Start Up: Google I/O, no Panic over code, America’s pill mill, who’ll pay to fix bugs?, and more

Imagine you wanted to hack into the systems at, oh, a golf course, or hotel, where famous people go. It’s not so hard. Photo by ManuelFdo on Flickr.

You can now sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.

A selection of 11 links for you. Use them wisely. I’m @charlesarthur on Twitter. Observations and links welcome.

The case of the stolen source code • Panic Blog

Steven Frank had his Mac compromised (yes! It can happen!) by a malware-infected version of video-encoding app Handbrake. They grabbed his credentials and accessed the Panic github and stole the source code – and then demanded a ransom. Company meeting!


Someone has a bunch of our source code. But does it really matter? There are essentially three “worst case” scenarios we considered with our source being out there in somebody’s hands:

• They build free, cracked version of our apps
• Guess what — those already exist. You can already pirate our software if you want to pirate our software — but please don’t — so this doesn’t really change anything in that regard. Also, whatever “free” version of our apps that would come from this person are virtually guaranteed to be infected with malware.

• They create malware-infected builds of our apps
This seems likely. Given the person’s entire MO was to infect a well-used Mac app with malware, it seems inevitable. But we will find them, and working directly with Apple, shut them down. To minimize your risk, never download a copy of one our apps from a source that is not us or the Mac App Store. We are going to be hyper-vigilant about the authenticity of downloads on our servers.

• A competitor obtains this source to attempt to use it to their advantage in some way.
The many Mac developers we’ve met over the years are fine, upstanding people. I can’t imagine any of them being this unethical, or even being willing to take the risk of us finding fingerprints of our code in theirs. And let’s not forget that — you guessed it — there’s a good chance any stolen source could have malware slipped into it.

Also, one important thought gave us some comfort: with every day that passes, that stolen source code is more and more out-of-date.


Ransoms increasingly don’t work.
link to this extract

Google I/O 2017: Everything important that Google announced today • Recode

Tess Townsend did the roundup; this seems the most relevant to me:


• Google is working with partners to launch standalone VR headsets. That means everything for a VR experience will be built into the headset itself — no phone or PC required. The headsets, running Google’s Daydream platform and made by HTC and Lenovo, are slated to ship later this year.

• Google for Jobs. Google is taking on LinkedIn with job listings in its main search product. If you search for “retail jobs,” for example, Google will know where you’re searching from and show jobs in your area.

• Apps and transactions on Assistant. Developers can now build apps or “actions” that run on Google Assistant on Android and iOS. Already, developers have been able to build actions for Assistant on the Home device. Developers will also be able to build transaction features for Assistant, which will soon be available on phones with Assistant.

• Android Go. Google is launching an initiative called Android Go to better tailor Android to low-connectivity devices. Starting with the release of Android O, the latest version Android not yet released publicly, devices with 1 gigabyte or less memory will receive versions of apps like YouTube and Chrome that use less memory. The software is also supposed to have features tailored for users who speak multiple languages.

• Indoor mapping. Google is introducing something called visual positioning service, or VPS, that will allow you to map indoor locations using its Tango AR platform. An example of what VPS can do is tell a user the exact location of a product in a store.


“Google for jobs” is an attack on LinkedIn, and pretty much every job site. If you’re a job site, you might want to watch your search ranking and read up on “how to file an antitrust complaint”, though don’t expect the US DoJ to take any notice; you’ll have to file it in Europe.
link to this extract

Remembering Google I/O 2016 • BirchTree

Matt Birchler with a useful reminder, as I/O 2017 rolls around, of all that stuff which got floated last year: how much has come to pass?


Google’s I/O conference last year was big on flash, but little in substance that will actually move users away from iOS. Google Assistant has proven to be a big win for the company, as it has asserted itself as the best voice assistant out there for a lot of things. Google Home, which I don’t own yet, is a strong competitor to the Amazon Echo which has been gaining popularity.

But beyond the Assistant-related announcements, everything else was a bit of a letdown. Wear 2.0 was delayed and received a lukewarm reception from users. Nougat is just now hitting 7% of devices, and even then I’ve heard from multiple people that it’s not an update I should be bothered my devices aren’t all getting. And Android Instant Apps are a cool idea that has not taken off at all. I actually forgot Instant Apps were a thing until I read rundowns of last years show today. I use Android everyday and I read multiple Android sites and listen to a few podcasts about it as well. Instant Apps are just not a thing. People complain about the Touch Bar on the new MacBook Pros, but at least they say something about it.


As he points out, having Google Assistant available for iOS this week puts it well ahead of availability on Android devices.
link to this extract

Quitting the Silicon Valley swamp • Pando

Paul Carr, who is giving up writing about technology after many years:


Today, tech awfulness is everyone’s beat. “It must feel good to be right!”, readers frequently joke via email about Uber or Wikileaks or Facebook or holacracy or Thiel or Kalanick or Whestone or any one of a dozen other organizations and people I’ve covered, as if a hypochondriac would be thrilled to have his worst diagnostic fears confirmed.

But no. The fact that spotting tech toxicity has become my “thing” is exactly the problem. Another lesson I learned a long time ago: When something toxic comes to define you, it’s time to stop.

Moreover, I never really planned to be a tech writer. That happened by accident when I was still at university and a one-off column for the Guardian accidentally became the start of a career.


I wasn’t the person who recruited him for that column, though I did recruit him back for a while. Then he headed off to Techcrunch and, well, things developed.
link to this extract

Any half-decent hacker could break into Mar-a-Lago. We tested it • Gizmodo

Jeff Larson, Surya Mattu, and Julia Angwin, in a joint effort with ProPublica:


Two weeks ago, on a sparkling spring morning, we went trawling along Florida’s coastal waterway. But not for fish.

We parked a 17-foot motor boat in a lagoon about 800 feet from the back lawn of the Mar-a-Lago Club in Palm Beach, and pointed a two-foot wireless antenna that resembled a potato gun toward the club. Within a minute, we spotted three weakly encrypted Wi-Fi networks. We could have hacked them in less than five minutes, but we refrained.

A few days later, we drove through the grounds of the Trump National Golf Club in Bedminster, N.J., with the same antenna and aimed it at the clubhouse. We identified two open Wi-Fi networks that anyone could join without a password. We resisted the temptation.

We also visited two of President Donald Trump’s other family-run retreats, the Trump International Hotel in Washington, D.C., and a golf club in Sterling, Va. Our inspections found weak and open Wi-Fi networks, wireless printers without passwords, servers with outdated and vulnerable software, and unencrypted login pages to back-end databases containing sensitive information.

The risks posed by the lax security, experts say, go well beyond simple digital snooping. Sophisticated attackers could take advantage of vulnerabilities in the Wi-Fi networks to take over devices like computers or smart phones and use them to record conversations involving anyone on the premises.


They were very careful not to break in to any of the systems. But they also make it very clear that anyone with enough experience could – and might already have.
link to this extract

‘The pill mill of America’: where drugs mean there are no good choices, only less awful ones • The Guardian

Chris Arnade:


Portsmouth, Ohio, once known for making things (steel, shoes, bricks), is now known for drugs, and labeled by some as the “pill mill of America”. The city peaked at 40,000 people in 1940, and as it emptied of factories and jobs – some made obsolete, some moved away – it also emptied of people and hope.

Now it is a town half the size, filled with despair and filling with drugs.

On my first night in town, a beat-up car parks next to me, positioned in the darkness cast by my van. The passenger, a middle-aged woman, injects the driver in the neck. He stays still, head tilted to expose a vein, as she works the needle in, while two young boys play in the back seat.

Done, they pull away as I try to fool myself into thinking I didn’t see what I saw.

For six days in Portsmouth, over three trips, I keep trying to fool myself. Eventually, I am unable to just watch and listen.


Arnade toured middle America while the election was on last year; he reported from the front line of despair and joblessness, and saw the Trump phenomenon on the rise. The problem is, there’s nothing on offer that’s going to make life there change.

It’s a remarkable piece, though. Do read it.
link to this extract

How Google’s band of hardware pirates has re-invented itself after its legendary leader jumped ship • Business Insider

Steve Kovach:


When Google holds its 3-day annual developers’ conference in Mountain View, Calif this week, the ATAP [Advanced Technologies and Products] group will not have its own session, according to the official schedule, unlike during the previous two years.

The stark difference in personalities at the top has changed the face of ATAP. Many saw Dugan, who left to create a similar group at arch-rival Facebook, as the heart of ATAP’s culture. And with her gone, there has been a notable change in style.

[Regina] Dugan [the original leader, who left for Facebook] relished in publicly unveiling jaw-dropping new projects, as she did during a keynote for Facebook a few weeks ago when she showcased projects to let people type with their brains or “hear” with their skin.

Osterloh, by contrast, has taken the opposite approach, eschewing flashy public demonstrations of prototypes. The new ATAP leadership has decided to keep projects under wraps until they’re almost fully baked, if they reveal them at all.


link to this extract

Who pays? • SMBlog

Steve Bellovin on the question of who should pay for the updates to ageing software:


Historically, the software industry has never supported releases indefinitely. That made sense back when mainframes walked the earth; it’s a lot less clear today when software controls everything from cars to light bulbs. In addition, while Microsoft, Google, and Apple are rich and can afford the costs, small developers may not be able to. For that matter, they may not still be in business, or may not be findable.

If software companies can’t pay, perhaps patching should be funded through general tax revenues. The cost is, as noted, society-wide; why shouldn’t society pay for it? As a perhaps more palatable alternative, perhaps costs to patch old software should be covered by something like the EPA Superfund for cleaning up toxic waste sites. But who should fund the software superfund? Is there a good analog to the potential polluters pay principle? A tax on software? On computers or IoT devices? It’s worth noting that it isn’t easy to simply say “so-and-so will pay for fixes”. Coming up to speed on a code base is neither quick nor easy, and companies would have to deposit with an escrow agent not just complete source and documentation trees but also a complete build environment—compiling a complex software product takes a great deal of infrastructure.

We could oursource the problem, of course: make software companies liable for security problems for some number of years after shipment; that term could vary for different classes of software. Today, software is generally licensed with provisions that absolve the vendor of all liability. That would have to change. Some companies would buy insurance; others would self-insure. Either way, we’re letting the market set the cost, including the cost of keeping a build environment around. The subject of software liability is complex and I won’t try to summarize it here; let it suffice to say that it’s not a simple solution nor one without significant side-effects, including on innovation. And we still have to cope with the vanished vendor problem.


link to this extract

Amazon upgrades low-cost Fire tablets, expands kids options, aiming for bigger piece of market • GeekWire

Todd Bishop:


Amazon is refreshing its budget tablets — upgrading the hardware for its $50 Fire 7 tablet, dropping the price of its Fire HD 8 by $10 to $80, and expanding its lineup of kids tablets with a new $130 Fire HD 8 Kids Edition tablet.

The company is aiming to grab a larger share of what has been a declining tablet market. The industry saw a 10% drop in shipments in the first quarter. Amazon was able to grow its market share slightly to about 6% in the quarter, compared with the same period a year earlier. Apple’s iPad still leads the market, followed by Samsung’s Galaxy Tab devices.

Amazon says the Fire 7 is its best-selling tablet. The new version is thinner and lighter with a higher-contrast screen and up to 8 hours of mixed-use battery life, and improved WiFi connectivity. Both the Fire 7 and the Fire HD 8 come with Amazon’s Alexa voice assistant.


Note the presence of Alexa. One can imagine a time not so far off when the only significant players in (slate) tablets are Apple, Samsung and Amazon. That’s pretty much true now apart from Huawei being ahead of Amazon, which is closely followed by Lenovo, which loses money on every Android slate it sells.
link to this extract

60% of Tablet Users Sharing their Device – GlobalWebIndex Blog

Felim McGrath:


As we reported last week, tablet ownership rates are falling but as today’s Chart shows, those digital consumers who are using tablets are often sharing them with one or more people.

In fact, it’s 60% of this group who share their tablet with at least one other person. And considering 4 in 10 are sharing with 2 or more other users (rising to half among parents), it’s clear that consumers view these tablets as household devices, more akin to TVs or desktop PCs than smartphones.

The ‘secondary’ nature of these devices is confirmed by our research into device importance, with only 8% of tablet users saying their tablet is their most important device for getting online. In contrast, over half say their most important device is their smartphone.


OK, we get it – tablets are for all the family.
link to this extract

I’m just a girl, standing in front of a high-street shop, asking it to dress her • The Pool

Sali Hughes:


Dear British high-street retailers,

I am a 42-year-old woman with an upcoming awards ceremony, three weddings (one my own), several important work engagements, a holiday in the unreliable British climate and some pottering about, doing bugger all. I have spent weeks browsing your wares, both online and in your bricks-and-mortar stores. My question for you is this: where, in the past five years, have all the clothes gone?

Let’s begin with sleeves, for these cast a shadow over my entire shopping experience. Despite your apparent belief that my life is one long high-school prom, I would always like to cover my arms, at least to just beyond the elbow. I would not like capped sleeves to highlight the fact that I’ve lifted one kettlebell in my life, nor a bandeau top that precludes me from wearing a bra. I don’t want to pick up any more nice-seeming dresses, only to find the entire back of it missing. I am literally always going to be wearing a sturdy underwire, whatever strip of wide elastic you so optimistically sew in to replace it.


Is this technology? Nah, not really. Except it is about product-market fit (quite literally), and shows some of the assumptions that tech people slide past too quickly when talking about stuff such as Amazon Look: will people – particularly women, who vary much more in shape than men – go for it?
link to this extract

Errata, corrigenda and ai no corrida: none notified

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.