversees data and IT infrastructure across the NHS, said hospitals and other arms of the service had ample time to upgrade their systems. The ‘WannaCry’ malware variant used a Windows exploit Microsoft patched in mid-March this year. At the end of April, NHS Digital notified staff and “more than 10,000 security and IT professionals,” pointing them to a patch that would “protect their systems.” It seems this advisory fell on some deaf ears, which explains why only certain NHS Trusts were affected.
Over the weekend, NHS Digital also addressed speculation that aging infrastructure was to blame: “While the vast majority [of NHS organisations] are running contemporary systems, we can confirm that the number of devices within the NHS that reportedly use XP has fallen to 4.7%, with this figure continuing to decrease.” Windows XP was put out to pasture in spring 2014, though the UK government did pay for an extra year of support back then. In reaction to the spread of ‘WannaCrypt,’ Microsoft took the “highly unusual step” of issuing a patch for out-of-support systems last Friday.
Reading between the lines, NHS Digital is basically blaming the update apathy of individual Trusts as the reason for the ransomware’s spread.
“Apathy” is probably the wrong word. It’s about priorities.
link to this extract
The iPad mystery • Monday Note
If we extrapolate the iPad evolution — a risky exercise in derivative thinking — we’re led to assume that the iPad Pro will usurp more MacBook functionality. One can imagine a version of iOS that offers multiple resizable windows, more file management features…
Follow this line of thinking and you’re led to a quasi-MacBook that has a detachable keyboard, a touch screen, a Pencil 2.0 with a magnet, a somewhat simpler — but not too simple — user interface… To me, this is an uncomfortable contemplation; it could lead to a Swiss Army knife. Gone would be the respective simplicities of the original iPad and the well-honed MacBook.
Nonetheless, it’s not out of the question. We’ve seen before that Apple execs aren’t troubled by intramural cannibalization: Better to do it oneself than to be eaten by the competition.
What is questionable is the cost advantage for such a device. The Apple-designed Ax processor might cost less than the current Intel hardware in a MacBook, but memory (RAM) size will have to increase in order to support the new, more complex Pro UI. And then you have the added cost of a touch screen and of bundling the keyboard and stylus. A beefier iPad Pro won’t enjoy a sizable cost advantage. (For what it’s worth, today’s entry-level MacBook with 8GB RAM and 256GB of disk storage is priced at $1,249. A 12.9” iPad Pro with 256 GB of storage, a Smart Keyboard and a Pencil will cost… $1247. And they weigh just about the same: 2 lbs.)
Personally I find the 9.7in iPad Pro the perfect tablet: really light, small, but big enough to work on. Add 4G and it’s perfect – more convenient than a laptop. Use Workflow and Pythonista and you can get pretty much anything done.
Question is, what’s missing from it? It’s got Office. What else do most people want?
link to this extract
FTC cracks down on internet tech support scams • Engadget
The Federal Trade Commission isn’t letting up in its quest to rid the world of tech support scammers. Officials have launched a legal campaign, Operation Tech Trap, in a bid to crack down on frauds that rely on a mix of web pop-ups and phone calls to frighten you into paying up. The effort includes four fresh complaints (in Alabama, Colorado, Florida and Ohio), two settlements (in Connecticut and Florida) and charges against seven people — two of which have already pleaded guilty. It’s as much a public show of the FTC’s might as it is a significant bust, but many of the perpetrators were particularly insidious.
In most cases, the scams produce fake alerts that claim your PC is infected or hacked, and urge you to call a toll-free number for help. They sometimes even include a countdown to make it seem like your files will vanish if you don’t act. If you’re spooked enough to call, you promptly talk to telemarketers posing as technicians (usually from Microsoft or Apple) who will insist your system is compromised and offer to either repair or protect your system if you pay hundreds of dollars.
Scammers going to scam.
link to this extract
Sophos waters down ‘NHS is totally protected’ by us boast • The Register
Sophos updated its website over the weekend to water down claims that it was protecting the NHS from cyber-attacks following last week’s catastrophic WannaCrypt outbreak.
Proud website boasts that the “NHS is totally protected with Sophos” became “Sophos understands the security needs of the NHS” after the weekend scrub-up.
Security-watchers, including former staffer Graham Cluley, noticed the reverse ferret.
Sophos didn’t publish a definition update until 1825 BST, hours after an outbreak that forced hospitals to postpone scheduled treatments and appointments in scores of NHS Trusts. Sophos Live Protection functionality, if enabled, could detect WannaCrypt earlier than that.
Signature updates aren’t the only layer of security in modern anti-malware but this only raises further questions about why Sophos’s technology didn’t pick up an attack based on a known exploit patched by Microsoft two months prior.
(“Reverse ferret” is British newspaper lingo for a complete reverse of direction.)
link to this extract
Errata, corrigenda and ai no corrida: a link (ostensibly to The Daily Telegraph) yesterday had a link via a Russian server. I don’t know how this happened; it was a result via DuckDuckGo. I’ve fixed it on the site, but you might want to be wary of clicking it if you received the email.
Tidbits about Trump are always funny-though-scary, but we get the gist by now. Time to go more in-depth, maybe about how the American Dream has broken (increasing inequalities, crumbling public services esp. education, no hope to “make it” via work esp. in the public sector, gerrymandering, racism, healthcare…) and voters do hysterical shit because it’s all they’ve got left ?
I’ll look to do that. Thanks for the feedback.
I don’t know what the source is, but that summary is eye-opening, and it only covers income, not public services (good public school / roads / even drinkable water), health care,…